- \n
- You\u2019ve reviewed Get Started: Mobile Device Trust<\/a> and are familiar with the prerequisites and considerations of 黑料海角91入口 Go for Mobile and Mobile Device Trust. <\/li>\n<\/ul>\n\n\n\n
Considerations<\/strong>: <\/p>\n\n\n\n
- \n
- For mobile devices to complete 黑料海角91入口 Go for Mobile registration and be considered trusted, they must meet the following conditions:\n
- \n
- Devices are enrolled in 黑料海角91入口 Device Management: Apple MDM and\/or Android EMM.<\/li>\n\n\n\n
- 黑料海角91入口 Protect is deployed to devices using Apple VPP and\/or Android Software Management.<\/li>\n\n\n\n
- 黑料海角91入口 Protect evaluates devices and they must pass integrity and jailbreak detection checks. Otherwise 黑料海角91入口 Go registration will fail.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\")
<\/p><\/div>Important:<\/strong> \n- \n
- For instructions on how users can prepare their mobile devices and access resources, see Users: Configure Device Trust on Apple iOS and Android Devices<\/a>.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Accessing Device Trust Readiness <\/h2>\n\n\n\n
![\"The](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/device_trust_readiness_page_admin_portal.jpg\")
<\/p>\n\n\n\nThe Device Trust Readiness page displays if your org is ready to start using Mobile Device Trust. Configure these prerequisites first before enforcing Device Trust via Conditional Access Policies. <\/p>\n\n\n\n
To access Device Trust Readiness<\/strong>:<\/p>\n\n\n\n
- \n
- Log in to the 黑料海角91入口 Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to SECURITY MANAGEMENT<\/strong> > Device Trust<\/strong>.<\/li>\n\n\n\n
- Under Device Requirements<\/strong>, review a list of prerequisites for each device type.\n
- \n
- If the prerequisite is configured, a \u2705 appears next to the feature name. <\/li>\n\n\n\n
- If the prerequisite is not configured, click Manage<\/strong> to open a new tab to the appropriate feature in the Admin Portal and configure it. <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nYou only need to configure the device types used in your org. For example, If your org uses only a single platform (Apple iOS) and doesn’t use Android devices, you don\u2019t need to configure Android EMM. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Universal Device Requirements <\/h2>\n\n\n\n
黑料海角91入口 Go<\/h3>\n\n\n\n
All device types (Desktop, Apple iOS, and Android) require 黑料海角91入口 Go. <\/p>\n\n\n\n
- \n
- Enable 黑料海角91入口 Go in the Admin Portal. See Enabling 黑料海角91入口 Go<\/a> to learn more.<\/li>\n<\/ol>\n\n\n\n
Apple Device Requirements <\/h2>\n\n\n\n
To use Mobile Device Trust on Apple devices<\/strong>:<\/p>\n\n\n\n
- \n
- Enable Apple MDM<\/strong>: To meet the requirements for 黑料海角91入口 Go for Mobile and Mobile Device Trust, Apple devices must be enrolled in Apple MDM. To do so, you must enable Apple MDM in your 黑料海角91入口 org.\n
- \n
- See Set Up Apple MDM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enable Apple VPP:<\/strong> Required to deploy the 黑料海角91入口 Protect app to mobile devices.\n
- \n
- See Setting up VPP<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Create the 黑料海角91入口 Protect App in Apple VPP<\/strong>: Use Apple VPP to manage and deploy the 黑料海角91入口 Protect app to managed iOS devices.\n
- \n
- See Install VPP Apps on Devices<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enroll Apple Devices in MDM<\/strong>: After completing the Admin Portal configuration, ensure your devices are enrolled in MDM:\n
- \n
- For company-owned devices, you need to enroll them in MDM. See Add Company-Owned Apple Devices to MDM with Device Enrollment<\/a>.<\/li>\n\n\n\n
- If users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Add Personal Apple Devices to MDM with User Enrollment<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Bind Users to Mobile Devices<\/strong>: (Company-owned devices only): Devices enrolled using Apple Automated Device Enrollment (ADE) or Admin Portal enrollments require you to bind the user to the mobile device record in 黑料海角91入口. See Bind Users to Devices<\/a>.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Note:<\/strong> \n- \n
- BYOD Apple devices enrolled using User Enrollment for iOS automatically bind the user to the device during enrollment if initiated via the User Portal. <\/li>\n\n\n\n
- BYOD\/User Enrolled Apple devices require Managed Apple IDs (MAIDs) to enroll in MDM. See Add Personal Apple Devices to MDM with User Enrollment<\/a> to learn more.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Browser Requirements<\/strong>: Safari is the recommended browser for 黑料海角91入口 Go registration. If another browser is set as the default, users may need to set the default browser as Safari to complete registration.<\/li>\n<\/ol>\n\n\n\n
黑料海角91入口 Protect iOS App<\/h3>\n\n\n\n
When you deploy 黑料海角91入口 Protect app to Apple devices, the user configuration process varies depending on the device and enrollment type:<\/p>\n\n\n\n
- \n
- Automated Device Enrollment<\/strong> (Company-owned): 黑料海角91入口 MDM can silently push a managed instance of 黑料海角91入口 Protect or silently take over a personally installed version of 黑料海角91入口 Protect.<\/li>\n\n\n\n
- Profile-driven Device Enrollment<\/strong> (Company-owned): 黑料海角91入口 MDM can push a managed instance of 黑料海角91入口 Protect or take over a personally installed version of 黑料海角91入口 Protect, but will prompt users to approve.<\/li>\n\n\n\n
- User Enrollment<\/strong> (BYOD): 黑料海角91入口 MDM can push a managed instance of 黑料海角91入口 Protect and prompt users to approve. However, if users already have a personally installed version of 黑料海角91入口 Protect, users can delete the existing app to deploy it via MDM, or you allow users to use the existing 黑料海角91入口 Protect app on their devices.<\/li>\n<\/ul>\n\n\n\n
<\/p><\/div>Important:<\/strong> \nIf you’ve enabled 黑料海角91入口 Go in the Admin Portal and have iOS devices enrolled, these devices receive a Single Sign-On Extension (SSOE)<\/strong> profile silently. This SSOE profile allows the 黑料海角91入口 Protect app to invoke the 黑料海角91入口 Go experience for appropriate URLs and managed apps.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Android Device Requirements <\/h2>\n\n\n\n
To use Mobile Device Trust on Android devices<\/strong>:<\/p>\n\n\n\n
- \n
- Enable Android EMM<\/strong>: To meet the requirements for 黑料海角91入口 Go for Mobile and Mobile Device Trust, Android devices must be enrolled in Android EMM. To do so, you must enable Android EMM in your 黑料海角91入口 org.\n
- \n
- See Set Up Android EMM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enable Android Software Management<\/strong>: Enabling Android EMM automatically enables Android Software Management, so no additional configuration is required.\n
- \n
- See Software Management: Android<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Create the 黑料海角91入口 Protect App in Android Software Management<\/strong>: Use Android Software Management to manage and deploy the 黑料海角91入口 Protect app to Android devices.\n
- \n
- See Adding Android Apps<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<\/p><\/div>Important:<\/strong> \n
Additional configuration is required to use the 黑料海角91入口 Protect app for Mobile Device Trust on Android devices. Jump to 黑料海角91入口 Protect Android App<\/a>. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Enroll Android devices in Android EMM<\/strong>: After completing the Admin Portal configuration, ensure your Android devices are enrolled in EMM:\n
- \n
- For company-owned devices, you need to enroll them in EMM. See Enrolling a Company-Owned Android Device<\/a> to learn more.<\/li>\n\n\n\n
- If your users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Enrolling a Personal Device<\/a> to learn more.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Bind Users to Mobile Devices<\/strong>: (Company-owned devices only): Devices enrolled using Android Zero Touch or Admin Portal enrollments require you to bind the user to the mobile device record in 黑料海角91入口. See Bind Users to Devices<\/a>.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Note:<\/strong> \nBYOD Android devices enrolled using the Work Profile automatically bind the user to the device during enrollment if initiated via the User Portal. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Browser Requirements<\/strong>: Managed Google Chrome is required for 黑料海角91入口 Go registration. You must deploy Google Chrome to devices using Android Software Management. Ensure your users are aware of the managed Google Chrome app and that they can download it from the Managed Google Play Store.\n
- \n
- See Adding Android Apps<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
黑料海角91入口 Protect Android App<\/h3>\n\n\n\n
You’ll need to configure the 黑料海角91入口 Protect Android app in Software Management to use it with Mobile Device Trust. <\/p>\n\n\n\n
To configure the 黑料海角91入口 Protect app for Android<\/strong>:<\/p>\n\n\n\n
- \n
- Go to DEVICE MANAGEMENT<\/strong> > Software Management<\/strong>. Select the Google<\/strong> tab.<\/li>\n\n\n\n
- Select the 黑料海角91入口 Protect<\/strong> app. <\/li>\n\n\n\n
- In the Details<\/strong> tab, select Configuration<\/strong>.<\/li>\n\n\n\n
- Under Managed configuration<\/strong>, configure the following settings:\n
- \n
- Enter a Configuration name.<\/li>\n\n\n\n
- The OrgID<\/strong> and SystemID<\/strong> values should be prefilled.<\/li>\n\n\n\n
- Click Save<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/jc_protect_app_android_managed_configuration.png\")
<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\")
<\/p><\/div>Tip:<\/strong> \nUse the Install Mode <\/strong>to configure the app to force install on the user\u2019s device\/work profile, or be available in their Managed Google Play Store for users to manually install. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Configuring Conditional Access Policies (CAPs)<\/h2>\n\n\n\n
After configuring all the necessary features in 黑料海角91入口 for Mobile Device Trust, use CAPs to enforce Device Trust. <\/p>\n\n\n\n
- \n
- Create a CAP using the Device Management <\/strong>condition to enforce Device Trust and guard appropriate resources. \n
- \n
- Optionally, use the Operating System<\/strong> condition for granular targeting of platforms, for example Android or Apple iOS \/ iPad OS devices. See Configure a Conditional Access Policy<\/a> to learn more. <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
Additional Resources<\/h4>\n\n\n\n
- Optionally, use the Operating System<\/strong> condition for granular targeting of platforms, for example Android or Apple iOS \/ iPad OS devices. See Configure a Conditional Access Policy<\/a> to learn more. <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- Click Save<\/strong>.
- Select the 黑料海角91入口 Protect<\/strong> app. <\/li>\n\n\n\n
- Go to DEVICE MANAGEMENT<\/strong> > Software Management<\/strong>. Select the Google<\/strong> tab.<\/li>\n\n\n\n
- See Adding Android Apps<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- If your users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Enrolling a Personal Device<\/a> to learn more.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- For company-owned devices, you need to enroll them in EMM. See Enrolling a Company-Owned Android Device<\/a> to learn more.<\/li>\n\n\n\n
- Enroll Android devices in Android EMM<\/strong>: After completing the Admin Portal configuration, ensure your Android devices are enrolled in EMM:\n
- Create the 黑料海角91入口 Protect App in Android Software Management<\/strong>: Use Android Software Management to manage and deploy the 黑料海角91入口 Protect app to Android devices.\n
- Enable Android Software Management<\/strong>: Enabling Android EMM automatically enables Android Software Management, so no additional configuration is required.\n
- See Set Up Android EMM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Profile-driven Device Enrollment<\/strong> (Company-owned): 黑料海角91入口 MDM can push a managed instance of 黑料海角91入口 Protect or take over a personally installed version of 黑料海角91入口 Protect, but will prompt users to approve.<\/li>\n\n\n\n
- Automated Device Enrollment<\/strong> (Company-owned): 黑料海角91入口 MDM can silently push a managed instance of 黑料海角91入口 Protect or silently take over a personally installed version of 黑料海角91入口 Protect.<\/li>\n\n\n\n
- Browser Requirements<\/strong>: Safari is the recommended browser for 黑料海角91入口 Go registration. If another browser is set as the default, users may need to set the default browser as Safari to complete registration.<\/li>\n<\/ol>\n\n\n\n
- If users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Add Personal Apple Devices to MDM with User Enrollment<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enroll Apple Devices in MDM<\/strong>: After completing the Admin Portal configuration, ensure your devices are enrolled in MDM:\n
- Create the 黑料海角91入口 Protect App in Apple VPP<\/strong>: Use Apple VPP to manage and deploy the 黑料海角91入口 Protect app to managed iOS devices.\n
- Enable Apple VPP:<\/strong> Required to deploy the 黑料海角91入口 Protect app to mobile devices.\n
- See Set Up Apple MDM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enable Apple MDM<\/strong>: To meet the requirements for 黑料海角91入口 Go for Mobile and Mobile Device Trust, Apple devices must be enrolled in Apple MDM. To do so, you must enable Apple MDM in your 黑料海角91入口 org.\n
- Enable 黑料海角91入口 Go in the Admin Portal. See Enabling 黑料海角91入口 Go<\/a> to learn more.<\/li>\n<\/ol>\n\n\n\n
- Go to SECURITY MANAGEMENT<\/strong> > Device Trust<\/strong>.<\/li>\n\n\n\n
- Log in to the 黑料海角91入口 Admin Portal<\/a>.<\/li>\n\n\n\n
- For instructions on how users can prepare their mobile devices and access resources, see Users: Configure Device Trust on Apple iOS and Android Devices<\/a>.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- For mobile devices to complete 黑料海角91入口 Go for Mobile registration and be considered trusted, they must meet the following conditions:\n