MDM Device Enrollment
Mobile Device Management, or MDM refers to the concept of securing the devices that are used for work purposes. NIC uses the MDM tools and services to give you access to essential work apps, and keep official data on your device safe. This is done without infringing on your privacy.
What is device enrollment?
Device enrollment is a simple process that enables you to securely access Gov Mail, government applications and websites from your device. It is necessary to enroll your mobile device (Android phone, tablet, iPhone or iPad) before using it for official purposes.
What are the benefits of device enrollment?
- Your data is secure because it is being accessed from a trusted enrolled device.
- Your email, attachments, documents, messages and other official data on the device are better protected from any unauthorised access, security risks, device loss, or malicious apps.
- You get an official app catalog that gives you easy access to all essential Gov mobile apps.
- Your official apps and data are separated from personal apps and data which gives you better privacy.
How does device enrollment work?
- You will be required to follow some simple steps from your phone or tablet. The enrollment process happens over internet, consuming minimal data. Depending on which device you are using, an MDM app or MDM enrollment settings will be downloaded. It usually takes 2-3 mins to complete the enrollment process.
- Once the enrollment is complete, Gov Mail and other required apps will begin to install. It usually takes 8-10 mins to complete the app installation. It is recommended to wait 8-10 minutes for the apps to be installed on the registered devices as a managed playstore will be configured inside the work profile.
- NIC security team may remotely enforce certain policies on your device such as keeping a strong PIN/ passcode, blocking file transfer from official apps to personal apps. The nature of such policies is only to protect your official data on the devices.
Understanding Device Enrollment and Data Privacy
The only purpose of enrolling your device is to protect the official apps and data on your devices. Personal apps or data can never be monitored. This document describes what details can and cannot be collected from enrolled devices.
What data is collected or managed?
- Serial Number (for iPhones and iPads only)
- Device IMEI (for iPhones and iPads only)
- List of Gov apps and official apps installed, made available via MDM.
This data is mandatorily required by the NIC enrollment services to successfully complete the device enrollment process.
What data is NEVER collected or managed?
- Pictures / videos from your gallery
- Browsing history
- Call logs and call recordings
- Text messages
- List of apps you use personally
- Saved passwords
- Data or documents maintained in personal apps
Permissions required by the MDM app on Android phones and Tablets
MDM app on Android requires the following permissions during device enrollment:
- Camera - to scan QR code to enroll with NIC MDM services
- Notifications - to notify you about enrollment completion
Other permissions will not be required or prompted to you.
Device Enrollment
Common Prerequisites
- Please ensure that you have proper connection to internet on your device.
- Make sure your work laptop or desktop is available with you so that you can login to NIC eMail from the computer browser where the enrollment QR code is available.
- In general, all iPhones and iPad devices are supported. Most Android models are supported, unless they are very old.
Device enrollment for Android devices
Note:
- The enrolling device must be running Android OS version 6.0 or later versions.
- Android devices come in various models and brands such as Samsung, Panasonic, Vivo, Motorola, Lenovo, Oppo, OnePlus, and more.
- However, some device models are tested and recommended for official use where work data is secure. They are termed as Android Enterprise Recommended devices. You can check if your device model is listed here.
- It is strongly recommended to use one of these device models to enroll and access Gov Mail and official apps.
Follow the below steps to complete device enrollment on Android devices:
- Download the ManageEngine MDM App from Google Play Store.
- On your work laptop/desktop browser,
- Log in to https://mail.gov.in/ and click your profile picture in the top right corner.
- Go to Mobile Apps and click the Android button to view the QR Code for enrolling Android devices.
- Open the ManageEngine MDM app downloaded on to your device.
- Click Scan QR Code to enroll your Device.
- Click Proceed and follow the onscreen instructions to set up your work profile.
- Wait till your work profile gets created. You will receive a notification about enrollment completion.
Once the enrollment is finished, Gov Mail and Gov OneAuth apps will be installed automatically. You can access the downloaded apps in your phone's work profile section.
iPhone and iPad device enrollment steps
Note:
- All iPhone and iPad device models with any of the following minimum OS versions:
- iOS 7.0 and above
- iPadOS 13.0 and above
- Note that iPad devices can run either iOS or iPadOS depending on the device model.
- You can check your device OS version using the following steps: Open Settings -> General -> About. You can see the iOS or iPadOS version number here.
Follow the below steps to complete self-enrollment on iOS devices:
- On your work laptop/desktop browser,
- Log in to https://mail.gov.in/ and click your profile picture in the top right corner.
- Go to Mobile Apps and click the iPhone button to view the QR Code for enrolling iOS devices.
- Open the camera app on your iPhone and scan this QR code to start enrolling the device. Make sure to open the link in Safari browser.
- Click Download profile to download a configuration profile and click Allow when prompted.
- Once the profile is downloaded, open the settings app on your device and select the downloaded MDM profile at the top of the settings listing.
- If you can't find it, navigate to the Settings > General > VPN & Device Management section in your device and select the downloaded profile.
- Click Install in the installed profile page.
- When prompted, Do you trust this profile's source to enroll your Iphone into remote management?, click Trust.
Your device is now successfully enrolled. You will automatically receive prompts to install Gov Mail and Gov OneAuth apps. If not, you can manually download the Gov Mail, Gov One Auth and other desired apps from the App Catalogue downloaded in your device. All the installed apps will be available in your mobile's apps section.
Device Unenrollment
Note
Unenrolling your device will delete Gov Mail and official apps and data from your device. If you are using OneAuth MFA then please note that if you remove OneAuth, then you may lose access to your email account on all devices!
It is not recommended to unenroll devices on your own without setting up a new device with OneAuth properly. Please contact your IT Helpdesk at helpdesk-email@gov.in if you are considering switching to a new device or no longer need access to official apps and data on this device.
Please refer to our MDM device enrollment FAQs & Troubleshooting guide for more answers to common questions and solutions to issues during the Device enrollment process.