Overview

Device enrollment is the foundation of any mobile device management deployment. SOTI MobiControl supports multiple enrollment methods designed to accommodate different device ownership models, operating systems, and deployment scales. Whether your organization is onboarding a handful of corporate-owned rugged devices or deploying thousands of smartphones across multiple sites, MobiControl provides a method suited to the task. Selecting the right enrollment approach reduces the time IT teams spend on device setup, eliminates manual configuration errors, and ensures every device joins the management environment in a consistent, policy-compliant state from its very first connection.

This article describes the primary enrollment methods available in SOTI MobiControl, when to use each, and key considerations for IT administrators planning a rollout.

Supported Enrollment Methods

1. Android Zero-Touch Enrollment

Zero-Touch Enrollment is Google's enterprise provisioning program for corporate-owned Android devices. Devices purchased through an authorized reseller are pre-configured with an enrollment profile in the Google Zero-Touch portal. When the device is first powered on and connected to a network, it automatically downloads and installs the SOTI MobiControl device agent and completes enrollment without any end-user interaction. This method is ideal for large-scale deployments where devices ship directly to end users or remote sites, removing the need for IT to physically touch every device before distribution.

Administrators must ensure that the SOTI MobiControl enrollment policy is correctly linked in the Zero-Touch portal and that the target device group is pre-configured before devices ship.

2. Samsung Knox Mobile Enrollment (KME)

Samsung KME provides a similar zero-touch experience exclusively for Samsung Android devices. Using the Samsung Knox portal, administrators associate devices by their IMEI or serial number with an enrollment profile that points to SOTI MobiControl. On first boot, devices silently enroll into MobiControl. This method is particularly valuable for organizations standardized on Samsung hardware and allows enrollment to happen automatically without end-user credentials or device interaction.

3. Apple Device Enrollment Program (DEP) / Automated Device Enrollment

For Apple iOS, iPadOS, and macOS devices, SOTI MobiControl integrates with Apple Business Manager (ABM) or Apple School Manager (ASM) to support Automated Device Enrollment (formerly DEP). Devices purchased or assigned through ABM are supervised and automatically enroll into SOTI MobiControl upon activation. This method applies a Mobile Device Management profile at the OS level that cannot be removed by the device user, making it the strongest management model available for Apple devices. Administrators configure an enrollment profile in the MobiControl console and link it to the ABM token.

4. SOTI Stage

SOTI Stage is a SOTI-native enrollment method that allows administrators to create a staging configuration QR code or NFC payload from within the MobiControl console. On Android devices, scanning the QR code during the Android setup wizard triggers the download of the MobiControl device agent and initiates enrollment. SOTI Stage is commonly used for bulk provisioning of warehouse, retail, or field service rugged devices where Zero-Touch is not available or practical. It does not require an internet connection during setup beyond device agent download.

5. Zebra StageNow

For organizations running Zebra Technologies Android rugged devices, SOTI MobiControl integrates with Zebra StageNow. IT administrators generate a StageNow barcode or NFC tag that a device scans to pull configuration settings and initiate enrollment into MobiControl. StageNow is deeply integrated with the Zebra Mobility DNA framework, allowing administrators to configure device-specific Zebra settings — such as DataWedge scanner profiles — at the same time as enrollment.

6. Windows Autopilot

For Windows 10 and Windows 11 Modern devices, SOTI MobiControl supports Windows Autopilot. Devices are registered with Microsoft Autopilot and, when connected to the internet after a reset or first boot, automatically enroll into SOTI MobiControl via Microsoft Entra ID (formerly Azure AD) credentials. This provides an out-of-box experience that requires no imaging and no physical IT intervention, matching the zero-touch model on Android.

7. Microsoft Entra ID Join

SOTI MobiControl supports Entra ID Join as an additional Windows enrollment pathway. When a user signs into a Windows device using their Entra ID (corporate Microsoft account) credentials, the device automatically enrolls into SOTI MobiControl if the tenant is configured appropriately. SOTI has published the MobiControl application in the Entra ID cloud infrastructure, which acts as a trusted broker to facilitate this enrollment for cloud-hosted MobiControl customers.

Enrollment Policy Configuration