Differences

This shows you the differences between two versions of the page.

--- en:mobile:setup:device_side:prep_device [2020/02/13 00:29] – [Preparing the device] fixing links lou_lomas
+++ en:mobile:setup:device_side:prep_device [2021/04/28 00:27] – [Preparing the device] Mark Glover
@@ Line 2: / Line 2: @@
 ====== Preparing the device =====
-**Preparing the device involves:**
+Preparing the device for mSupply is very dependant on factors including:
-  * **[[en:mobile:setup:device_side:prep_device#initial_android_device_power_up|Initial Android device power up]]**
+  * The make of the device
-  * **[[en:mobile:setup:device_side:prep_device#android_tweaks|Android tweaks]]**
+  * The version of Android running on it
-  * **[[en:mobile:setup:device_side:prep_device#install_device_remote_management_apps|Install device remote management]]**
+  * The details of how the organisation plans to manage devices and communicate with users
-  * **[[en:mobile:setup:device_side:prep_device#install_msupply_mobile|Install mSupply Mobile]]**
-  * **[[en:mobile:setup:device_side:prep_device#other_apps|Install other Apps]]**
+Please consult with Sustainable Solutions on this.
 ==== Initial Android device power up ====
@@ Line 19: / Line 20: @@
 </WRAP>
-  - Power up the device
-  - You should see a **Welcome!** screen where you will be asked for a language.  Select an appropriate language, then tap **START**
-  - You should be prompted to connect to a **Wi-Fi** network.  Even if you will use a Wi-Fi network as part of the process of setting up the device, turn Wi-Fi ''Off'' for now, then tap **NEXT**.  If possible, we'll connect to a Wi-Fi network later.
-  - You should be prompted to accept Terms and Conditions.  The only one compulsory appears to be the **End User License Agreement**.  ''Un-tick'' **Diagnostic data** and **Marketing information**. tap **NEXT**
-  - You should be prompted to accept a number of **Google services**:
-    - **Use Google's location service to help apps**:  Turn ''On''
-    - **Improve location accuracy**:  Turn ''On''
-    - **Send system data**:  Turn ''Off''\\ tap **NEXT**
-  - Because you have not connected to Wi-Fi, you should be prompted to set the **Date & time**:  Set these correctly.
-  - You may be prompted to provide a **Name**, or sometimes **First** and **Last** name.  Do <wrap em>NOT</wrap> use the personal name of the Officer In-Charge (OIC) of the facility.  A convention to follow is to set the the **Name** (or **First** name) to the facility name.  If you are prompted for a **Last** name, set that to the district / province.  e.g.\\ **Name** (or **First** name):  ''WAFI HC''\\ **Last** name:  ''Bulolo''\\ <WRAP center round tip 60%>
-Take care:  Your device will likely try to autocorrect your spelling!
-</WRAP>Then tap **NEXT**.
-  - You should be prompted to select a **Lock type**.  Choose **PIN**.
-  - You should be prompted to **Secure startup**.  Choose **Require PIN when device powers on**, then tap **CONTINUE**.
-  - You should be prompted to **Set PIN**.  Set it to ''6787'' (MSUP), re-enter it to confirm it.
-  - You should be prompted to set **Notifications**.  Set it to **Show content**, then tap **DONE**.
-  - You should be prompted to create a **Samsung account** (obviously will be different for other branded devices).  Tap **SKIP**
-  - You may be prompted to confirm that you wish to **Skip Samsung account setup?**.  Tap **SKIP**
-  - You may be prompted to configure **More useful features**.  Decline all of these.  Tap **FINISH**
-==== Android tweaks ====
+==== Install Manage Engine-Mobile Device Management ====
+Manage Engine-Mobile Device Management (ME-MDM) is used to remotely manage the Android devices running mSupply Mobile around the world.
+  * ME-MDM allows remote management of the device. Using ME-MDM we can install, update and uninstall software, track the location of lost devices and wipe the contents of the devices remotely.
+  * This means only the applications (mSupply, Telegram, Gmail, etc.) will be shown on the home screen and all other functions of the tablet are locked down.
+Once ME-MDM is installed on the device, considerable control over the device is possible including remotely deploying, installing and executing apps.
+There is [[https://www.manageengine.com/mobile-device-management/help/|extensive public documentation on ME-MDM]].  This document focuses on the particular elements relevant to mSupply Mobile installations.
-There are a number of tweaks that are worth applying before proceeding further:
+<WRAP center round important 550px>
-=== Screen timeout ===
+Requirements
-  - The default screen timeout can be quite short (30 seconds).  For normal mSupply operation, this is too short.  This should be set to at least 2 minutes.  **Settings > Display > Screen timeout** Set to, say, ''5 minutes''
+  * Mobile device is Android 6.0+
+  * Mobile device is using the EMM token (QR code) enrolment method
-=== Turn off 'Capitalise first letter' ===
-For ease of use of the touch-screen keyboard it's a good idea to avoid capital letters.  This is also facilitated by turning off 'capitalise first letter' in the keyboard settings on the device.
-  * Samsung devices:  **Settings > General management > Language and Input > On-screen keyboard > Samsung Keyboard > Smart typing > Auto capitalise**:  ''Off''
-=== Device updates ===
-As soon as your device accesses the internet, it will likely try to update software.  This can take unnecessary time and data.  We need to take action to minimise this.  It is worth deleting or disabling as many extra apps on the device as possible, including:
-    - All brand bloatware (Samsung / Lenovo / etc.)
-    - All MS Office applications
-    - All Google applications
-  * **Settings > Software update > Download updates automatically**  ''Un-tick''
-=== Allow apps to be installed from local sources ===
-  * **Settings > Lock screen and security > Unknown sources**:  Turn ''On''
-=== Enable Knox security (necessary for Sure MDM management - see below) ===
-  * **Settings > Device maintenance > Device security** Accept the prompted permissions request
-  * **Knox active protection**:  Turn ''On''
-  - You may be prompted for various services by the pre-installed apps.  Ignore / defer / deny all of these.<WRAP center round important 60%>
-At this point, the device will try and update its apps.  Proceed as quickly as possible to the next step:
 </WRAP>
-  - Turn off the manufacturer's Auto updates for the device:
-    - **Apps > Samsung > Galaxy Store > Settings (top right menu) > Auto update apps > Never**.  While you are in the Auto update apps area:
-    - Turn ''Off'' **Update notifications**
-    - Turn ''Off'' **Marketing choice**
-  - Enter the credentials for a local Wi-Fi network, then tap **NEXT**.
+=== Terminology ===
+  * **DEVICES** are enrolled to the MDM.
+  * Devices are assigned to **GROUPS**. You may need to configure additional groups if there will be more than one type of device installed in the system (that requires different profiles or apps). It is also recommended to have a Beta tester group of just one device which can then be used to verify that a software upgrade actually works properly.  ME-MDM has a good system of marking newly upgraded software as Beta, and then approving it for release after testing.
+  * **USERS** are assigned to devices. All devices will be assigned to the same ‘system’ user for this ME-MDM ‘Customer’ account.  This user will need to be created in ME-MDM. The user must have the same email address that is used to set up Android for Work (AfW) / Managed Google Play when initially configuring the user’s account.
+  * **PROFILES** (Restrictions, Kiosk, EFRP, etc.) are associated with Groups (or devices - not recommended)
+  * **APPS** are stored in the App Repository and distributed to Groups (or devices - not recommended)
-=== Security PIN code for SIM card ===
-To prevent the SIM card being removed to be used on another device, it is a good idea to [[https://www.howtogeek.com/259360/how-to-set-up-sim-card-lock-for-a-more-secure-android-phone/|lock the SIM card with a PIN code]].
+<WRAP center round tip 60%> To record asset tags with sites, it is necessary to maintain a small database external to ME-MDM.  This may be done using a spreadsheet or similar.
+  * Device serial number
+  * Device name
+  * Asset tag
+  * Phone (SIM) number
+Note: If you succeed in transferring the phone number on to the SIM card, it will be automatically stored in ME-MDM, and does not need to be stored in the external database.
+</WRAP>
-==== Install device remote management apps ====
+=== Installation ===
+  - Charge and label the device.
+    - If the battery level is low, take this opportunity to put the device on charge.
+    - Make sure the device is labelled and serial number recorded.
+  - If the device has been used before, complete a **factory reset** for the device.
+  - If the device has a SIM, ensure that the SIM is functional, with sufficient data, etc. If the devices don’t have their own SIM, ensure that you have the best WiFi connection possible. Three modes are possible in order of preference:
+    - **Open WiFi**:  For speed of processing multiple devices, it is recommended that the WiFi is open (no password).
+    - **Pre-configure WiFi AP in the QR code**:  If an open WiFi is not possible, then the WiFi credentials can be entered in the QR Code configuration in the ME-MDM Admin Console.
+    - **Manual configuration**:  If this is not done, the WiFi can be manually entered on each device (please note that this can be tedious if there are many devices).
+  - Enrol the device with ME-MDM.
+    - If the device is Android 9 or above:
+      - Obtain QR code (generated from ME-MDM: remember to select Android 9 code) for enrolling.
+      - Tap six times on the screen and, after allowing access to the camera, scan QR code.
+    - Ordered List ItemIf the device is Android 6 to 9:
+      - Obtain QR code for ME-MDM registration.
+      - On the google accounts page, enter the username ''afw#mdm'' and press ''OK''.
+      - Open (or download) a QR code scanner when prompted.
+      - Scan the QR code.
+  - If necessary, enter the WiFi credentials.
+  - Notify ME-MDM admin of the following and request they **Complete enrolment on the ME-MDM Admin Console**.
+    - device site name
+    - device serial number
+  - Once enrolment has been completed, profiles and apps (including mSupply mobile) will be pushed to the device through ME-MDM.
-As of 2019-10-15, the apps SureLock and SureMDM are used to remotely manage the Android devices running mSupply Mobile around the world.
-  * **[[https://docs.42gears.com/suremdm/docs/SureMDM/42GearsUEMConsole.html|SureMDM]]** allows remote management of the device.  Using SureMDM we can install, update and uninstall software, track the location of lost devices and wipe the contents of the tablets remotely.
+You can find the latest version of open source mSupply Mobile **[[https://github.com/openmsupply/mobile/releases|here]]**.\\
-  * [[https://docs.42gears.com/surelock/docs/surelock_android/Introduction.html|Surelock]] locks the device into Kiosk mode. This means only the apps (mSupply, Telegram, Gmail, etc.) will be shown on the home screen and all other functions of the tablet are locked down.
-== Management using SureMDM ==
+We recommend that you use TeamViewer and Telegram on the devices to aid with support.   They can also be pushed through ME-MDM and configured as below.\\
-Once SureMDM is installed on the device, considerable control over the device is possible including remotely deploying, installing and executing apps including SureLock.
-This control is generally managed through SureMDM [[https://docs.42gears.com/suremdm/docs/SureMDM/JobsforAndroid.html|'Jobs']].  The exact configuration of Jobs will depend on a number of local factors, for details on how Jobs are configured refer to the [[https://docs.42gears.com/suremdm/docs/SureMDM/JobsforAndroid.html|SureMDM documentation]].
+=== Configure TeamViewer ===
+  - Launch TV and accept permission requests.
+  - Once TeamViewer has been configured on the device, find the device based on the serial number.
+  - In the properties of the entry, change the ‘Alias’ to the Device site name.\\
-==== Install mSupply Mobile ====
-**[[https://github.com/openmsupply/mobile/releases|Download open source mSupply Mobile from GitHub]]**
-==== Install other apps ====
+=== Configure Telegram ===
-{{page>en:mobile:setup:device_side#&nodate&nouser}}
+Launch Telegram and configure as desired.
-**The following apps (or equivalent) should be included:**
-  * Calculator - use the device's calculato
-  * Wi-Fi centre - use the device's Wi-Fi control
-  * For communication between sites and with support workers:
-    * Instant messaging - we recommend [[https://play.google.com/store/apps/details?id=org.telegram.messenger|Telegram]].  Use the devices's SIM phone number, (not the operator)
-    * Email - set up the device email app with an email address for the site/device (not the operator).  We recommend Gmail.
-While apps can be installed remotely using a SureMDM job, it may be more convenient to install them manually from a PC at the same time as installing the SureMDM and SureLock apps.
+The following section highlights the key steps for initialising mSupply Mobile once it has been pushed to the device through ME-MDM.
 \\
 \\
-|  //Return to:  **[[en:mobile:setup:device_side|]]** | | Next:  **[[en:mobile:setup:device_side:3|]] **//  |
+|  //Return to:  **[[en:mobile:setup:device_side|]]** | | Next:  **[[en:mobile:setup:device_side:initialise_store]] **//  |