- \n
- You\u2019ve reviewed Get Started: Mobile Device Trust<\/a> and are familiar with the prerequisites and considerations of JumpCloud Go for Mobile and Mobile Device Trust. <\/li>\n<\/ul>\n\n\n\n
Considerations<\/strong>: <\/p>\n\n\n\n
- \n
- For mobile devices to complete JumpCloud Go for Mobile registration and be considered trusted, they must meet the following conditions:\n
- \n
- Devices are enrolled in JumpCloud Device Management: Apple MDM and\/or Android EMM.<\/li>\n\n\n\n
- JumpCloud Protect is deployed to devices using Apple VPP and\/or Android Software Management.<\/li>\n\n\n\n
- JumpCloud Protect evaluates devices and they must pass integrity and jailbreak detection checks. Otherwise JumpCloud Go registration will fail.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\")
<\/p><\/div>Important:<\/strong> \n- \n
- For instructions on how users can prepare their mobile devices and access resources, see Users: Configure Device Trust on Apple iOS and Android Devices<\/a>.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Accessing Device Trust Readiness <\/h2>\n\n\n\n
![\"The](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/device_trust_readiness_page_admin_portal.jpg\")
<\/p>\n\n\n\nThe Device Trust Readiness page displays if your org is ready to start using Mobile Device Trust. Configure these prerequisites first before enforcing Device Trust via Conditional Access Policies. <\/p>\n\n\n\n
To access Device Trust Readiness<\/strong>:<\/p>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to SECURITY MANAGEMENT<\/strong> > Device Trust<\/strong>.<\/li>\n\n\n\n
- Under Device Requirements<\/strong>, review a list of prerequisites for each device type.\n
- \n
- If the prerequisite is configured, a \u2705 appears next to the feature name. <\/li>\n\n\n\n
- If the prerequisite is not configured, click Manage<\/strong> to open a new tab to the appropriate feature in the Admin Portal and configure it. <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nYou only need to configure the device types used in your org. For example, If your org uses only a single platform (Apple iOS) and doesn’t use Android devices, you don\u2019t need to configure Android EMM. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Universal Device Requirements <\/h2>\n\n\n\n
JumpCloud Go<\/h3>\n\n\n\n
All device types (Desktop, Apple iOS, and Android) require JumpCloud Go. <\/p>\n\n\n\n
- \n
- Enable JumpCloud Go in the Admin Portal. See Enabling JumpCloud Go<\/a> to learn more.<\/li>\n<\/ol>\n\n\n\n
Apple Device Requirements <\/h2>\n\n\n\n
To use Mobile Device Trust on Apple devices<\/strong>:<\/p>\n\n\n\n
- \n
- Enable Apple MDM<\/strong>: To meet the requirements for JumpCloud Go for Mobile and Mobile Device Trust, Apple devices must be enrolled in Apple MDM. To do so, you must enable Apple MDM in your JumpCloud org.\n
- \n
- See Set Up Apple MDM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enable Apple VPP:<\/strong> Required to deploy the JumpCloud Protect app to mobile devices.\n
- \n
- See Setting up VPP<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Create the JumpCloud Protect App in Apple VPP<\/strong>: Use Apple VPP to manage and deploy the JumpCloud Protect app to managed iOS devices.\n
- \n
- See Install VPP Apps on Devices<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enroll Apple Devices in MDM<\/strong>: After completing the Admin Portal configuration, ensure your devices are enrolled in MDM:\n
- \n
- For company-owned devices, you need to enroll them in MDM. See Add Company-Owned Apple Devices to MDM with Device Enrollment<\/a>.<\/li>\n\n\n\n
- If users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Add Personal Apple Devices to MDM with User Enrollment<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Bind Users to Mobile Devices<\/strong>: (Company-owned devices only): Devices enrolled using Apple Automated Device Enrollment (ADE) or Admin Portal enrollments require you to bind the user to the mobile device record in JumpCloud. See Bind Users to Devices<\/a>.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Note:<\/strong> \n- \n
- BYOD Apple devices enrolled using User Enrollment for iOS automatically bind the user to the device during enrollment if initiated via the User Portal. <\/li>\n\n\n\n
- BYOD\/User Enrolled Apple devices require Managed Apple IDs (MAIDs) to enroll in MDM. See Add Personal Apple Devices to MDM with User Enrollment<\/a> to learn more.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Browser Requirements<\/strong>: Safari is the recommended browser for JumpCloud Go registration. If another browser is set as the default, users may need to set the default browser as Safari to complete registration.<\/li>\n<\/ol>\n\n\n\n
JumpCloud Protect iOS App<\/h3>\n\n\n\n
When you deploy JumpCloud Protect app to Apple devices, the user configuration process varies depending on the device and enrollment type:<\/p>\n\n\n\n
- \n
- Automated Device Enrollment<\/strong> (Company-owned): JumpCloud MDM can silently push a managed instance of JumpCloud Protect or silently take over a personally installed version of JumpCloud Protect.<\/li>\n\n\n\n
- Profile-driven Device Enrollment<\/strong> (Company-owned): JumpCloud MDM can push a managed instance of JumpCloud Protect or take over a personally installed version of JumpCloud Protect, but will prompt users to approve.<\/li>\n\n\n\n
- User Enrollment<\/strong> (BYOD): JumpCloud MDM can push a managed instance of JumpCloud Protect and prompt users to approve. However, if users already have a personally installed version of JumpCloud Protect, users can delete the existing app to deploy it via MDM, or you allow users to use the existing JumpCloud Protect app on their devices.<\/li>\n<\/ul>\n\n\n\n
<\/p><\/div>Important:<\/strong> \nIf you’ve enabled JumpCloud Go in the Admin Portal and have iOS devices enrolled, these devices receive a Single Sign-On Extension (SSOE)<\/strong> profile silently. This SSOE profile allows the JumpCloud Protect app to invoke the JumpCloud Go experience for appropriate URLs and managed apps.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Android Device Requirements <\/h2>\n\n\n\n
To use Mobile Device Trust on Android devices<\/strong>:<\/p>\n\n\n\n
- \n
- Enable Android EMM<\/strong>: To meet the requirements for JumpCloud Go for Mobile and Mobile Device Trust, Android devices must be enrolled in Android EMM. To do so, you must enable Android EMM in your JumpCloud org.\n
- \n
- See Set Up Android EMM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enable Android Software Management<\/strong>: Enabling Android EMM automatically enables Android Software Management, so no additional configuration is required.\n
- \n
- See Software Management: Android<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Create the JumpCloud Protect App in Android Software Management<\/strong>: Use Android Software Management to manage and deploy the JumpCloud Protect app to Android devices.\n
- \n
- See Adding Android Apps<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<\/p><\/div>Important:<\/strong> \n
Additional configuration is required to use the JumpCloud Protect app for Mobile Device Trust on Android devices. Jump to JumpCloud Protect Android App<\/a>. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Enroll Android devices in Android EMM<\/strong>: After completing the Admin Portal configuration, ensure your Android devices are enrolled in EMM:\n
- \n
- For company-owned devices, you need to enroll them in EMM. See Enrolling a Company-Owned Android Device<\/a> to learn more.<\/li>\n\n\n\n
- If your users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Enrolling a Personal Device<\/a> to learn more.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Bind Users to Mobile Devices<\/strong>: (Company-owned devices only): Devices enrolled using Android Zero Touch or Admin Portal enrollments require you to bind the user to the mobile device record in JumpCloud. See Bind Users to Devices<\/a>.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Note:<\/strong> \nBYOD Android devices enrolled using the Work Profile automatically bind the user to the device during enrollment if initiated via the User Portal. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Browser Requirements<\/strong>: Managed Google Chrome is required for JumpCloud Go registration. You must deploy Google Chrome to devices using Android Software Management. Ensure your users are aware of the managed Google Chrome app and that they can download it from the Managed Google Play Store.\n
- \n
- See Adding Android Apps<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
JumpCloud Protect Android App<\/h3>\n\n\n\n
You’ll need to configure the JumpCloud Protect Android app in Software Management to use it with Mobile Device Trust. <\/p>\n\n\n\n
To configure the JumpCloud Protect app for Android<\/strong>:<\/p>\n\n\n\n
- \n
- Go to DEVICE MANAGEMENT<\/strong> > Software Management<\/strong>. Select the Google<\/strong> tab.<\/li>\n\n\n\n
- Select the JumpCloud Protect<\/strong> app. <\/li>\n\n\n\n
- In the Details<\/strong> tab, select Configuration<\/strong>.<\/li>\n\n\n\n
- Under Managed configuration<\/strong>, configure the following settings:\n
- \n
- Enter a Configuration name.<\/li>\n\n\n\n
- The OrgID<\/strong> and SystemID<\/strong> values should be prefilled.<\/li>\n\n\n\n
- Click Save<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/jc_protect_app_android_managed_configuration.png\")
<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\")
<\/p><\/div>Tip:<\/strong> \nUse the Install Mode <\/strong>to configure the app to force install on the user\u2019s device\/work profile, or be available in their Managed Google Play Store for users to manually install. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Configuring Conditional Access Policies (CAPs)<\/h2>\n\n\n\n
After configuring all the necessary features in JumpCloud for Mobile Device Trust, use CAPs to enforce Device Trust. <\/p>\n\n\n\n
- \n
- Create a CAP using the Device Management <\/strong>condition to enforce Device Trust and guard appropriate resources. \n
- \n
- Optionally, use the Operating System<\/strong> condition for granular targeting of platforms, for example Android or Apple iOS \/ iPad OS devices. See Configure a Conditional Access Policy<\/a> to learn more. <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
Additional Resources<\/h4>\n\n\n\n
- Optionally, use the Operating System<\/strong> condition for granular targeting of platforms, for example Android or Apple iOS \/ iPad OS devices. See Configure a Conditional Access Policy<\/a> to learn more. <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- Click Save<\/strong>.
- Select the JumpCloud Protect<\/strong> app. <\/li>\n\n\n\n
- Go to DEVICE MANAGEMENT<\/strong> > Software Management<\/strong>. Select the Google<\/strong> tab.<\/li>\n\n\n\n
- See Adding Android Apps<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- If your users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Enrolling a Personal Device<\/a> to learn more.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- For company-owned devices, you need to enroll them in EMM. See Enrolling a Company-Owned Android Device<\/a> to learn more.<\/li>\n\n\n\n
- Enroll Android devices in Android EMM<\/strong>: After completing the Admin Portal configuration, ensure your Android devices are enrolled in EMM:\n
- Create the JumpCloud Protect App in Android Software Management<\/strong>: Use Android Software Management to manage and deploy the JumpCloud Protect app to Android devices.\n
- Enable Android Software Management<\/strong>: Enabling Android EMM automatically enables Android Software Management, so no additional configuration is required.\n
- See Set Up Android EMM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Profile-driven Device Enrollment<\/strong> (Company-owned): JumpCloud MDM can push a managed instance of JumpCloud Protect or take over a personally installed version of JumpCloud Protect, but will prompt users to approve.<\/li>\n\n\n\n
- Automated Device Enrollment<\/strong> (Company-owned): JumpCloud MDM can silently push a managed instance of JumpCloud Protect or silently take over a personally installed version of JumpCloud Protect.<\/li>\n\n\n\n
- Browser Requirements<\/strong>: Safari is the recommended browser for JumpCloud Go registration. If another browser is set as the default, users may need to set the default browser as Safari to complete registration.<\/li>\n<\/ol>\n\n\n\n
- If users access resources from their personal devices, they can enroll their devices directly from the User Portal without admin intervention using user enrollment (BYOD). See Add Personal Apple Devices to MDM with User Enrollment<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enroll Apple Devices in MDM<\/strong>: After completing the Admin Portal configuration, ensure your devices are enrolled in MDM:\n
- Create the JumpCloud Protect App in Apple VPP<\/strong>: Use Apple VPP to manage and deploy the JumpCloud Protect app to managed iOS devices.\n
- Enable Apple VPP:<\/strong> Required to deploy the JumpCloud Protect app to mobile devices.\n
- See Set Up Apple MDM<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Enable Apple MDM<\/strong>: To meet the requirements for JumpCloud Go for Mobile and Mobile Device Trust, Apple devices must be enrolled in Apple MDM. To do so, you must enable Apple MDM in your JumpCloud org.\n
- Enable JumpCloud Go in the Admin Portal. See Enabling JumpCloud Go<\/a> to learn more.<\/li>\n<\/ol>\n\n\n\n
- Go to SECURITY MANAGEMENT<\/strong> > Device Trust<\/strong>.<\/li>\n\n\n\n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- For instructions on how users can prepare their mobile devices and access resources, see Users: Configure Device Trust on Apple iOS and Android Devices<\/a>.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- For mobile devices to complete JumpCloud Go for Mobile registration and be considered trusted, they must meet the following conditions:\n