What is BYOD mode?

BYOD, or Bring Your Own Device, is a model in which the user uses their own device for work purposes. From the organization’s perspective, this means the ability to securely provide corporate applications, data, and resources without having to manage the entire phone.

The most important feature of this model is the separation of the private and work spaces. The company manages only the work profile, while the personal part remains under the user’s control.

This solution works particularly well when:

• employees already use their own phones,
• the company does not want to replace or reset existing devices,
• it is important to separate corporate data from private data,
• the organization wants to enforce security policies only in the work area.

In practice, BYOD is often the most flexible way to deploy MDM, because it does not require new devices or full control over the phone.

What does the video show?

In the video, we present the process of adding an Android device to Essentials MDM in BYOD mode. The entire process begins in the administrative console, where the administrator selects the Android platform and the deployment scenario intended for private devices.

Next, the appropriate device group is assigned, and the system generates a QR code. Unlike scenarios such as COBO or COSU, here we do not work on a device after a factory reset, but on a phone that is already working and being used by the user.

After scanning the code, the device directs the user to download the Essentials MDM agent, and then the creation of the work profile begins.

Adding a device in BYOD mode – step by step

1. Starting the device addition process in the Essentials MDM console
   The process begins by creating a new device in the system. The administrator selects the option to add a device and then indicates:

• the Android platform,
• the BYOD scenario.

The video shows that this deployment model is treated as one of the most interesting ones, because it answers a very common question: can a device that the user is already using be brought under management?

In the case of BYOD, the answer is yes.

2. Why is BYOD unique?
   The most important difference between BYOD and the other scenarios is that the device does not need to be restored to factory settings. It also does not have to be a new device.

This is a major advantage in organizations that:

• want to quickly implement a mobile policy,
• are not planning to buy a new fleet of devices,
• want to make use of employees’ existing phones,
• need secure access to corporate data without interfering with the private part of the phone.

3. Selecting the device group and deployment method
   After selecting the Android platform, the administrator assigns the appropriate device group. The BYOD method is then selected.

The system informs that a work profile will be created on the device. This is the profile that will be managed by Essentials MDM, and it is within this profile that work applications and settings will appear.

4. Generating the QR code
   As in other scenarios, the system generates a QR code. The difference lies in how it is used.

In scenarios such as COBO, WPC, or COSU, the QR code is usually scanned on the device’s welcome screen after a reset. In BYOD, the device is already running, so the user does not launch a special initial setup wizard, but simply uses the phone camera or the built-in QR code reader.

This is simpler and more natural from the end user’s perspective.

5. Scanning the code and proceeding to download the agent
   After scanning the QR code, the device is redirected to a website from which the Essentials MDM agent can be downloaded. This is an important moment, because the agent is responsible for further communication with the system and for creating the work environment.

The video shows that the system detects very quickly that the user has started this process. At this stage, an entry for the device already appears in the console.

6. Installing the Essentials MDM agent
   The next step is downloading and launching the agent. In the example shown, the installation is performed manually, so the device may display a message about installing from an unknown source.

After launching the agent, the user proceeds to grant the appropriate permissions. This is natural, because the application must receive access to selected system services in order to create the work profile and manage its contents.

7. Creating the work profile
   After accepting the required steps, the standard procedure for creating a work profile begins. The video shows that in this respect the process resembles WPC deployment, because here too we create a separate work space.

The work profile is the core of the BYOD scenario. Thanks to it:

• corporate applications are placed in a separate container,
• work data is separated from private data,
• the organization manages only the corporate part,
• the user retains privacy in the personal part of the device.

8. Visibility of the process in the console and logs
   During deployment, the administrator can go to the Essentials MDM console and monitor the logs. This makes it possible to check what stage the installation has reached and whether new entries related to the work profile have already appeared.

This is very practical, because it allows quick confirmation that deployment is proceeding correctly and that the device is communicating properly with the system.

9. Appearance of the work profile on the device
   After several seconds, the work profile appears on the device. The video shows that the system creates a new work space, and the device begins to display separate elements related to the corporate profile.

In practice, the user sees two areas:

• personal – completely private,
• work – managed by the organization.

This is a very important moment, because this is when the user receives a ready-to-use work environment, and the administrator gains control over what is located in the corporate part of the device.

10. Separation of the private and work spaces
    One of the biggest advantages of BYOD is that the organization does not gain access to the entire phone. Management applies only to the work profile and the applications located in that part.

Thanks to this:

• the user retains privacy,
• the company protects corporate data,
• security policies can be enforced without violating the private space,
• the device remains convenient for everyday use.

This balance between security and convenience is one of the main reasons why BYOD is so often attractive to organizations.

Why is BYOD a practical deployment model?

BYOD mode is particularly useful wherever a company wants to quickly and securely provide employees with work applications and corporate data, but does not want to manage the entire private device.

The main benefits of this approach are:

• no need to reset the phone,
• the ability to deploy on a device that is already in use,
• separation of private and corporate data,
• greater convenience for the user,
• secure management of corporate applications,
• easier implementation of security policies.

This is a good model wherever the organization wants to balance user convenience with the protection of corporate data.

What should you pay attention to when deploying BYOD?

Although the process itself is simple, it is worth remembering a few practical points:

• the device does not need to be new or reset,
• the user must perform part of the steps on their own phone,
• it may be necessary to download and launch the agent,
• the required permissions must be granted to the application,
• the work profile appears only after the configuration process has been completed successfully,
• the organization manages only the work part, not the entire device.

Thanks to this, it is clear from the beginning what to expect from this deployment model and what its limits are.

Summary

The video shows that adding a device in BYOD mode in Essentials MDM is a simple and very practical process. The administrator prepares the configuration in the console, selects the appropriate deployment method, and generates a QR code, while the user scans it on their working device.

Next, the Essentials MDM agent is downloaded, the work profile is created, and the device comes under management – but only in the corporate area.

This is a practical solution for organizations that want to securely provide corporate resources on users’ private devices without interfering with their personal space.