KMA Device Management Guide
Target Audience
KiwiCloud KMA-mode customers
Channel technical support and MSP engineers
Enterprise IT administrators
Guide Objective
This guide is designed to help you master the complete lifecycle management of KMA devices—from enrollment, policy configuration to application deployment, remote operations, and retirement—through a structured, visualized, and step-by-step approach. It ensures high efficiency, security, and compliance in enterprise device management.
Full Lifecycle Management Overview
KiwiCloud’s KMA mode supports closed-loop lifecycle management for devices, covering enrollment, policy configuration, application management, daily operations, and retirement.
This guide breaks down the KMA device lifecycle into the following 5 stages and 13 key operational steps:
Section 1 | Account Initialization
🎯 Objective
Complete admin account activation and security configuration, including first-time login, initial password update, enterprise-level security settings, approval workflows, naming rules, default KMA policy setup, and multi-role account creation.
📹 Video Overview
Receive KiwiCloud welcome email
Log in to the console and change the initial password
Enable two-factor authentication, account security, and password policies
Configure approval flows and device naming rules
Set and verify the default KMA device policy
Create device/app administrator accounts
🎞️ Tutorial: Account Initialization
⏱️ Reference:
Section 2 | Device Enrollment and Basic Policy Configuration
🎯 Objective
Demonstrate how to enroll company or personal devices, perform batch SN imports and automatic integration, manage device groups, and configure/deploy basic policies (e.g., Wi-Fi, Bluetooth, wallpaper).
📹 Video Overview
Navigate to the device enrollment module to manage enrolled/pending devices
Complete device enrollment via the KiwiCloud App
Create device groups and organize them by model and region for multi-dimensional classification
Create a KMA device policy in the console (e.g., disable Bluetooth, set wallpaper)
Apply the policy to a group and verify the effect on the device
🎞️ Tutorials: Device Enrollment & Group Management + Device Policy Deployment
⏱️ References:
Section 3 | Application and Deployment Management
🎯 Objective
Guide you through uploading and publishing private enterprise apps, configuring required/whitelisted/blacklisted apps, and distributing them to devices. Demonstrate how to apply kiosk mode to restrict the device to specific apps for dedicated business scenarios.
📹 Video Overview
Upload enterprise apps (e.g., AnyDesk, Floating Apps), complete app info and permission settings
Review and publish to the enterprise app library
Create an app deployment policy: set required apps, whitelist, blacklist
Select target groups to deploy and demonstrate auto-install/uninstall on devices
Create and apply a kiosk policy, limit devices to specific apps, and showcase kiosk mode on the device
🎞️ Tutorials: App Deployment Policy + Kiosk Policy
⏱️ References:
Section 4 | Daily Operations
🎯 Objective
Showcase core maintenance features, including using shadow devices for offline sync, pushing app updates remotely, executing remote commands (reboot, lock, lost mode), automating actions via geofencing, and using unattended remote assistance.
📹 Video Overview
Introduce the principle of Shadow Devices and how they ensure policy synchronization when devices are offline.
Upload new app versions and push updates automatically
Execute remote reboot, enable/disable lost mode, lock/unlock devices
Set geofences and trigger rules (e.g., lock or reboot upon exit/entry)
Use unattended remote support to control the device and perform operations like browser access
🎞️ Tutorials: Shadow Devices + App Updates + Remote Operations
⏱️ References:
Section 5 | Device Retirement
🎯 Objective
Explain how to securely retire or reset devices at the end of their lifecycle or during asset transfer. Perform data wipe and reset the device status to maintain asset compliance.
📹 Video Overview
Select target devices from the console
Perform configuration rollback and (optional) data wipe
Change device status to unenrolled or retired
Verify device reboot and factory reset, and confirm removal from the management console
🎞️ Tutorial: Device Retirement
⏱️ Reference: