Automated MDM Enrollment: your key to easy device deployment
Learn more about the different kinds of automated deployment methods offered by Hexnode MDM.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
May 19, 2020
7 min read
Zero-touch enrollment is a streamlined, one time set up for Android devices to be provisioned for enterprise management. This enables devices to be enrolled and be work-ready out of the box. It permits IT, without having to manually set up each new device, to deploy corporate-owned devices in bulk. It reduces the user-caused risks due to incorrect information entry or configuration of wrong settings. It also prevents unauthorized devices from joining your MDM environment thereby enhancing your security.
Once an android enterprise configuration is applied, the Device Owner mode is activated and an MDM agent like Hexnode MDM is downloaded and the rest of the setup is completed by the agent on the managed device.
Made available by Google since 2017, it started off as an onboarding method for original Pixel devices. As the smartphone environment expanded Google kept adding new vendors who were compatible with ZTE. Presently Android Zero-Touch supports a huge fleet of devices running Android 8.0 or later, including LG, Zebra, HTC, Google, and more.
If your organization is interested in deploying devices with the help of Android Zero Touch deployment, then these are the requirements to be fulfilled.
Devices running Android 8.0 or upwards or Pixel Devices running Android 7.0 are compatible with Android Zero-Touch enrollment. You can get the current list of all compatible devices in Google’s Enterprise Directory.
New devices purchased from a Google Authorized reseller can only be used for Zero Touch enrollment. Details about the resellers in you are can be found in Google’s Reseller List.
Android Zero-Touch enrollment only works in tandem with a device management solution (MDM/ EMM/ UEM) which supports Zero Touch enrollment. Hexnode MDM provides such device management capabilities with its solution.
A Google account associated with the business corporate account. It is important that you use a corporate account and not a personal account.
Android zero-touch enrollment offers a streamlined deployment method for corporate Android devices and Android enterprise devices that facilitates quick, simple, and stable large-scale roll-outs for enterprises, IT, and employees. Beyond that, these are the benefits Android Zero-Touch enrollment offers to both admins and users.
Android zero-touch enrollment removes the need for individual devices to be manually configured. In this way, the IT department can roll out large numbers of devices in no time. Through ZTE, mobile device admins can ensure that all the correct configurations are in place for their users as soon as they turn on, remotely.
Also, with the automatic installation of the device management solution. The admin can assume full control over the device. This includes app installations, removals, policies, profiles, etc.
Employees can easily unbox their new device, and instantly get going. All pre-assigned apps and configurations, such as for e-mail, WiFi, and VPN use, are instantaneously accessible to the user after starting and logging on to the new device.
Try Hexnode to checkout Android Zero-touch Enrollment functionality.
Sign up to utilize zero touch enrollment!
Try Hexnode to checkout Android Zero-touch Enrollment functionality.Sign up!
Hexnode has fully integrated Android Zero-Touch enrollment to its device management solution. You can configure Zero-Touch Enrollment in your organization by following these steps.
The first step to configure Zero-touch enrollment is by associating a Google account. You can create a new Google account if you want to. The Google account should be associated with your corporate email, that is important. Here are the steps to associate a Google account.
You can sign in to the Zero Touch Portal using your corporate Google account you associated with before. After logging in you will see multiple sections there.
|Configurations||You can create, modify and delete MDM configurations here. You may set default MDM configurations to apply to the devices added to the portal, if necessary.|
|Devices||The devices which are added to the account are listed here. The configurations can be assigned to selected devices. If not needed, the devices can even be removed from here.|
|Users||The users who can access and manage the portal can be added, modified, or deleted here.|
|Resellers||If required, additional resellers can be added here, so that multiple resellers can share your account.|
These MDM configurations are used by the device to initiate the Zero-Touch Enrollment process. Once you are signed into the Zero Touch Portal follow these steps.
|Configuration Name||The name you can provide to identify this particular configuration.|
|EMM DPC||Device Policy Controller, is the MDM agent that would be installed in the target device. Select Hexnode for Work.|
|DPC extras||You can provide JSON data here, this is available in the Hexnode MDM console. Follow this path
Enroll > Platform – Specific > Android > Android Zero-Touch.
JSON data communicates basic configurations such as time zone, language, app bundles etc from the Zero Touch web portal to the device.
|Company Name||Provide the name of your organization. This name will be displayed when enrolling on the user’s screen.|
|Email ID||Provide the IT Admin email address for your company here. This will be displayed on the user’s device during enrollment and can be used to contact the IT admin regarding any enrollment issues.|
|Phone Number||Similar to the Email ID, provide it in case there is any requirement during the enrollment phase.|
|Custom Message||You can provide an optional message here to welcome the user.|
Now, since the configurations are ready, you can start applying these to devices. These can be applied one at a time or in bulk using a CSV file.
For single devices, these are the steps
For multiple devices, you can apply configurations using a CSV file. Here are the fields required in the CSV file you can use for this purpose.
|modemtype||The parameter in this field should be always set as IMEI in uppercase character.|
|modemid||Provide the IMEI number of the device.|
|serial||Provide the serial number of the device.|
|model||Provide the model name of the device.|
|manufacturer||Provide the name of the device manufacturer.|
|profiletype||The parameter in this field should always be set as ZERO_TOUCH in uppercase characters.|
|profileid||Provide the ID corresponding to the configuration to be applied to the devices.
If you want to remove any device you can go ahead and select the deregister option right next to the device details.
On paper Android Zero-Touch enrollment looks like the ideal deployment method. If your organization wants to manage devices that are issued to your employees as a device owner through Android Enterprise, I.e, total control over the device, then zero-touch enrollment would be a viable option. It helps provision multiple devices at the same time in device owner mode and is essentially a streamlined method to issue multiple devices in such a manner.
So, if your organization is considering to issue a set of android devices in which BYOD is not allowed, Android Zero-Touch enrollment is the way to go.