Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. Android

Category filter

Hexnode UEM: Automated Android Zero Touch Enrollment (ZTE)

Jump To

This comprehensive guide details the setup and requirements for Android Zero-Touch Enrollment (ZTE) using Hexnode Unified Endpoint Management (UEM). ZTE automates the provisioning of corporate-owned Android devices for seamless, out-of-the-box management.

Zero-Touch Enrollment Summary

Feature Description
Purpose Bulk deployment of corporate-owned devices with zero user interaction during setup.
Management Mode Enrolls the device automatically in Android Enterprise Device Owner (Fully Managed) mode.
Key Requirement Devices must be purchased from an Authorized Zero-Touch Reseller.
User Experience User powers on device, connects to Wi-Fi, and the device self-configures with Hexnode policies.
OS Support Android 9.0 (Pie) and later recommended (some devices 8.0+ supported).

Prerequisites Checklist

To begin, ensure the following requirements are met by your organization:

  • Hexnode UEM License: An active Hexnode UEM subscription.
  • Android Enterprise Enrollment: Your Hexnode console must be enrolled in the Android Enterprise program.
  • Zero-Touch Customer Account: An account created and provisioned on the Android Zero-Touch Portal (linked to a corporate Google account).
  • Device Sourcing: Devices must be compatible and purchased directly from an Authorized Zero-Touch Reseller or carrier. The reseller must upload the device IDs (IMEI/Serial Number) to your ZTE portal.
  • Corporate Google Account: A corporate Google account (not personal Gmail) linked to the ZTE portal.

Configuration Steps in Detail

The enrollment process requires coordination between the Hexnode UEM console and the Android Zero-Touch Portal.

Step 1: Obtain the Hexnode JSON (DPC Extras)

The JSON (JavaScript Object Notation) string acts as the bridge, telling the device which UEM solution and configuration to use during provisioning.

  1. Log in to the Hexnode UEM portal.
  2. Navigate to Enroll > Platform-Specific > Android.
  3. Select the Android Zero-Touch tab.
  4. Choose an existing Enrollment Profile (or create a new one). This profile defines the management mode (e.g., Device Owner).
  5. The Hexnode portal will generate the required JSON data (DPC extras). Copy this entire JSON string.

Step 2: Configure the Zero-Touch Portal

  1. Sign in to the Android Zero-Touch Portal using the corporate Google account.
  2. Navigate to the Configurations section and click Add.
  3. Fill in the configuration fields:
    • Name: A descriptive name for the configuration (e.g., “Hexnode Sales Team DO”).
    • EMM DPC: Select Hexnode For Work from the list of available EMM applications.
    • DPC Extras: Paste the copied JSON string from the Hexnode portal here.
    • Company Name: The name that will appear on the device during setup.
    • Support Email/Phone: Contact information for users to reach IT support.
    • Custom Message (Optional): A brief message to the user during enrollment.
  4. Click Add to save the configuration.

Step 3: Assign Configuration to Devices

The final step is to link the new Hexnode configuration to the devices listed by your reseller in the portal.

  1. In the ZTE Portal, navigate to the Devices section.
  2. Assign Single Device: Find the device using its IMEI or Serial Number and select the new Hexnode configuration from the Configurations dropdown menu next to it.
  3. Assign Bulk Devices: Upload a CSV file containing the device IDs (IMEI/Serial Number) and the corresponding Profile ID of the Hexnode configuration.

Uploading the CSV File

  1. From Devices section, click on the ellipsis (3 dots) icon in the table header.
  2. Select Upload Batch Configuration.
  3. Upload the prepared CSV file.

CSV File Format Requirements

Field Description Mandatory Value/Format
modemtype Device identifier type. Must be set as IMEI (in uppercase).
modemid The device’s modem identifier. Provide the IMEI number of the device.
serial The device’s serial number. Provide the serial number of the device.
model The device’s model name. Provide the model name of the device.
manufacturer The device manufacturer. Provide the name of the device manufacturer.
profiletype The type of enrollment profile. Must be set as ZERO_TOUCH (in uppercase).
profileid The ID corresponding to the configuration. Provide the ID (number sequence) present under the ID column on the Configuration page.
Note:


You can set a configuration as the Default Configuration in the ZTE portal to automatically assign it to any new devices purchased and added to your account in the future.

End-User Device Activation

After configuration, the process is fully automated:

  1. The user unboxes the new or factory-reset device.
  2. The user powers on the device and connects it to a Wi-Fi or cellular network.
  3. The device detects the assigned configuration from the Google server, automatically installs the Hexnode For Work app, and enrolls itself.
  4. The Hexnode policies and apps are applied immediately.

Troubleshooting and FAQs

Troubleshooting

Issue Potential Cause Action to Take
Device not enrolling/detecting config Device not assigned in ZTE Portal or incorrect Reseller account. Confirm the device’s Serial Number/IMEI is correctly uploaded and assigned to a Hexnode configuration in the ZTE Portal. Contact your reseller for verification.
“Invalid Configuration” error Error in the DPC Extras JSON string. Double-check the JSON format for errors (especially missing commas or brackets). Re-copy the JSON directly from the Hexnode console.
Device enrollment is intermittent Network or firewall issue blocking Google servers. Ensure the device has stable internet access and corporate firewalls do not block communication with Google’s Zero-Touch provisioning servers.

FAQs

  1. Can admins securely remove a device from Zero-Touch Enrollment?

    Yes. In the ZTE Portal, navigate to Devices and set the device’s configuration to No config to temporarily remove it, or use the Deregister option for permanent removal (the device can only be added back by the reseller).

  2. What is the difference between ZTE and KME (Knox Mobile Enrollment)?

    ZTE is Google’s program for all eligible Android devices. KME is Samsung’s equivalent program, specifically for Samsung Knox-enabled devices. Hexnode UEM supports both.

  3. What Android Enterprise mode does ZTE use?

    ZTE is primarily used to provision devices in Device Owner (Fully Managed) mode, which grants the organization complete control over the device for corporate use.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Enrolling Devices
Managing Android Devices