Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Solution Framework
  3. Provisioning

Category filter

Zero-Touch Drop Ship Provisioning (DSP) for Windows 10/11 Devices

Jump To

Enterprise Zero Touch Drop Ship Provisioning (DSP) programs promise a seamless experience: a device arrives at the user’s doorstep, they power it on, and it is fully managed before they even log in.

Historically, this required complex, proprietary integrations like Workspace ONE Drop Ship (Offline) or Dell Connected Provisioning. This architecture defines how Hexnode achieves this exact outcome using the native Windows Provisioning Package (.ppkg) standard. By handing a simple portable artifact to a hardware vendor (Dell, Lenovo, HP), organizations shift the heavy lifting enrollment and agent installation from the end-user’s bandwidth to the OEM factory floor.

The Strategy: “Factory” Readiness vs. Over-the-Air (OTA)

Most modern management relies on Over-the-Air (OTA) workflows where the device downloads its configuration after the user receives it. While flexible, this introduces “Time-to-Productivity” latency.

The Hexnode Factory Story

Hexnode enables a true Offline Drop-Ship by encapsulating the management logic into a single file (.ppkg) that travels with the hardware.

  • Day 0 (User): The user unboxes the device.
  • Day -1 (Factory): The device is already enrolled, and the agent is installed on the disk.

This architecture treats the Provisioning Package not just as a settings file, but as a container for the Supply Chain, embedding the Hexnode Agent binary and “Bulk Token” trust directly into the OS image before it leaves the warehouse.

How to execute the Zero Touch Drop Ship Provisioning supply chain with OEMs?

The core of this solution is not a proprietary cloud connector, but a standardized file exchange with the Hardware Vendor.

1. Artifact Generation (Internal IT)

The enterprise architect generates a standard Windows .ppkg artifact. Unlike cloud-only methods, this package contains the full Hexnode installer payload and the encrypted bulk enrollment keys. This artifact serves as the “Digital Thread” that binds the hardware to the enterprise tenant without requiring an internet connection. For details on creating this specific artifact, refer to the guide on enrolling Windows 10/11 devices using Provisioning Package files.

2. The Handoff (Dell CFI / Lenovo ITC)

This is a logistical bridge. The organization transmits the .ppkg file to the OEM’s integration center (e.g., Dell Custom Factory Integration or Lenovo Imaging Technology Center) with a request for Static File Injection.

  • Technical Note: The OEM does not need to run proprietary scripts or access the Hexnode console. Their role is strictly to place the .ppkg file into the native Windows Provisioning directory (%ProgramData%\Microsoft\Provisioning) during their imaging or “Second Touch” process.

3. Execution (The “Drop Ship” Moment)

When the device is powered on for the first time whether by a QA tester at the factory or the end-user the Windows OS detects the injected package during the Specialize pass. It silently installs the embedded Hexnode Agent and applies the enrollment token.

Equivalence: Hexnode vs. Workspace ONE Drop Ship

The goal of this architecture is to prove functional equivalence. Both methods result in a device that is managed immediately upon the first boot, but Hexnode achieves this via native OS standards rather than proprietary service layers.

Feature Workspace ONE Drop Ship (Offline) Hexnode UEM Factory Provisioning
Architecture Proprietary “Factory Provisioning Service” Native Windows Standards (.ppkg)
Vendor Integration Requires specialized partner integration Universal (Standard File Injection)
Payload Logic Payload exported from console Payload contained in PPKG
Outcome Agent installed & Enrolled at Factory Agent installed & Enrolled at Factory

Conclusion: Hexnode delivers the same “Factory Drop Ship” result Zero-Touch Provisioning without user credentials by leveraging the file-based mechanisms inherent to Windows 10/11.

OEM Technical Rider (For RFPs)

To operationalize this workflow, the following technical requirement can be included in purchase orders for Dell, Lenovo, or HP:

Service Requirement: Factory Provisioning via PPKG Injection

“The vendor shall support the injection of a customer-provided Windows Provisioning Package (.ppkg) into the master OS image. The artifact must be placed in the root Provisioning directory to ensure automatic execution during the OOBE ‘Specialize’ configuration pass, enabling an offline, zero-touch enrollment state prior to shipment.”

Zero Touch Provisioning, Factory Provisioning, Offline Drop-Ship

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework