MITRE ATT&CK (tactics, techniques, matrix, IDs)
Prisma Cloud in 60s
Changed focus – The world of…
Horizon – Brokering
Horizon Golden Master – Best practice
Horizon Cloud on Azure
Horizon Cloud on Azure – How to start with subscription
App Volumes – Prepare provisioning machine / VM
Horizon Cloud on Azure – Onboarding
SAML SSO Okta Org2Org

Android Zero touch

Android Zero Touch Enrolment

What is Zero touch enrolment? This is a kind of enrolment of Android Devices by themselve out of the box as work-managed Device. An Explanation of differences between the several enrolment methods, I have had described in another Article (Android Enterprise).

 

Some Advantages as a simple overview:

  • Administrators don´t need to provision each device individually , they can create a config and assign it to a bulk of devices which will be automatically be configured
  • Customers themselves are all time in control of the devices – even after factory resets
  • Users only needs to sign in after received the boxed device and get the config

 

How is the workflow to use Android Zero-touch?

  1. Customers purchase devices from resellers
  2. Resellers create new customer zero-touch enrolment accounts
  3. Resellers assign devices to customers
  4. Customers create EMM configuration for their enterprise
  5. Customers map purchased devices to EMM configuration
  6. Resellers ship the devices to the end user locations
  7. End users turn on their new device and get the configuration of their enterprise.

 

The provision configuration for a device will be stored in the Zero Touch enrolment. If you power on a device it will check if a provisioning configuration is available. If so, and the configuration is assigned to the device it will provision itself. Additionally, you can add enrolment configurations (Policies) which will applied to the device as soon as the EMM DPC (device policy controller) App will be downloaded. This could be the AirWatch Agent for instance but is chosen by the customer.

Important: Zero Touch enrolment is only supported on Android 8.0 (Oreo) devices.

 

To assign enrolment configurations to a device you need the IMEI oder serial number of the device. With that kind of enrolment you get the experience which you potentially know from the iOS side with DEP.

 

664 Total Views 1 Views Today
twitterlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *