👋 Howdy! The website is freshly launched on a brand new backend, and incorporates changes to URLs of articles and docs. If you land on a 404 not found, please try searching for your content, or raise an issue on GitHub.

Contents

Docs

Getting started
Diving deeper
Resources
Hardware validation

Android Enterprise zero-touch DPC extras collection

DPC extras can be used to associate Android Enterprise fully managed devices with a particular EMM/UEM platform during provisioning.

The following examples offer a complete DPC extra snippet that can be copied and pasted into the zero-touch configuration. The items in bold will need to be edited to suit your environment, though, otherwise the zero-touch enrolment process will fail.

Editing ADMIN EXTRAS BUNDLE

#

To be of value, the ADMIN_EXTRAS_BUNDLE should ideally at least include the server URL or identifier (where appropriate), however lines for username, password, and more can optionally be omitted to allow the config to remain generic.

JSON doesn’t leave room for error – the last line within ADMIN_EXTRAS_BUNDLE must not have a trailing comma “,”. See “user” in the MobileIron config has a comma, but “quickstart” does not? If you remove “quickstart”, you’d need to remove the comma from “user” as it then becomes the last line, otherwise it could throw up an error.

Trust but verify

#

Most of these DPC extra collections have been submitted either by EMM vendors or customers of the EMM referenced. The vendor may make changes to the extras they provide without my knowledge so it is recommended should the below extras fail to properly work, that you validate with your EMM before contacting me (but do feel free to reach out with updates!)

Usernames & passwords

#

Unless the username and password are stipulated for the purpose of staging, they should not be included at all due to the potential security risks associated. If an IMEI not belonging to an organisation is mistakenly added (typo, miscommunication, human error), the device will be able to enrol automatically and potentially gain access to corporate resources.

Google announces zero-touch EMM integration

#

For those who consider copying and pasting JSON code a bit of a pain, you’re in luck; Google announced the zero-touch iFrame, allowing EMMs to integrate with a customer zero-touch account, allowing – amongst other features – the ability to manage DPC extras automatically.

Reach out to your vendor to ask when this functionality will be available.

MobileIron

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"server":"your.server.com",
"user":"user",
"quickStart":true/false
}
}

AirWatch / Workspace One UEM

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"serverurl":"your.server.com",
"gid":"yourGroupID",
"un":"staginguser",
"pw":"example"
}
}

SOTI

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"enrollmentId":"EnrollmentID"
}
}

MaaS360

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"enrollment_corp_id”:”CorporateID”,
”enrollment_account_type":"userAccount",
"enrollment_domain":"domain",
"enrollment_username”:”staginguser”,
"enrollment_email":"emailaddress@email.com",
"enrollment_password”:”example”,
"enrollment_ownership":"Corporate Owned"
}
}

Codeproof EMM

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"displayname":"devicename",
"userid":"staginguser".
"password":"example"
}
}

Intune

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YourEnrollmentToken" 
}
}

Miradore

#
{ 
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"RegistrationKey": "REGISTRATIONKEY",
"EnrollmentKey": "ENROLLMENTKEY",
"SiteIdentifier": "SITEIDENTIFIER"
}
}

BlackBerry UEM

#
{ 
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"URL":"SERVERURL",
"CACFPrint":"CHECKWITHBB", 
"stc":"CHECKWITHBB", 
"Username":"USERNAME"
}
}

FAMOC

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { 
"fqdn":"your.server.com", 
"bootstrap_key":"yourIndividualKey" 
}
}

mySync

#
{ 
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { 
"serviceUrl": "https://server.host.name.here/rest/api",
"installationCode": "ten-character-code" 
}
}

XenMobile

#
{ 
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { 
"serverURL":"URL", 
"xm_username":"username", 
"xm_password":"password" 
}
}

VXL Fusion UEM

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { 
"fusionuem_server_url":"server url", 
"fusionuem_token_id":"token id"
}
}

Samsung Knox Manage

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"ServerUrl": "Your Server Url",
"TenantId": "Your Knox Manage Tenant ID",
"TenantType": "M",
"Method": "ZeroTouch"
}
}

Chimpa MDM

#
{ 
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false, 
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ "chimpa_activationCode":"YOURTENANTCODE",
"provisionType":0/1, 
"additionalProvisioningText":"your additional text to show",
"whiteLabelLogo":"https://yoururl/resource.png",
} 
}

provisionType values:
0 Fully Managed
1 Enhanced Work Profile (Android 11+)

42Gears SureMDM

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE”:{
"AccountId":"1000001",
"ServerPath":"suremdm.42gears.com"
}
}

Meraki Systems Manager

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ 
"enrollment_url":"https://m.meraki.com/enroll/?android_from_store=true&enrollment_code=Your_Meraki_Enrollment_Identifier"
}
}

TinyMDM

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"enrollmentId": “XXXXXXXX"
}
}

Matrix42

#
{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"server_url":"your server URL", 
"user_name":"your user name",
"otp":"4444"
}
}

Other interesting zero-touch config options

#

The following additional options go before the ADMIN_EXTRAS_BUNDLE line and may require EMM support to function:

"android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS":true/false, 
"android.app.extra.PROVISIONING_LOCALE":"en_GB", 
"android.app.extra.PROVISIONING_USE_MOBILE_DATA":true/false,

Here’s a few more.

Submit zero-touch DPC extras

#

If you’d like to see your DPC extras added to this list, please fill out this form or comment below.