What is Android zero-touch enrolment?

What is Android enterprise? 

For information regarding Android enterprise, including what it is, the deployment scenarios stated below and how it can benefit organisations, have a read of What is Android enterprise and why is it used?

What it is

Zero-touch enrolment enables out-of-the-box EMM enrolment without the manual processes traditionally associated with Android provisioning for all supported devices running Android 8.0 or above. If you’re familiar with Samsung’s KNOX Mobile Enrolment or Apple’s Device Enrolment Programme (wherein iOS devices come configured out of the box to enrol onto a corporate EMM solution), Android’s zero-touch will not be a new concept.

Zero-touch as a solution has been somewhat available since the original Pixel came onto the scene, with documentation referencing it against Android 7.1 which launched back at the end of 2016. With only the original Pixel supporting it however, it failed to make any significant impact on the industry (and I can personally attest to how difficult getting any official information on it has been before this launch).

How it works

With zero-touch, enterprises purchase their Android 8.0+ devices from an authorised reseller. After which, the reseller creates a zero-touch console account for the enterprise and imports the devices. From there, the enterprise can then log into the console and associate these devices to one of any of the EMMs that currently support a work-managed deployment scenario (Device Owner mode) via a configuration. These configurations also support DPC extras, which allow enterprises to pre-configure items like server URL and username.

The DPC (EMM Agent) will be pulled down automatically along with any defined configurations when the device first boots or is factory reset, as demonstrated in the GIF.

When can I get it?

As of writing, the number of devices that are about to support zero-touch (aside from the Pixel which already does) can be counted on one hand, however Google have partnered with almost all popular OEMs to have the functionality implemented – Samsung, Huawei, Sony, HTC, HMD Global (Nokia), LG and more either already do or will support zero-touch in the very near future. For those wondering, Samsung will continue to offer KNOX Mobile Enrolment, zero-touch is just another option for those who prefer not to use KME.

On the EMM side, there’s not a considerable amount of work to be done — for EMMs that do already support Work-Managed deployments it’s basically ready to go. For EMMs that don’t yet support it, more information on allowing support can be found here.

Resellers are being actively engaged, with already at least one in the UK and several others across the World coming soon. The resellers – aside from selling the devices – will also be responsible for setting customers up with a zero-touch portal account where, as mentioned above, the DPC and configurations are set. Once access is provided however, organisations can manage which resellers are associated with the portal themselves should it ever need to be changed.

Video

The below demonstrates zero-touch configured on a new, out-of-the-box Sony Xperia XZ1 enrolling into MobileIron Core:

The above video process is documented in my zero-touch provisioning guide. All guides can be found here: Android enterprise provisioning guides.



Jason Bayton

I’m an accredited mobile technology & EMM (MDM) specialist with an interest in Linux, Virtualisation, Hosting, Disaster Recovery, Internet of Things, Web Development and Open Source. I play the Sousaphone, too!

Read more on my About page

Comments

Comments are now linked to Discourse. Disqus has been removed due to introducing mandatory advertisements. If you'd like to comment, please hit the blue comment button to be taken to the relevant Bayton Discuss topic where you can log in using Twitter, Facebook, Google or Github.

Disqus comments will re-appear (read-only) here soon.