For information regarding Android Enterprise, including what it is, the deployment scenarios stated below and how it can benefit organisations, have a read of What is Android Enterprise and why is it used?
Zero-touch enrolment enables out-of-box EMM enrolment, without the manual processes traditionally associated with Android provisioning, for all supported devices running Android 8.0 or above. If you’re familiar with Samsung’s KNOX Mobile Enrolment or Apple’s Device Enrolment Programme, Android’s zero-touch enrolment will not be a new concept.
Zero-touch as a solution has been available since the original Pixel, with documentation referencing it as far back as Android 7.1 launched at the end of 2016. With only the original Pixel supporting it however, it failed to make any significant impact on the industry (and I can personally attest to how difficult getting any official information on it has been before this launch).
With zero-touch, organisations purchase their Android 8.0+ devices from an authorised reseller. After which, the reseller creates a zero-touch console customer accounts for the organisation and imports the devices. From there, the organisation can then log into the console and associate these devices to one of any of the EMMs that currently support a fully managed deployment scenario (Device Owner mode) via a configuration. These configurations also support DPC extras, which allow organisations to pre-configure items like server URL and username.
The DPC (EMM Agent) will be pulled down automatically along with any defined configurations when the device first boots or is factory reset, as demonstrated in the GIF.
Zero-touch is available today! Google have partnered with almost all popular OEMs to have the functionality implemented – Huawei, Sony, HTC, HMD Global (Nokia), and more already support zero-touch today. It is also a mandatory feature for Android Enterprise Recommended devices, so its support has and will continue to rapidly increase. Once a zero-touch supported device is identified, organisations need only select a zero-touch enrolment reseller to purchase the devices from.
On the EMM side, there’s not a considerable amount of work to be done – for EMMs that do already support fully managed deployments it’s basically ready to go. For EMMs that don’t yet support it, more information on allowing support can be found here.
Resellers are being actively engaged, with already a number in the UK and many others across the world already available. The resellers – aside from selling the devices – will also be responsible for setting customers up with a zero-touch portal account where, as mentioned above, the DPC and configurations are set. Once access is provided however, organisations can manage which resellers are associated with the portal themselves should it ever need to be changed.
The below demonstrates zero-touch configured on a new, out-of-the-box Sony Xperia XZ1 enrolling into MobileIron Core: