Zero Touch Enrollment(ZTE)
Android Zero Touch Enrollment or Android Zero Touch Provisioning(ZTP), is an enrollment method provided by Google for streamlined and easy deployment of organization-owned devices in bulk. It is an easy and secure out-of-the-box enrollment method whereby the devices gets enrolled with MDM MSP, when activated by downloading the ME MDM app which initiates the enrollment.
Advantages of Zero Touch Enrollment
- One-time setup
- Aids large scale enterprise device roll out
- Mandatory MDM management
- Allows resellers to add devices to portal, easing enrollment process
- Provisioned as Device Owner
Pre-requisites
- Zero Touch Enrollment is supported for all devices listed here and purchased from specified reseller partners.
- A Google account associated with your corporate e-mail. If you don't have one, click here
Steps for configuring Zero Touch Enrollment
- Associating Google account (Not required if you already have a Google account, associated with your corporate e-mail)
- Setup Zero Touch portal
- Add MDM configuration
- Associate MDM configuration to devices
- Assign Users
Associating Google account
You require a Google account(assoicated with your corporate e-mail), to setup the Android Zero Touch Portal. To do that, follow steps below:
- Go to this link and provide the requisite details.
- Ensure you provide your corporate e-mail address for Your e-mail address. Do not click on I would like a new Gmail address.
- Follow the on-screen instructions to complete the account creation.
Setup Zero Touch portal
You then need to setup the Zero Touch portal with the help of your reseller, which will facilitate the ZTP. To do that, follow steps below:
- Login here, with the Google account associated with your corporate e-mail, if need be.
- After logging in, there are multiple sections shown. You can know more about them from the table below:
PARAMETER | DESCRIPTION |
---|---|
Configurations | You add, modify and delete the MDM configurations here. You can also choose to assign MDM configurations by default, to the devices being added to the account. |
Devices | You can view the list of devices added to the account, here. You can select devices and assign the created configurations to these devices. Additionally, you can also choose to delete the added devices here. |
Manage People | You can add, modify and delete the users, who can manage and access the portal, here. |
Resellers | You can choose to add additional reseller details here |
Add MDM configuration
The device will use this MDM configuration, to initiate zero-touch enrollment. To setup MDM configurations, follow the steps below:
- Login here, with the Google account associated with your corporate e-mail, if need be.
- Click on Configurations present in the navigation panel and click on the Add button, to add a new configuration.
- To create a new configuration, you need to specify the data for the requisite parameters. To know more about the parameters, refer the table below:
PARAMETER | DESCRIPTION |
---|---|
Name | Provide the name used to refer the created MDM configuration. |
EMM DPC | Select ME MDM app, from the given list of EMM apps. |
DPC Extras | Copy the JSON data present under the field JSON Data, available by navigating to Enrollment -> Zero Touch Enrollment(under Android), on the MDM server and paste it here. |
Company Name | Provide the name of your organization. This will be displayed on the device screen, during the enrollment. |
Contact E-mail | Provide your e-mail address or the e-mail address of the IT admin, in your organization. This will be displayed on the device screen, during the enrollment and can be utilized by the devices users to contact the IT admin, in case of any issues with the enrollment. |
Contact Phone | Provide the contact number of the internal IT team, in your organization. This will be displayed on the device screen, during the enrollment and can be utilized by the devices users to contact the internal IT team, in case of any issues with the enrollment. |
Custom Message | Provide an optional message specifying details regarding the enrollment, to the users. This will also be displayed on the device screen |
Associate MDM configuration to devices
The last step in the portal is to associate the created MDM configuration to the devices. To do that, follow the steps given below:
- Login here, with the Google account associated with your corporate e-mail, if need be.
- Click on Devices from the left pane and select the device, to which you want apply the MDM configuration to. Once done, go to Configuration present against the device and select the created MDM configuration, from the dropdown.
- To associate the MDM configuration to multiple devices,
Click on the ellipsis(three dots) icon present on the right and select Upload batch config updates.Create a CSV based on specifications given here and add it by clicking on Upload. All the devices listed in the CSV, are assigned the specified MDM configuration. - To automate the process of assigning MDM configuration,
Click on Configurations on the left pane and under Default Configuration, select the configuration, which is to be automatically applied to the added devices. Now, click on Apply, to finish selecting the default configuration.
Device configuration CSV file format
The CSV file to be uploaded on the portal, should be as specified in the table below:
COLUMN HEADER | DESCRIPTION | EXAMPLE |
---|---|---|
modemtype | The parameter to be used for identification. The parameter is always IMEI and it should always be in uppercase. | IMEI |
modemid | The value corresponding to the specified modemtype parameter, which is always the IMEI number. | 150520043826120 |
manufacturer | The name of the device maker/manufacturer(Original Equipment Manufacturer: OEM). | |
profiletype | The objective of assigning the profile to the device, which in this case is always zero touch enrollment. The parameter is always ZERO_TOUCH and it should always be in uppercase | ZERO_TOUCH |
profileid | The ID corresponding to the MDM configuration, to be assigned to the devices. To view the configuration ID, select Configurations from the left pane in the zero touch portal. The number sequence present under ID is the configuration ID for the particular configuration. | 036180 |
Assign Users
The devices get enrolled through Zero Touch enrollment, either during device activation (in case of new devices) or factory reset (in case of devices in use). Now the device must be assigned to a user. You can choose to manually assign users to devices or automate it by allowing users to complete the assignment by entering their directory service credentials. You can additionally add the devices to multiple groups to automate the distribution of profiles, apps and documents to devices. To do that, follow the steps given below:
- On the MDM server, click on Enrollment from the top menu and select Zero Touch Enrollment, from the left pane.
- Here all the devices enrolled via zero touch enrollment but yet to be assigned users are listed.
- You can assign users on a device-to-device basis, by clicking on the Assign User option present under Action. You can also assign users in bulk, by click on the Assign Users button, present above the table and uploading a CSV file, based on the specifications given here.
Automate User Assignment
The user assignment can be automated by enabling the users to enter their directory service credentials upon device activation
- Select User for the option Device to be activated by.
- If you haven't configured a directory service, you'll be prompted to configure one. Mobile Device Manager Plus MSP supports multiple directory services:
- Active Directory
- Entra ID(formerly Azure AD)
- You can optionally also select a Group to which the devices will be added upon enrollment. This will help automate the distribution of apps, documents and profiles to devices.
Sample CSV Format
SERIAL_NUMBER,USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,GROUP_NAME
C07Q853LG9RM,ANDREW,,andrew@zylker.com,zylker_drivers
,BEN,ZOHOCORP,ben@mobiledevicemanagerplus.com,Android,Corporate,Android_Group,
NOTE:
- The fields Serial Number, User Name, Email Address and Group Name are mandatory. All the other fields are optional. Ensure the specified group name is already created in the MDM server. If values are not provided, default values will be taken.
- The default values for various non-mandatory fields are:
Domain Name -- MDM
Owned By -- Corporate - If multiple groups are specified, the group names must be separated with a slash (/)
- The first line of the CSV is the column header and the columns can be in any order.
- Blank column values should be comma separated.
- If the column value contains comma, it should be specified within quotes.
Removing devices from Zero Touch portal
You can remove devices from Zero Touch portal, ensuring these devices cannot be enrolled via Zero Touch Enrollment. You can remove the device by unregistering the device from the portal. It is to be noted that once unreigstered, the device can be added back only by the reseller. To temporarily remove the device from ZTP, it is recommended to remove the configuration associated with the device. To unregister a devices, follow the steps given below:
- Login here, with the Google account associated with your corporate e-mail, if need be.
- Click on the Devices button from the left pane. Select the device you want to unregister.
- Click on the Unregister button present against the device, you want ti unregister.
- Click on Confirm to unregister the selected device.
Click here to know about the ports to be opened for managing mobile devices.