Zero-touch

This document outlines the requirements and configuration process for Zero-touch enrollment within the MaaS360 platform.

Android Enterprise Zero-Touch Enrollment (ZTE) streamlines the deployment and provisioning of work-managed Android devices in bulk. It allows devices to automatically enroll in MaaS360 and apply pre-defined settings upon initial boot or factory reset.

Benefits of ZTE:
  • Eliminates manual device enrollment and saves time and resources for IT personnel.
  • Corporate settings are pre-applied, allowing users to boot the device and get started.
  • Devices automatically enrolls in MaaS360 and receives pre-defined security policies, configurations, and enterprise apps.
  • Enforces MDM management on the devices. After enrollment, devices are forced to go through the enrollment process again after reset.
Requirements
  • Active Directory or MaaS360 user credentials authentication mode is required.
  • Devices must run Android Oreo (8.0) or later, or Pixel phones with Nougat (7.0). See the compatibility list at https://androidenterprisepartners.withgoogle.com/devices/#!%23Zero-touch.
  • Devices must be purchased from a reseller partner who transmits IMEI or serial numbers to the Android Zero-Touch portal and sets up an enrollment account for your organization.

Creating an enrollment configuration in MaaS360 portal

Follow these steps to create a Zero-Touch configuration:
  1. From the MaaS360 Portal Home page, navigate to Devices > Enrollments.
  2. Click Other Enrollment Options and select Android > Android Device Enrollment. The Android Device Enrollment wizard is displayed.
  3. Select Zero-touch as the enrollment mode.
  4. Click Next to download a JSON file containing pre-enrollment settings.
  5. Click Connect to Zero Touch to link your zero-touch account to the MaaS360 Portal using the zero-touch iframe. The Zero-touch iframe allows you to apply configuration to zero-touch enabled devices from within the MaaS360 Portal. Any devices that are purchased from a reseller in the future will also use this configuration. For more information on zero-touch iframe, see https://developers.google.com/android/management/zero-touch-iframe
    Note: You can continue to use the zero-touch portal to upload and modify zero-touch configurations.

Setting up Zero-touch enrollment portal

The enrollment configuration created in the MaaS360 Portal is pushed down to the devices from the Zero-touch enrollment portal.

Follow these steps to set up your zero-touch enrollment portal:
  1. Sign into the zero-touch portal.
  2. Click Configurations in the navigation panel.
  3. Click the Add (+) icon in the Configurations table. The New configuration panel is displayed.
  4. Complete the following fields:
    Option Description
    Configuration Name Specify the name of the configuration. Provide a name that defines the purpose of the configuration such as QA Team or Interns.
    EMM DPC Select MaaS360 MDM for Android from the available options.
    DPC extras Copy the JSON-formatted text created in the MaaS360 Portal.
    Company Name Specify the name of your organization. Zero-touch enrollment shows this name to the users during device provisioning.
    Note: For more information, see the Android Enterprise Help site at https://support.google.com/work/android/answer/7514005.
  5. Click Apply. The configuration is created.

Assigning zero-touch configuration to devices

When a configuration is applied to a device, the device automatically provisions on the first boot of the device or after a factory reset. The device enters Device Owner mode as part of the activation.

Follow these steps to assign a zero-touch configuration to a device:
  1. In the zero-touch enrollment portal, click Devices.
  2. Select the configuration under the Configuration column.
    assign config

    The configuration is successfully applied to the devices.