Ora

What is Android Zero-Touch Provisioning?

Published in Device Provisioning 4 mins read

Android zero-touch provisioning is a highly efficient and secure method that simplifies the deployment of corporate-owned Android devices, enabling them to be automatically enrolled into an enterprise's mobile device management (EMM) system directly out of the box. It is a provisioning solution designed to empower IT administrators to enroll devices into an enterprise's mobile device management (EMM) system without requiring any direct IT interaction, thereby adding a robust layer of security and efficiency to device deployment.

Understanding Android Zero-Touch Provisioning

In today's fast-paced corporate environment, managing and deploying numerous devices can be a significant challenge for IT departments. Android zero-touch provisioning addresses this by automating the setup process for new corporate-owned devices. Once a device is powered on and connects to the internet, it automatically downloads the pre-configured EMM policies, applications, and settings, making it ready for employee use instantly. This dramatically reduces the manual effort required from IT staff and ensures consistency across all deployed devices.

Key Features and Benefits

Android zero-touch provisioning offers several compelling advantages for businesses looking to streamline their device management strategies.

  • Effortless Deployment: Devices are ready for use right out of the box, requiring minimal input from the end-user or IT. This is especially beneficial for large-scale deployments or remote workforce scenarios.
  • Enhanced Security: By automatically enrolling devices into EMM, organizations can enforce security policies, encryption, and access controls from the very first boot, minimizing security risks associated with unmanaged devices.
  • Reduced IT Workload: Eliminates the need for IT staff to manually set up each device, freeing up valuable resources for more strategic tasks.
  • Consistent Configuration: Ensures all corporate devices adhere to the same security policies and application installations, promoting uniformity and compliance.
  • Improved User Experience: Employees receive a device that is immediately configured for work, allowing them to be productive without delay.
  • Tamper-Proof Provisioning: Even if a device is factory reset, it will automatically re-enroll into the organization's EMM solution upon setup, ensuring continuous management and security.

How Android Zero-Touch Works

The process of Android zero-touch provisioning involves a collaboration between Google, device manufacturers, resellers, and the enterprise itself.

  1. Purchase Devices: An organization purchases zero-touch enabled Android devices from an authorized reseller.
  2. Reseller Uploads: The reseller uploads device identifiers to the organization's zero-touch portal.
  3. IT Administrator Configuration: The IT administrator logs into the zero-touch enrollment portal to assign an EMM configuration to these devices. This configuration specifies which EMM solution to use, the enrollment token, and any initial policies.
  4. Automatic Provisioning: When an employee turns on a new zero-touch enabled device for the first time and connects it to the internet, the device checks in with Google's servers.
  5. EMM Enrollment: Google's servers direct the device to the pre-configured EMM system, initiating automatic enrollment and policy application without any manual intervention from the end-user.

Devices and Requirements

Not all Android devices support zero-touch provisioning. Devices must be:

  • Zero-touch enabled: Purchased from an authorized reseller that supports the program.
  • Running Android Pie (9.0) or later: While some earlier versions might be supported by specific manufacturers, Pie and newer are generally compatible.
  • Factory reset: Devices must be in a factory default state to initiate the zero-touch process.

Setting Up Zero-Touch Provisioning

To implement Android zero-touch provisioning, organizations typically follow these steps:

  1. Google Account: Create a Google Account for your organization to access the zero-touch portal.
  2. Choose EMM: Select an Android Enterprise-recommended EMM solution that supports zero-touch enrollment. Examples include VMware Workspace ONE, Microsoft Intune, SOTI MobiControl, and others.
  3. Purchase Devices: Acquire devices from a zero-touch authorized reseller.
  4. Reseller Upload: Work with your reseller to ensure the device IDs are uploaded to your organization's zero-touch account.
  5. Configure in Portal: Log into the zero-touch enrollment portal to create and apply configurations to your devices, linking them to your EMM.
  6. Distribute Devices: Ship the devices directly to employees, who can then power them on and begin using them immediately after network connectivity is established.

Zero-touch provisioning fundamentally transforms how businesses deploy and manage their Android fleet, moving towards a more automated, secure, and user-friendly approach to enterprise mobility.

← Previous Article
What is ICA role?
Next Article →
How does IETF work?