Device Owner with Zero Touch Enrollment Checklist

Content

Device owner with Zero Touch enrollment

• Review documentation Android Enterprise Deployment Guide
• Ensure your devices meet the Android Enterprise and Zero Touch Enrollment prerequisites
• Ensure your reseller/partner has set up the Android Zero touch portal
  • Devices are purchased from the Zero touch reseller/partner and the reseller/partner transmits the IMEI or serial numbers to the Android Zero Touch portal
  • Reseller/partner provides you the account information to log into the Zero touch portal
• Set up MaaS360 with Android Enterprise Solution Set in Setup > Services using one of the following.
  • Managed Google Play (uses a free Google Account) OR
  • Managed Google domain (uses a Google Admin account, usually for GSuite clients)
• Make sure you have decided on the type of user authentication you want to use for devices
  • Configure Settings > Device Enrollment Settings > Select Default User Authentication Mode
  • Choose the enrollment authentication type you plan to use
    • Corporate credentials – you must configure Cloud Extender or Azure integration for user authentication
    • Local users – you must add local users to the MaaS360 user directory with a local password
      • Hint: You can generate a password and send it to users, or manually add the password when creating the local user.

      Note: Zero touch enrollments do not support unique passcode

• Configure Deployment Settings in the MaaS360 portal
  • Select Android in Setup > Settings> Enrollment Settings > Enrollment Programs
  • Configure Android Zero Touch Enrollment configuration(s). The admin will copy JSON output to the configuration in the Zero touch portal.
    • You can also provide a default username and password for enrollment authentication so the user does not have to enter it
    • Note: You can create multiple configuration files to provide different provisioning options for Android devices
  • Download the JSON file(s)
• Add the Zero touch configuration text from the JSON file(s) as  Configurations to the Zero touch portal, make sure you set the Device Policy Controller as  MaaS360 MDM for Android the EMM DPC
• Assign the Configuration(s) to the Android devices in the Zero touch portal
• Prepare the MaaS360 Android policy with Android Enterprise settings
• Set the Android policy as the default or assign it to a group
• Create device group(s) or user group(s) to distribute AE approved apps or distribute to all Android devices.
• Approve Apps and configure App settings to be pushed to Android Enterprise (AE) devices
  • Configure policy settings for each app
  • Configure App Config settings for each app as needed
• Distribute approved Apps to a group or all devices
• Start the enrollment process:  Android devices must be new/out of the box, or must be factory reset to start the Zero touch enrollment process
• User powers up the device/factory resets the device. The device enrolls without any user intervention except in the following circumstances.
  • To enter the user’s Google account and password if Android Enterprise integration with a Managed Google Domain was configured
  • To enter the username and password for enrollment authentication if this was not provided in the Zero touch configuration json
• The setup is completed, the Android policy and Maas360 App catalog with apps are pushed to the device.
  • If you selected Instant Install, apps are installed automatically