Telenor MDM v x Zero Touch Enrollment

Similar documents
Telenor MDM. Samsung KME Note ( )

Telenor MDM. Samsung KME Note ( )

Knox Mobile Enrollment

Telenor MDM. Note Apple VPP ( )

Telenor MDM. Quick Start Guide

MDM Android Client x - User Guide 7P Mobile Device Management. Doc.Rel: 1.0/

Samsung Knox Mobile Enrollment. VMware Workspace ONE UEM 1902

EAM Portal User's Guide

PrinterOn Embedded Agent for Samsung Printers and MFPs. Setup Guide for PrinterOn Hosted

7P MDM Server x - ios Client Guide 7P Mobile Device Management. Doc.Rel: 1.0/

7P MDM Server x - ios Client Guide 7P Mobile Device Management. Doc.Rel: 1.0/

PrinterOn Mobile App MDM/MAM. Basic Integration Guide

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Rapid Recovery License Portal Version User Guide

VMware Workspace ONE UEM Integration with Apple School Manager

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Copyright Samsung Electronics Co., Ltd. All rights reserved.

IT Admin User Guide. Knox Developers App (KDA) User Guide v1.0

7PMDM Server x - Microsoft Windows Phone 8 7P Mobile Device Management. Doc.Rel: 1.0 / Doc.No.: Windows_ Phone 8 _EN

KACE GO Mobile App 5.0. Release Notes

KACE GO Mobile App 3.1. Release Notes

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

KACE GO Mobile App 4.0. Release Notes

October J. Polycom Cloud Services Portal

Copyright Samsung Electronics Co., Ltd. All rights reserved.

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

RealPresence Media Manager

Accessing the SIM PCMH Dashboard

One Identity Starling Two-Factor Authentication. Administration Guide

ios Supervised Devices

Sony Xperia Configurator Cloud User Instructions

7PMDM Server x - CSV Import 7P Mobile Device Management. Rel: 1.0 /

MDM Android Client User Guide 7P Mobile Device Management. Doc.Rel: 1.0/

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

MDM Android Client x - User Guide 7P Mobile Device Management. Doc.Rel: 1.0/

7P MDM Server Admin Quick Start 7P Mobile Device Management

Verizon MDM UEM Unified Endpoint Management

Skynax. Mobility Management System. Installation Guide

User Guide for Client Remote Access. Version 1.2

Secomea LinkManager Mobile and Pro-face Remote HMI Setup Guide

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

Skynax. Remote Assist Console. User Guide

Vodafone Secure Device Manager Administration User Guide

Sophos Mobile user help. Product version: 7.1

Secomea LinkManager Mobile and WAGO WebVisu-App Setup Guide

Pulse Workspace Appliance. Administration Guide

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

Installer Guide. About SecureConnect. Contents. About this guide. Eaton SecureConnect. About the web portal

Mobile Admin GETTING STARTED GUIDE. Version 8.2. Last Updated: Thursday, May 25, 2017

7PMDM Server x - CSV Import 7P Mobile Device Management. Rel:1.0 / 03 Jan. 18

Gift, Loyalty, and Tracking Program Web Portal Operating Manual

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Student ipad User and Setup Guide

Deploying Lookout with IBM MaaS360

Package Contents... 1 Applied Models... 2 Specifications... 3 Reset Button... 4 Download & Install App... 5 Setup One Touch Setup

Deploying ipad to Patients Setup Guide

One Identity Starling Two-Factor Authentication. Administrator Guide

Administrator Guide. Find out how to set up and use MyKerio to centralize and unify your Kerio software administration.

GETTING STARTED GUIDE. Mobile Admin. Version 8.2

Mobility Manager 9.5. Users Guide

Basware - Verian Mobile App Guide Basware P2P 18.2

Sophos Mobile. user help. product version: 8.6

SafeNet MobilePASS+ for Android. User Guide

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Nextiva Drive The Setup Process Mobility & Storage Option

Polycom RealPresence Platform Director

Cloud Platform. Version User's Guide

Insight Pro Mobile App and Cloud Portal User Manual

VMware AirWatch Tizen Guide

GateManager 5 Customer and License Administration

AvePoint Online Services for Partners 2

LEGAL INFORMATION. Copyright 2014 ZTE CORPORATION. All rights reserved.

KACE GO Mobile App 5.0. Getting Started Guide

Clover Installation Guides. For Clover Go Clover Mobile Clover Mini

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Welcome to United Bank - Mobile Banking!

VMware AirWatch Google Sync Integration Guide Securing Your Infrastructure

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Duo Security Enrollment Guide

RELEASE NOTES. Phase 1 May A. Polycom Concierge

1.0 January A. Polycom Trio with BlueJeans

COMMUNITAKE ENTERPRISE MOBILITY: USE GUIDELINES

3CX Mobile Device Manager

Sophos Mobile Control startup guide. Product version: 7

ATRIO Project Service for M&A Corporate USER GUIDE

Premier SMS Quick User Guide PREMIER SMS QUICK USER GUIDE. 24/7 Support

Sophos Mobile Control Administrator guide. Product version: 5.1

AirWatch Container. VMware Workspace ONE UEM

Supporting ios Devices

SonicWall Mobile Connect ios 5.0.0

Multi-Factor Authentication

3MP WI-FI SECURITY CAMERA QUICK START GUIDE ENGLISH

Concur Invoice QuickStart Guide. Concur Technologies Version 1.6

UC Assessor A cloud-based UC network assessment solution. Getting Started Guide

Knox Reseller API Developers Guide v1.4.1

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

ipad in Business Mobile Device Management

MetaMoJi ClassRoom Administrator s Guide

Learning Secomea Remote Access (Using SiteManager Embedded for Windows)

Verizon Mobile Device Enrollment Instructions & Candidate Information Form Samsung KNOX Mobile Enrollment (KME)

Transcription:

Telenor MDM v.5.38.0x Zero Touch Enrollment Telenor Mobile Device Management Document information Date: 22.11.2018 Version: 5.38.0x EN Version-history Version Date Comments Edited by 1.0 22.11.2018 Format update Tony Dargis

Acknowledgements Disclaimer: The information in this document is provided as is, with no warranties whatsoever, including any warranty of merchantability, fitness for any particular purpose, or any warranty otherwise arising out of any proposal, specification, or sample. This document is provided for informational purposes only. The screen-shots and instructions contained within this document may differ depending on which version of the MDM server you are using. iphone, ipad, itunes, Apple School Manager, Apple Store R, ibooks Store R, icloud R are Trademarks of Apple Inc. Android, Google and Google Play are trademarks of Google Inc. Samsung and Samsung KNOX are trademarks or registered trademarks. Windows, Windows Phone, Windows server are all trademarks of Microsoft Inc. of Samsung Electronics Co., Ltd. in the United States and other countries. Specifications and designs are subject to change without notice. All other trademarks are the property of their respective owners. References in this document to any specific service provider, manufacturer, company, product, service, setting, or software do not constitute an endorsement or recommendation by SEVEN PRINCIPLES. SEVEN PRINCIPLES cannot be held liable for any damages, including without limitation any direct, indirect, incidental, special, or consequential damages, expenses, costs, profits, lost savings or earnings, lost or corrupted data, or other liability arising out of or related in any way to information, guidance, or suggestions provided in this document. Proprietary Notice: All rights reserved. No part of the document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the written permission of SEVEN PRINCIPLES, Erna-Scheffler-Straße 1a, 51103 Köln. The information in this document is subject to change without notice. COPYRIGHT SEVEN PRINCIPLES 2018 i

Contents Acknowledgements List of Figures List of Tables i iii iii 1 What is Google s Zero-Touch? 1 1.1 Not an Android 8 (or above) device?............................. 1 1.2 Google s Zero Touch infrastructure.............................. 2 1.3 Customer purchase devices from Zero Touch registered reseller............. 2 1.4 Customer s ZT web portal account is created by the ZT reseller.............. 3 1.5 Accessing the customer s ZT web portal........................... 3 1.6 The ZT web portal....................................... 4 1.7 Configurations (General).................................... 4 1.8 Adding a configuration..................................... 5 1.9 Name.............................................. 5 1.10 EMM DPC............................................ 5 1.11 DPC Extras........................................... 6 1.11.1 Leave all system apps enabled............................... 6 1.12 Company name......................................... 6 1.13 Contact Email address..................................... 6 1.14 Contact Phone number..................................... 7 1.15 A Custom message....................................... 7 1.16 Data Policy Controller..................................... 7 1.17 Devices............................................. 7 1.18 Unregister (Remove) devices................................. 7 1.19 Manage People......................................... 8 1.20 Resellers............................................ 8 2 Creating a ZT rollout 9 2.1 Platform............................................. 10 2.2 Enrolment Program....................................... 10 2.3 Ownership............................................ 10 2.4 MDM ID............................................. 10 2.5 Enrolment type......................................... 10 3 User s Zero Touch enrolment experience 11 3.1 Android Enterprise Status................................... 13 4 Enrolling Device Owner mode via QR code 14 4.1 Platform............................................. 14 4.2 Enrolment Program....................................... 14 4.3 Ownership............................................ 15 4.4 MDM ID............................................. 15 4.5 Enrolment type......................................... 15 5 Users Work Managed (Device owner) QR code enrolment experience 16 5.1 Android Enterprise Status................................... 19 List of Figures 1 Google s Zero Touch schema.................................. 1 2 Google Android 8 device example............................... 2 3 Accessing Google s partner dashboard............................ 3 4 Unregistered user - partner dashboard example........................ 3 5 Zero touch web portal view................................... 4 6 ZT configuration detail example................................. 5 ii

7 ZT Configuration DPC selection example........................... 5 8 ZT configuration MDM server metadata location....................... 6 9 Telenor DPC - Google Play Store details............................ 7 10 Google ZT authorised resellers................................. 8 11 Add New device data....................................... 9 12 User device experience - language selection......................... 11 13 User device experience - Add Wi-Fi AP............................ 11 14 Set up ZT device confirmation.................................. 12 15 User device experience - ZT - DO - Activated......................... 12 16 User device experience - Android Enterprise -account support details........... 13 17 MDM server - Add device - QR device details......................... 14 18 User device experience - Start QR activation......................... 16 19 User device experience - Initiate QR activation........................ 16 20 User device experience - No active SIM card detected.................... 17 21 Connect via Wi-Fi........................................ 17 22 User QR set-up device experience............................... 17 23 User device experience - Scan QR code............................ 18 24 User device experience - QR - DO - Activated......................... 18 25 Android Enterprise Status - Activated device......................... 19 List of Tables 1 MDM server - Add device - ZT device details......................... 9 2 MDM server - Add device -QR device details......................... 14 iii

1 What is Google s Zero-Touch? Google s zero-touch enrolment environment has been created to allow newly purchased (or hard reset) Android 8 devices (and above), that are registered with the customer s ZT web portal, to be easily provisioned in device owner mode for Enterprise Mobility Management (EMM) providing the system administrator with full control of the device. Figure 1: Google s Zero Touch schema Any device that participates in Google s zero-touch enrolment environment must have their Android 8 device (and above) IMEI, MEID or device serial number registered, by an approved zero-touch retailer, to the customer s zero-touch device management portal. The first time the device is out of the box, and turned on, the device checks with Google s ZT infrastructure, to see whether it has been assigned an enterprise configuration. If it has, and with SIM enabled and active devices, then the DPC (Device Policy Controller version 5.36.09) will be installed, from their associated EMM provider. Once the DPC has been successfully installed, the device automatically downloads any applications, access point configurations, email accounts and any additions, such as AV protection, restrictive policies and functions that have been determined by the EMM administrator. Android zero-touch enrolment offers a seamless deployment method for DO (Device Owner / work managed) Android devices. In essence, a user receives the device, opens the box, plugs in the charger and powers on the device selects the display language, agrees to Google s Terms & Conditions, agrees that the mobile device is managed by their organisation, then waits a few minutes as the device is successfully provisioned. Once provisioned, the user is able to start to work without the headache of downloading applications and configuring facilities and services. The device must be factory reset before being enrolled though Google s ZT environment. If a device is factory reset, then it will load whatever DPC has been assigned to its IMEI by its associated configuration entry of Google s ZT web portal. 1.1 Not an Android 8 (or above) device? What happens if your devices are not Android 8 devices? Or Android 8 devices that have not been purchased through a zero-touch registered reseller? The traditional methods of QR and NFC enrolment are still available to EMM enabled customers allowing devices to be registered as Device Owner (corporate-owned) devices, but with a little more help Page 1/19

from the active user. (See the following information on page 14 ) 1.2 Google s Zero Touch infrastructure Google s Zero Touch infrastructure relies on the following: 1. Customer purchase devices from Zero Touch registered reseller. 2. The resellers create a new zero-touch web portal account for the customer. 3. The Reseller then assigns the purchased devices to the customers existing or newly created zerotouch web portal. 4. The customer then creates their EMM configurations for their enterprise. 5. The customer then map their purchased devices to their EMM configurations. 6. The reseller (or customer) ship the devices to the end user locations. 7. End users receive the delivery, open the box, turn on their new device, and are ready to work. Note: Devices that are purchased from a non-zero-touch registered reseller CANNOT be added to Google s zero-touch infrastructure but there may be exceptions to this. 1.3 Customer purchase devices from Zero Touch registered reseller Figure 2: Google Android 8 device example All customers wishing to participate in Google s zero-touch environment for Android 8 devices (and above) MUST have access to a valid Google account. The ZT approved reseller cannot create a ZT web portal for customers without a valid Google account. Page 2/19

1.4 Customer s ZT web portal account is created by the ZT reseller Once a device or many devices are purchased, the ZT reseller will create a unique ZT web portal account, using the customer s details, and Google account details. The IMEI, MEID or device serial number of all purchased Android 8 (and above) devices are assigned to the customer s ZT web portal by the reseller. 1.5 Accessing the customer s ZT web portal The customer opens a Chrome or Firefox web browser and logs in using their Google account details. Then the customer proceeds to Google s partner dashboard and selects the Zero Touch icon in the My applications tab. Figure 3: Accessing Google s partner dashboard The Partner Dash is a service provided by Google that can host several applications. Some of these applications are private, and are invite-only, such as the Zero Touch administrator portal, which can be added to a customer, with an active Google account, that purchases Android 8 (or above) devices from a ZT registered reseller. Figure 4: Unregistered user - partner dashboard example The ZT application icon will not be present for customers who do not have a valid ZT web portal registration. Page 3/19

1.6 The ZT web portal To access the ZT web portal, open a Chrome or Firefox web browser, sign in with the Google account used when purchasing the ZT devices, and navigate to Google s Partner dashboard, then select the Zero Touch icon. The following image illustrates the initial state of the ZT admin portal for a customer who had purchased one device, and asked the ZT registered reseller to create a ZT web portal instance. Figure 5: Zero touch web portal view 1.7 Configurations (General) Device provisioning options are defined within a named configuration. Each named configuration contains: The EMM device policy controller (DPC) that you wish to install onto the device. With Google s increasing security model, the previously well-known Device Administrator security model DPC, has been replaced by an EMM provider specific DPC. This DPC would be previously known as the Telenor MDM Android Client. With the EMM provided DPC, the EMM administrator is capable of a multitude of application, restriction and security tasks that results in a provisioned Android device complying with the stated policies of the corporate owner. Page 4/19

1.8 Adding a configuration pen the ZT Web portal and select Configurations in the navigation panel. Click the Add symbol in the new configuration panel. Figure 6: ZT configuration detail example 1.9 Name Insert a friendly name that describes the EMM association. e.g. Telenor MDM MDM5ZT. 1.10 EMM DPC The EMM DPC is selected from the drop down selector of the EMM DPC column. You must use the EMM providers DPC, for example Telenor EMM DPC. Figure 7: ZT Configuration DPC selection example The DPC supplied by Telenor MDM has been uploaded to Google s Play Store. This Telenor MDM DPC has also been registered with Google s ZT infrastructure. When using a Telenor EMM server then select the Telenor MDM item from the EMM DPC drop down list. Page 5/19

1.11 DPC Extras The DPC extras is the only location that Telenor MDM can create DPC specific key value pairs that add functionality policy data that will be executed by Telenor s EMM DPC. On the Telenor MDM server, navigate to Settings>Android>Zero Touch then copy to clipboard Figure 8: ZT configuration MDM server metadata location It is important to note that each EMM provider instance will be different that is to say that each customer s EMM instance will be hosted on a different web address, by possibly different EMM providers, so unique information is required for each EMM provider, in defining where the ZT device will be enrolled, and the requirements of the Telenor EMM server must be known. This configuration string is the same for each tenant instance, whether it is copied from either the Global or tenant level. This is passed to the device in the form of a JSON formatted text and is copied directly from the Telenor EMM server when the DPC is being created. 1.11.1 Leave all system apps enabled An additional setting exists within the MDM server s Zero Touch Enrollment configuration, that allows the MDM administrator to determine whether system apps of the enrolling ZT device are enabled, and therefore installed from the devices firmware or not. If you prefer a limited number of apps to be visible in a ZT enrolled device, then chose not to let system apps to become enabled. 1.12 Company name Insert the company name associated with this ZT account. The company name will be displayed to the device users during device provisioning. If you choose to use a friendly name, please ensure that the friendly name of your company is well known to the ZT users. 1.13 Contact Email address The contact email address is typically an easy to remember email address that will allow the ZT user to gain assistance during the devices provisioning. Although the contact email address is displayed during provisioning, the displayed link is inactive, and cannot be used to automatically create an email to support for example. Page 6/19

1.14 Contact Phone number The contact phone number is usually the telephone number of the IT support group. Again, although displayed during provisioning, the user must use another device to contact support, if required. 1.15 A Custom message A custom message is optional and will only be displayed during ZT provisioning. A simple Hello message may suffice as would a policy enforcement message from the IT administrator. 1.16 Data Policy Controller Searching Google s Play Store for Telenor will reveal the following application details. Figure 9: Telenor DPC - Google Play Store details The Telenor MDM DPC is the responsibility of Telenor MDM and has already been approved and loaded to Google s Play Store. 1.17 Devices The devices tab displays all ZT registered devices, by either their IMEI, MEID or serial Number, which configuration (MDM server) is associated with the device, and a facility that will allow the device to be unregistered from the ZT web portal. You may also add a configuration to a device that does not have an associated configuration. 1.18 Unregister (Remove) devices If you unregister a device from ZT enrolment it will remain unregistered. This action is not easily irreversible, and you will have to confirm this action. The only way to return an unregistered device back to the ZT enrolment web portal is to contact the original registered reseller, who may or may not agree to the reinstatement of the device. Page 7/19

If, however, you do not wish a registered device to continue to participate in the ZT enrolment environment, simply change the configuration settings of the device from an active EMM server configuration to the vale No config. Navigation panel>devices>select the device>configuration>then select No config You may unregister devices from ZT enrolment. Devices are typically only unregistered if they have been sold to other parties, no longer serviceable items or are destined to be outside of the corporate organisation. 1.19 Manage People Manage People allows the ZT web portal owner to add, delete or edit other users (usually from within the organisation) to become administrators, and hence are able to gain access to the ZT web portal. The ZT web portal owner adds the Google account detail of the proposed administrator to the Manage People window. 1.20 Resellers The Resellers tab is the only location within the ZT web portal that displays Your customer ID. This is the actual customer ID that the ZT registered reseller uses to associate purchased devices with the ZT web portal. The Resellers tab also allows an administrator to look through the increasing list of registered ZT resellers, allowing many choices as to where the purchase of the Android 8 devices will be made. Figure 10: Google ZT authorised resellers Resellers may also be added by the owner, allowing greater flexibility in their purchase of ZT enabled devices. Page 8/19

2 Creating a ZT rollout Please check the following details before attempting to provision a ZT device with the Telenor EMM server. Device purchased through approved reseller details added to customer s ZT web portal. A ZT configuration profile has been created on the customer s ZT portal that includes: Telenor MDM and the EMM DPC Telenor MDM ZT JSON string has been added to DPC Extras The Telenor MDM ZT configuration has been assigned to the device (IMEI) Login to the Telenor MDM Server console. Navigate to [tenant] Organisation>Users>Devices>User>Add device Figure 11: Add New device data Ensure that the following are selected for a successful ZT deployment. Item Platform Enrolment Program Ownership MDM ID Enrolment type Description Android Zero Touch Corporate (this value is set by default by the MDM server), however, the option to select the value of either Corporate or Private will become available in upcoming releases of the MDM server. The IMEI of the ZT device Save without enrolling Table 1: MDM server - Add device - ZT device details Ensure that the above table values are selected for a successful ZT deployment. Page 9/19

2.1 Platform The platform must be set to Android. Google zero-touch is an Android 8 (or above) facility. 2.2 Enrolment Program The enrolment program must be set to Zero Touch. The MDM administrator does have the option of selecting (Samsung) KME, which is used for Samsung devices only, and None. If none is selected then the device will be enrolled, as a standard user device by using the older SMS, QR or NFC provisioning methods. When Zero Touch is selected as the enrolment program then the devices ownership field is automatically set to corporate 2.3 Ownership The ownership value is set to corporate when the Zero Touch enrolment program is selected. It will become possible from admin UI to select Private in a later MDM server release. The difference is that Corporate enables the company Google Play account with the company Google EMM account credentials, like in a Work profile setup. Where the Private option enables the user s private Google Play account with the users private Google Play credentials. This allows the user install apps using their Google account details, even though the device is a Managed, Company owned device, which has been activated in Device owner mode. 2.4 MDM ID The MDM ID must be set to the IMEI of the ZT device for the device to be automatically allocated to the intended user. If you are ZT enrolling a Wi-Fi only device, then the serial no. of the device has to be preregistered in ZT portal and serial number must be used in the Serial number field in MDM registration. If no IMEI or serial number is set, and a ZT device is powered on, and a user accepts the DPC installation, then the device will be placed in the Unregistered section of the Global tenancy. Please note that only a Global administrator can move the device from the Global unregistered section to a registered user. 2.5 Enrolment type With zero-touch enrolment the Save without enrolling must be selected. The Save without enrolling assigns the device details to the user. This is how a ZT device is automatically assigned to a user within the MDM server. Page 10/19

3 User s Zero Touch enrolment experience The user receives their new device, either from the Google ZT authorised reseller, or form the user s organisation. Once out of the box, the user should insert the power cord (best practise) before switching on the device. Once the power is applied, the Select Language screen is displayed. Figure 12: User device experience - language selection The user should select the display language, in this case we have selected English (United Kingdom). If the device has a valid and active SIM card installed, then the Insert SIM card screen will not be displayed, and the screen would then typically display the manufacturer s End User License Agreement. The user would AGREE to the device manufacturer s Terms & Conditions. The device needs to contact Google s infrastructure. Because we do not have an active SIM card in this example, then the user must allow connection to a reachable Wi-Fi access point. Figure 13: User device experience - Add Wi-Fi AP Once the user has selected and configured the Wi-Fi access point, by inserting the correct password, the device will automatically reach out to the internet and check whether there are any updates pending for the device. The device will continue its power cycle by checking whether it is registered with Google s ZT infrastructure. Once registration has been confirmed, the DPC and DPC metadata assigned to the devices IMEI, MEID or serial number within the ZT web portal will be presented to the device user. Page 11/19

Figure 14: Set up ZT device confirmation The user may query the DPC s terms and administrator details by selecting the View terms and/or Organisations admin contact details by selecting the displayed hyperlinks. Once satisfied with the details, the user must select Accept and Continue. Figure 15: User device experience - ZT - DO - Activated The Telenor MDM will be installed and activated on the user s device. Once activated, any policy, configuration and restriction will be automatically downloaded and configured on the device ( MDM server dependant). The user s device is now configured as a managed work device and is free to continue their productivity within the organisation. Page 12/19

3.1 Android Enterprise Status It is important to note that upon device activation, the Android Enterprise account details appears to be missing from the newly activated work managed device. This is due to the natural latency between the MDM server and Google s infrastructure. Figure 16: User device experience - Android Enterprise -account support details The MDM server will inform Google s infrastructure that the device is work managed. Google s infrastructure will reply with the devices Android Enterprise status and details of the devices MDM server s tenancy Android Enterprise support account. Page 13/19

4 Enrolling Device Owner mode via QR code Login to the Telenor MDM Server console. Navigate to [tenant] Organisation>Users & Devices>User>Add device Figure 17: MDM server - Add device - QR device details Ensure that the following are selected for a successful ZT deployment: Item Platform Enrolment Program Ownership MDM ID Enrolment type Description Android None Corporate The IMEI of the ZT device Save without enrolling Table 2: MDM server - Add device -QR device details 4.1 Platform The platform must be set to Android. Google zero-touch is an Android 8 (or above) facility. 4.2 Enrolment Program The enrolment program must be set to None. The MDM administrator does have the option of selecting (Samsung) KME, which is used for Samsung devices only, and None. If none is selected and the device is an Android 8 (or above) device and does not have an active ZT configuration assigned to it (or is not even ZT registered), then the device may be provisioned out of the box in device owner mode with a little help from the user, or administrator, using a QR code activation method. Page 14/19

4.3 Ownership The ownership value is set to corporate when the Zero Touch enrolment program is selected. 4.4 MDM ID The MDM ID must be set to the IMEI of the ZT device for the device to be automatically allocated to the intended user. If no IMEI is set, and a ZT device is powered on, and a user accepts the DPC installation, then the device will be placed in the Unregistered section of the Global tenancy. Please note that only a Global administrator can move the device from the Global unregistered section to a registered user. 4.5 Enrolment type With zero-touch enrolment the Save without enrolling must be selected. The Save without enrolling assigns the device details to the user. This is how a ZT device is automatically assigned to a user within the MDM server. Page 15/19

5 Users Work Managed (Device owner) QR code enrolment experience The user receives their new device, from the user s organisation. Once out of the box, the user should insert the power cord (best practise) before switching on the device. Once the power is applied, the Select Language screen is displayed. The user should select the display language of their choice, in this case we have selected English (United Kingdom). Figure 18: User device experience - Start QR activation Once the user has selected their language preference, they must tap the Select Language screen, preferably above the Select language or to the sides of the displayed language selection, 6 times until they see the following: Figure 19: User device experience - Initiate QR activation This repeated tapping informs the device that a QR code set-up has been initiated. The user, on viewing the QR code set up indicator, would, in this instance, tap the screen twice more to initiate QR code installation. If the device has a valid and active SIM card installed, then the Insert SIM card screen will not be displayed, and the screen would then typically display the manufacturer s End User License Agreement. The user would AGREE to the device manufacturer s Terms & Conditions. Page 16/19

Figure 20: User device experience - No active SIM card detected Once the manufacturer s Terms & Conditions have been agreed to, the device will check internet connectivity. If no active SIM card is found, then the device will ask for Wi-Fi access point credentials to be entered. Figure 21: Connect via Wi-Fi Once internet access has been established, the device will check for any updates that may be applied to the device. At this point, the device will install a QR reader, which will allow QR activation. Figure 22: User QR set-up device experience Once the QR reader has been installed, the user will be prompted to Accept and Continue with their device activation. Page 17/19

The user would then point the device s camera, where it would be read by the installed QR reader. Figure 23: User device experience - Scan QR code The device would then install the MDM client and connect to the MDM server that has been defined in the QR code. Figure 24: User device experience - QR - DO - Activated Once connected with the designated MDM server, the MDM client would then be activated. Any predefined policies, restrictions, configurations and applications would then be downloaded and installed into the device. The work managed device is now ready to be used. Page 18/19

5.1 Android Enterprise Status It is important to note that upon device activation, the Android Enterprise account details appears to be missing from the newly activated work managed device. This is due to the natural latency between the MDM server and Google s infrastructure. Figure 25: Android Enterprise Status - Activated device The MDM server will inform Google s infrastructure that the device is work managed. Google s infrastructure will reply with the devices Android Enterprise status and details of the devices MDM server s tenancy Android Enterprise support account. Page 19/19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback