WavebreakMediaMicro - Fotolia
Many organizations struggle to set up new employee mobile devices, and this is especially true for organizations with workers in numerous locations.
With traditional device enrollment methods, IT must configure each mobile device and then ship the device to the user. This process may take several days or even longer, and it hinders the organization's ability to get a new mobile device user up and running. Zero-touch enrollment can help mobile admins address this issue.
Google offers a streamlined approach to provisioning new corporate-owned devices and putting them in the hands of users quickly. There are, however, some limitations that organizations must be aware of before they participate in zero-touch enrollment.
How does this process work?
With zero-touch enrollment, mobile device admins can ensure their users have all the proper configurations as soon as they turn on the device. When new users first boot their devices, they automatically launch the mobile browser and open a designated website that IT preprogrammed into the device.
The device then downloads an assigned configuration file that IT created with an enterprise mobility management (EMM) or unified endpoint management (UEM) tool. This step requires an account with Google's zero-touch console.
Not all EMM and UEM tools support zero-touch enrollment, but many popular tools do, such as IBM MaaS360 UEM, MobileIron UEM, VMware Workspace One and Citrix Endpoint Management. After the device downloads the zero-touch file, the UEM or EMM tool configures the device with the preset corporate profile. Once the user completes these steps, the device will be available for IT to manage through its EMM or UEM tool.
Are all Android devices eligible?
Unfortunately, not all Android devices support zero-touch enrollment. The device list is long and includes over 7,000 device models from many OEMs, such as the Google Pixel 3, the Samsung Galaxy S10 and the Nokia 7.1.
Additionally, organizations must purchase these devices through an enterprise-level distribution agreement with a vendor such as Verizon. Any devices they purchase from a consumer-level wireless store won't support zero-touch enrollment.
Some wireless carriers and other OEMs also offer zero-touch enrollment services, such as Samsung Knox Mobile Enrollment. Organizations that choose one of these options must work through these alternate vendors' configuration management systems instead of Google's.
When should IT consider zero-touch enrollment?
Zero-touch enrollment is a good option for organizations that do not want to manage smartphone inventory or preconfigure devices. It can also help users receive new corporate-owned devices much faster.
While zero-touch enrollment isn't free, the total cost is relatively low, considering the alternative. If an organization doesn't opt for zero-touch enrollment, it will have to handle all of the purchasing, provisioning and distribution of devices.
Zero-touch enrollment is also a good option for smaller organizations that don't want the burden of handling the shipping logistics. Larger organizations that have many locations with mobile users may want to use zero-touch enrollment, as well.
Dig Deeper on Mobile management
Related Q&A from Jack Gold
With the Android Enterprise Essentials program, organizations get simple and basic device management. However, this approach isn't a great fit for ... Continue Reading
To simultaneously tackle the issues of mobile user privacy and security, IT can deploy Android Enterprise Recommended devices and partition them with... Continue Reading
The Knox Service Plugin helps Samsung smartphone admins roll out security features through EMM tools more quickly. The program lowers the programming... Continue Reading