Getty Images


How to set up Android Enterprise with zero-touch enrollment

For organizations that value convenience and UX, zero touch could be an ideal Android Enterprise enrollment method. Learn about the advantages and challenges it can present.

Zero-touch enrollment can streamline the process of setting up Android Enterprise devices.

Android Enterprise is a set of tools and services that helps organizations manage Android devices securely. It offers features such as work profiles, device policies and app management for both corporate-owned and BYOD scenarios.

The program works with approved enterprise mobility management (EMM) providers to enable easy Android management. IT admins can get started with Android Enterprise by enrolling their organization's devices in it, and there are a few ways to do this.

One of the most popular methods is zero-touch enrollment. In comparison to more hands-on methods, such as EMM token registration, zero touch is fully automatic for the end user. This reduces the risk of human error and provides positive UX. However, some of the burden then falls on IT to set up an effective device enrollment process. To avoid any issues, IT should know how zero-touch enrollment works and what considerations go into it.

How does zero-touch enrollment for Android Enterprise work?

Android Enterprise zero-touch enrollment automatically configures devices with settings, apps and policies when users first turn them on. Identifiers such as device information and configuration profiles are foundational to this enrollment method.

Once employees enroll their devices, admins manage them through Android Enterprise's management console. There, IT can configure policies, install apps and monitor device compliance.

Zero-touch enrollment is popular for a few reasons. First, with zero touch, it doesn't take as much time and effort to set up multiple devices across remote and hybrid workforces. This is because it requires no manual intervention by service desk technicians or end users. Automation also takes place over the air, reaching all remote and hybrid employees whose devices can access the internet. Another benefit is that it ensures all corporate-owned mobile devices run a standard configuration based on the organization's policies.

In comparison to more manual methods, such as EMM token registration, zero touch is fully automatic for the end user.

Android Enterprise zero-touch enrollment best practices

Zero touch enables organizations to ship preconfigured mobile devices to remote and hybrid users. This saves employees from a trip to the IT service desk for device setup, resulting in a more convenient experience for admins and end users alike.

Still, there are some steps that organizations must take to ensure effective enrollment and management. The following best practices can help IT departments support a zero-touch device rollout:

  • Verify EMM compatibility with zero-touch enrollment and Android Enterprise integration.
  • Educate employees about the setup process before they open the box with their new device. Users have a better zero-touch experience if they understand its benefits and what it means for security and compliance.
  • Conduct deployment on a department-to-department or similar level. This makes it easier to identify and resolve issues before they affect many users.

Additionally, there are some considerations that organizations should be aware of before they start the enrollment process. It's important to keep the following details in mind:

  • The exact steps to set up an Android device might vary depending on the EMM platform, so IT should be prepared to consult the provider's documentation.
  • Stable internet is necessary for a zero-touch setup. Organizations should already have sufficient Wi-Fi and broadband standards for home office workers to meet this need.
  • Even after a factory reset, once a user turns an enrolled device on again, it automatically reenrolls itself in Android Enterprise. If the organization needs to remove a device from management, IT must unregister it in the zero-touch portal.

5 steps to enroll devices in Android Enterprise with zero touch

While zero-touch enrollment for Android Enterprise requires some setup from IT administrators, the process is straightforward. Regardless of the management approach or number of endpoints, enrollment generally involves five steps.

1. Prepare EMM for Android Enterprise

IT admins must ensure that their organization's EMM platform is compatible with Android Enterprise and zero-touch enrollment. Compatible EMM platforms include Soti, Samsung Knox and Esper.

2. Prepare devices for zero-touch enrollment

Next, confirm the devices' compatibility with zero-touch enrollment, and ensure that they can connect to the internet upon initial power-on. Ensure that they are charged and free from previous configurations. These are standard practices for organizations that use a third-party MSP or reseller to support mobile efforts.

To prepare devices in bulk, IT can use EMM tools such as Samsung Knox Mobile Enrollment.

3. Configure the zero-touch portal

After confirming that the EMM platform and devices meet the necessary prerequisites, log in to the zero-touch enrollment portal, and register the organization's devices. Associate them with the EMM platform's enrollment profile. IT should be able to find profile information in Google's documentation.

4. Let device setup run

Devices automatically detect the zero-touch configuration and download settings, apps and policies upon powering on.

5. Complete EMM enrollment

End users follow on-screen prompts to complete enrollment. These prompts confirm that they accept organizational policies and device management.

Will Kelly is a freelance writer and content strategist who has written about cloud, DevOps, AI and enterprise mobility.

Dig Deeper on Mobile operating systems and devices

Unified Communications