Zero Touch - what it's all about, how it works and which devices and operating systems can be managed is explained in this blog post.
The term zero-touch enrollment gives an idea of what lies behind the Google feature. Android Zero-touch offers the possibility to register company-owned Android devices fully automatically in an enterprise mobility management (EMM) solution. With this registration process, the corresponding devices check whether a company was assigned to them when they were purchased to automatically set up the desired configuration on first start-up. After the initial setup, all such devices can be administered directly.
A company purchases Android 8.0+ devices from an authorized reseller. This creates a zero-touch account for the company and assigns the devices to the customer directly in the zero-touch portal. The organization can then log into the portal and create and store a corresponding EMM configuration for those devices. These configurations support DPC extras that companies can use to pre-configure items such as a server URL and username.
The reseller can send the devices directly to the company’s end-users, who are guided through the registration process when the device is switched on. The Android devices are recorded as fully managed in the EMM solution.
The full automation saves the administrator a multitude of manual steps that are traditionally associated with full Android device management. These include:
- Entering and configuring each individual device in the EMM solution
- The generation of a Google ID
- The commissioning of the management app on the end device, including manual enrollment process (e.g. via QR code)
With an initial configuration in the Zero-Touch Portal and the assignment of new devices to an organization, it is possible to configure and register a single device or a large number of devices without additional manual effort. In addition, management can be enforced by automatically installing the MDM app during commissioning.
The feature was originally made available for selected Google Pixel devices. Widespread acceptance of the feature could only be ensured when it became possible to use it on all Google Mobile Services-certified devices with Android 9.0+ at the end of 2020. Previously, Google worked with almost all major manufacturers to implement the functionality. For example, Sony, Huawei, HTC, HMD Global support Zero-Touch from Android 8.0.
Anyone who is familiar with Samsung KNOX Mobile Enrollment (KME) already knows the principle of automatic registration. KME was available before Android Zero-Touch and is in widespread corporate use due to the large market share of Samsung devices. Here, too, we rely on certified dealers to have devices and companies included in the KME program. But what about other operating systems?
For macOSand iOS devices, the Apple Business Manager integrates Automated Device Enrollment is integrated. An installation profile can be assigned to the devices in the Apple Business Manager, which takes over all configurations when activated.
With Windows, it is the so-called Autopilot that enables the automatic addition of devices to Azure Active Directory or Active Directory, as well as the automatic registration of devices with EMM solutions.