Zero-touch enrollment is a streamlined process for [[Android]] devices to be provisioned for enterprise management. On first boot, devices check to see if they’ve been assigned an enterprise configuration. If so, the device initiates the fully managed device provisioning method and downloads the correct device policy controller app, which then completes setup of the managed device.[^1] With Android Enterprise, deploying a device is as simple as turning it on. Zero-touch enrollment equips any number of devices with your key apps and security configurations. Right from the box.[^4] ```mermaid flowchart TD A[Reseller] --> B B[Android Zero Touch Portal] --> C[MDM - MaaS360, Intune, etc.] C --> D[Policies - Apps, settings configuration, etc.] ``` # Android Enterprise ## Getting Started Start by purchasing zero-touch enrollment devices. **Your reseller sets up your zero-touch enrollment account when your organization first purchases devices registered for zero-touch enrollment**.[^1] You'll need to provide your reseller with a Google Account, associated with your corporate email, to enable them to create your zero-touch enrollment account. # MaaS360 The enrollment configuration that is created in the [[MaaS360]] Portal is pushed down to the devices from the Android Enterprise Zero-touch portal.[^2] 1. Sign in to the Zero-touch portal at [https://enterprise.google.com/android/zero-touch/customers/](https://www.ibm.com/links?url=https%3A%2F%2Fenterprise.google.com%2Fandroid%2Fzero-touch%2Fcustomers%2F "(Opens in a new tab or window)"). 2. Click Configurations in the navigation window. 3. Click Add in the Configurations table. 4. In the Configuration window, complete the following fields: |Option|Description| |---|---| |Configuration Name|Specify a unique name, such as QA team or interns.| |EMM DPC|Select MaaS360 MDM for Android.| |DPC extras|Copy the JSON-formatted text that you created in the MaaS360 Portal.| |Company Name|Specify the name of your organization. Zero-touch enrollment shows this name to the users during device provisioning. # Intune Add a zero-touch configuration in the [zero-touch enrollment portal](https://enterprise.google.com/android/zero-touch/customers). You can use the portal by itself to manage configurations, or you can use it in combination with the zero-touch iframe. The portal supports configurations for fully managed and dedicated devices, and corporate-owned devices with a work profile.[^3] 1. Sign in to the zero-touch enrollment portal with your Google account. 2. Select the option to add a new configuration. 3. Fill out the information in the configuration panel. 4. Select **Microsoft Intune** as the EMM DPC app. 5. Copy the following JSON text into the DPC extras field. Replace `YourEnrollmentToken` with the enrollment token you created as part of your enrollment profile. Be sure to surround the enrollment token with double quotes. ```JSON { "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YourEnrollmentToken" } } ``` 6. Enter your organization's name and support information, which is shown on screen while users set up their devices. [^1]: [Zero-touch enrollment for IT admins - Android Enterprise Help](https://support.google.com/work/android/answer/7514005) [^2]: [Configuring the Android Enterprise Zero-touch portal - IBM Documentation](https://www.ibm.com/docs/en/maas360?topic=enrollment-configuring-android-enterprise-zero-touch-portal) [^3]: [Enroll Android Enterprise dedicated, fully managed, or corporate-owned work profile devices in Intune - Microsoft Intune | Microsoft Learn](https://learn.microsoft.com/en-us/mem/intune/enrollment/android-dedicated-devices-fully-managed-enroll#create-configuration-in-zero-touch-enrollment-portal) [^4]: [Android Enterprise Enrollment | Android](https://www.android.com/enterprise/enrollment/#partners)