Edit Intune QR Code to include wifi and Cellular Data

Go to solution
asif
Level 1.6: Donut

‎07-12-2023 06:35 AM

I have been following google docs on editing Intune QR code to include WIFI details to auto connect to wifi during enrollment  based on the details i have updated the QR code and then using Notepad++ Plugin to generate QR Code with the edited details. When i scan to enroll it gives me error: Wrong QR Code. I have repalced token and checksun details for security purposes here .

{
"qrCodeContent": {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "XXX",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_SSID": "FlatNetwork",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXXX"
}
},
"expirationDate": "2025-12-31T18:29:59.920206Z"

1 ACCEPTED SOLUTION

Go to solution
asif
Level 1.6: Donut

‎07-15-2023 01:44 AM

Thanks everyone I appreciate your help in figuring out the issue. after our discussion I started focusing on Notepad++ QR plugin. It appeared to be an issue with the plugin, after writing the .json , we have to select it and hit the QR plugin to generate the QR . While selecting the code it was removing the last letter which happened to be this '}' . I had to select few empty lines and then it picked the character and created the QR and wallah!!! it worked.

My overall solution to edit the intune QR CODE is as follows:

1. Export the json from intune or simply try google lens and scan to get the script.

2. Edit as per requirement like wifi and cellular data.

3 Use notepad++ plugin to generate the QR code as I mentioned above.

This way i don't have to expose the script to any online untrusted website.

View solution in original post

13 REPLIES 13

Go to solution
Moombas
Level 4.0: Ice Cream Sandwich

‎07-12-2023 06:46 AM - edited ‎07-12-2023 06:47 AM

So, you are not talking about an Intune QR but a Zero-Touch QR.
If i compare your Wifi settings etc. it looks fine but i have never seen a expiration data after the QR code and also different data arrangement (different from what i successfully generate with my own tool for differnt MDM).
Are you sure it shouldn't be something like this:

 {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "XXX",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_SSID": "FlatNetwork",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXXX",
"expirationDate": "2025-12-31T18:29:59.920206Z"}
}

0 Kudos

Go to solution
asif
Level 1.6: Donut
In response to Moombas

‎07-12-2023 07:36 AM

In intune it allows to enroll the device as Kiosk device , setup only has one option which allows to set an expiration date of the token and this is what we see in the json. Below is the code that gets generated and it does work , but when i edit it to include wifi details it doesnt work.

{
"qrCodeContent": {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXX"
}
},
"expirationDate": "2025-12-31T18:29:59.920206Z"
}

 

I used your code but that doesnt work either.

0 Kudos

Go to solution
jasonbayton
Level 4.0: Ice Cream Sandwich

‎07-12-2023 07:00 AM - edited ‎07-12-2023 07:02 AM

Your QR code is invalid due to the "qrCodeContent", and the expiration line. Here's a version which should work for you - 

 

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "XXX",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_SSID": "FlatNetwork",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXXX"
}
}

 

NB, I haven't tested it since it's full of dummy data 🙂

@Moombas there's no such thing as a zero-touch QR. Same payload, different format. ZT only needs the DPC Extras and not the rest of the above 🙂

0 Kudos

Go to solution
asif
Level 1.6: Donut
In response to jasonbayton

‎07-12-2023 07:34 AM

Thanks for the response Jason, i had earlier tried it without the qrcontent and expiration date but it gives the same error.

0 Kudos

Go to solution
jasonbayton
Level 4.0: Ice Cream Sandwich
In response to jasonbayton

‎07-12-2023 08:58 AM

OK interesting. I pulled this from my environment, so if you edit it accordingly with your details it should work. NB the admin signature checksum isn't private, no need to edit it out 🙂 

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"XxxXXXxxXXxxXXx"
},
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":false,
"android.app.extra.PROVISIONING_USE_MOBILE_DATA":false,
"android.app.extra.PROVISIONING_WIFI_SSID":"MyWIFINetwork",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
"android.app.extra.PROVISIONING_WIFI_PASSWORD":"password123"
}

 

0 Kudos

Go to solution
asif
Level 1.6: Donut
In response to jasonbayton

‎07-12-2023 10:08 AM

still same , not sure if this is because of Notepad++ Plugin, is there any other tool that you recommend. We generally don't put these details on any website because of security concern.

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXX"},
"android.app.extra.PROVISIONING_USE_MOBILE_DATA":true,
"android.app.extra.PROVISIONING_WIFI_SSID":"FlatNetwork",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
"android.app.extra.PROVISIONING_WIFI_PASSWORD":"XXX"
}

0 Kudos

Go to solution
jasonbayton
Level 4.0: Ice Cream Sandwich
In response to asif

‎07-12-2023 10:33 AM

It's indeed possible the QR being generated is somewho invalidating the payload. Is that which you've posted there what comes from scanning the generated QR code you've made?

I use some command line tools on Linux, but there are services like qr-code-generator.com that have worked well for me in the past (without exposing sensitive details to it)

0 Kudos

Go to solution
asif
Level 1.6: Donut
In response to jasonbayton

‎07-12-2023 02:44 PM

I exported the code , Intune allows to export the code. and then i added the wifi and the cellular data field after that i use Notepad++ to create qr code.

0 Kudos

Go to solution
9368903833
Level 1.5: Cupcake
In response to jasonbayton

‎08-10-2023 07:49 AM

Screenshot_2023-07-30-21-35-54-304_com.android.settings.jpg

 You

0 Kudos

Go to solution
asif
Level 1.6: Donut

‎07-12-2023 07:04 AM

In intune it allows to enroll the device as Kiosk device , setup only has one option which allows to set an expiration date of the token and this is what we see in the json. Below is the code that gets generated and it does work , but when i edit it to include wifi details it doesnt work.

{
"qrCodeContent": {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXX"
}
},
"expirationDate": "2025-12-31T18:29:59.920206Z"
}

 

I used your code but that doesnt work either.

 

0 Kudos

Go to solution
Moombas
Level 4.0: Ice Cream Sandwich

‎07-12-2023 11:05 PM

@asif before i wrote my own ZT-QR-code generator for our company i used this to create those QR codes: https://barcode.tec-it.com/de/MobileQRCode?data=This%20is%20a%20QR%20Code%20by%20TEC-IT%20for%20mobi...

But same as @jasonbayton wrote: I have never seen that "qrCodeContent" and "expirationDate" but this could be because we don't use Intune currently. But i took a look into the past where we tested Intune (using Zero-Touch Portal but the data there is the same as you provide in the QR-Code) and even there i see those things.
Please test without those things again.

Also look at this video: https://www.youtube.com/watch?v=4cejyznoN5Q
At 01:01:02 you could scan that QR with a reader (just to get the data) and even an epiration date is there, there's nothing like this in the QR data. Only Intune does need to know that this token expires at some time so a QR code using an expired token just won't work.

#IntuneNugget 34- Android Zero Touch Enrollment to Intune using Google ZTE
#IntuneNugget 34- Android Zero Touch Enrollment to Intune using Google ZTE
youtube.com/watch?v=4cejyznoN5Q
In this tutorial we are going to take a look over Zero Touch enrollment of Android devices to Intune via Google ZTE Timeline: Nugget's Agenda- 22 Seconds Android Enrollment Ways- 1:03 Minute Android Enrollment Methodologies - 5:12 Minute Flow for Google ZTE- 25 Minute Demo- 36:40 Minute Zero Touch
0 Kudos

Go to solution
asif
Level 1.6: Donut
In response to Moombas

‎07-13-2023 07:42 AM

qr code content and expiration date is specific to Intune , i am not including these values when i am generating the QR code. I believe this may because if Notepad++ Plugin thats not able to generate the right qr code.

0 Kudos

Go to solution
asif
Level 1.6: Donut

‎07-15-2023 01:44 AM

Thanks everyone I appreciate your help in figuring out the issue. after our discussion I started focusing on Notepad++ QR plugin. It appeared to be an issue with the plugin, after writing the .json , we have to select it and hit the QR plugin to generate the QR . While selecting the code it was removing the last letter which happened to be this '}' . I had to select few empty lines and then it picked the character and created the QR and wallah!!! it worked.

My overall solution to edit the intune QR CODE is as follows:

1. Export the json from intune or simply try google lens and scan to get the script.

2. Edit as per requirement like wifi and cellular data.

3 Use notepad++ plugin to generate the QR code as I mentioned above.

This way i don't have to expose the script to any online untrusted website.