Edit Intune QR Code to include wifi and Cellular Data

asif
Level 1.6: Donut

I have been following google docs on editing Intune QR code to include WIFI details to auto connect to wifi during enrollment  based on the details i have updated the QR code and then using Notepad++ Plugin to generate QR Code with the edited details. When i scan to enroll it gives me error: Wrong QR Code. I have repalced token and checksun details for security purposes here .

{
"qrCodeContent": {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "XXX",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_SSID": "FlatNetwork",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXXX"
}
},
"expirationDate": "2025-12-31T18:29:59.920206Z"

1 ACCEPTED SOLUTION

asif
Level 1.6: Donut

Thanks everyone I appreciate your help in figuring out the issue. after our discussion I started focusing on Notepad++ QR plugin. It appeared to be an issue with the plugin, after writing the .json , we have to select it and hit the QR plugin to generate the QR . While selecting the code it was removing the last letter which happened to be this '}' . I had to select few empty lines and then it picked the character and created the QR and wallah!!! it worked.

My overall solution to edit the intune QR CODE is as follows:

1. Export the json from intune or simply try google lens and scan to get the script.

2. Edit as per requirement like wifi and cellular data.

3 Use notepad++ plugin to generate the QR code as I mentioned above.

This way i don't have to expose the script to any online untrusted website.

View solution in original post

13 REPLIES 13

Moombas
Level 4.1: Jelly Bean

So, you are not talking about an Intune QR but a Zero-Touch QR.
If i compare your Wifi settings etc. it looks fine but i have never seen a expiration data after the QR code and also different data arrangement (different from what i successfully generate with my own tool for differnt MDM).
Are you sure it shouldn't be something like this:

 {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "XXX",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_SSID": "FlatNetwork",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXXX",
"expirationDate": "2025-12-31T18:29:59.920206Z"
}
}

asif
Level 1.6: Donut

In intune it allows to enroll the device as Kiosk device , setup only has one option which allows to set an expiration date of the token and this is what we see in the json. Below is the code that gets generated and it does work , but when i edit it to include wifi details it doesnt work.

{
"qrCodeContent": {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXX"
}
},
"expirationDate": "2025-12-31T18:29:59.920206Z"
}

 

I used your code but that doesnt work either.

jasonbayton
Level 4.0: Ice Cream Sandwich

Your QR code is invalid due to the "qrCodeContent", and the expiration line. Here's a version which should work for you - 

 

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "XXX",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"android.app.extra.PROVISIONING_WIFI_SSID": "FlatNetwork",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXXX"
}
}

 

NB, I haven't tested it since it's full of dummy data 🙂

@Moombas there's no such thing as a zero-touch QR. Same payload, different format. ZT only needs the DPC Extras and not the rest of the above 🙂

asif
Level 1.6: Donut

Thanks for the response Jason, i had earlier tried it without the qrcontent and expiration date but it gives the same error.

jasonbayton
Level 4.0: Ice Cream Sandwich

OK interesting. I pulled this from my environment, so if you edit it accordingly with your details it should work. NB the admin signature checksum isn't private, no need to edit it out 🙂 

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"XxxXXXxxXXxxXXx"
},
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":false,
"android.app.extra.PROVISIONING_USE_MOBILE_DATA":false,
"android.app.extra.PROVISIONING_WIFI_SSID":"MyWIFINetwork",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
"android.app.extra.PROVISIONING_WIFI_PASSWORD":"password123"
}

 

asif
Level 1.6: Donut

still same , not sure if this is because of Notepad++ Plugin, is there any other tool that you recommend. We generally don't put these details on any website because of security concern.

{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXX"},
"android.app.extra.PROVISIONING_USE_MOBILE_DATA":true,
"android.app.extra.PROVISIONING_WIFI_SSID":"FlatNetwork",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
"android.app.extra.PROVISIONING_WIFI_PASSWORD":"XXX"
}

jasonbayton
Level 4.0: Ice Cream Sandwich

It's indeed possible the QR being generated is somewho invalidating the payload. Is that which you've posted there what comes from scanning the generated QR code you've made?

I use some command line tools on Linux, but there are services like qr-code-generator.com that have worked well for me in the past (without exposing sensitive details to it)

asif
Level 1.6: Donut

I exported the code , Intune allows to export the code. and then i added the wifi and the cellular data field after that i use Notepad++ to create qr code.

Screenshot_2023-07-30-21-35-54-304_com.android.settings.jpg

 You

asif
Level 1.6: Donut

In intune it allows to enroll the device as Kiosk device , setup only has one option which allows to set an expiration date of the token and this is what we see in the json. Below is the code that gets generated and it does work , but when i edit it to include wifi details it doesnt work.

{
"qrCodeContent": {
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "XXXX",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "XXXX"
}
},
"expirationDate": "2025-12-31T18:29:59.920206Z"
}

 

I used your code but that doesnt work either.

 

Moombas
Level 4.1: Jelly Bean

@asif before i wrote my own ZT-QR-code generator for our company i used this to create those QR codes: https://barcode.tec-it.com/de/MobileQRCode?data=This%20is%20a%20QR%20Code%20by%20TEC-IT%20for%20mobi...

But same as @jasonbayton wrote: I have never seen that "qrCodeContent" and "expirationDate" but this could be because we don't use Intune currently. But i took a look into the past where we tested Intune (using Zero-Touch Portal but the data there is the same as you provide in the QR-Code) and even there i see those things.
Please test without those things again.

Also look at this video: https://www.youtube.com/watch?v=4cejyznoN5Q
At 01:01:02 you could scan that QR with a reader (just to get the data) and even an epiration date is there, there's nothing like this in the QR data. Only Intune does need to know that this token expires at some time so a QR code using an expired token just won't work.

In this tutorial we are going to take a look over Zero Touch enrollment of Android devices to Intune via Google ZTE Timeline: Nugget's Agenda- 22 Seconds Android Enrollment Ways- 1:03 Minute Android Enrollment Methodologies - 5:12 Minute Flow for Google ZTE- 25 Minute Demo- 36:40 Minute Zero Touch

asif
Level 1.6: Donut

qr code content and expiration date is specific to Intune , i am not including these values when i am generating the QR code. I believe this may because if Notepad++ Plugin thats not able to generate the right qr code.

asif
Level 1.6: Donut

Thanks everyone I appreciate your help in figuring out the issue. after our discussion I started focusing on Notepad++ QR plugin. It appeared to be an issue with the plugin, after writing the .json , we have to select it and hit the QR plugin to generate the QR . While selecting the code it was removing the last letter which happened to be this '}' . I had to select few empty lines and then it picked the character and created the QR and wallah!!! it worked.

My overall solution to edit the intune QR CODE is as follows:

1. Export the json from intune or simply try google lens and scan to get the script.

2. Edit as per requirement like wifi and cellular data.

3 Use notepad++ plugin to generate the QR code as I mentioned above.

This way i don't have to expose the script to any online untrusted website.