Unlinking Zero-Touch from MDM provider

bam
Level 1.5: Cupcake

3 weeks ago

Hello.

 

Some months ago we were trialing Android Zero Touch with two different MDM providers: Intune and Workspace One.

 

We have now chosen Intune, but our ZT portal is still linked to WSO. By default devices will get the Enterprise Default Profile, and that means WSO.

 

When I go to try and link Intune with the ZT portal, after choosing my Google account it says "Already linked" and "You can make changes at any time in Linked accounts". However, there doesn't seem to be an option to unlink from WSO from within the ZT portal, and I cannot find any "Linked accounts" button.

 

I also don't have access to WSO anymore, as ours was a trial account and the trial has expired. So I can't log in to that and unlink it.

 

How do we unlink our ZT portal from WSO? Can anybody from Google do it on the back-end?

 

Thank you

0 Kudos
10 REPLIES 10

bam
Level 1.5: Cupcake

2 weeks ago

Tagging @jasonbayton as recommended in https://bayton.org/android/android-enterprise-faq/delete-the-ae-bind/

 

I tried to follow the instructions from the above article but they didn't work. We use separate Google accounts for Google Play and Zero-Touch.

0 Kudos

Moombas
Level 4.1: Jelly Bean

2 weeks ago - last edited 2 weeks ago

In the zero-touch portal just do following:

To change the default configuration:

  1. Go to configurations
  2. press the pen in the top middle of the screen
  3. choose the default configuration you want to use

To change which configuration the specific devices should use:

  1. Go to devices
  2. export them as csv file (3 dots in right top)
  3. change the profile to be used on the devices in the downloaded file via an Editor (pls don't use Excel) from the WSO to the Intune one (the ID can be found in the configurations tab!)
  4. upload the csv again

Be carefull here as this is a critical step, i recommend to do this with one device first and if with success, you can do it in larger steps.

 

Not sure if i need to mention but be aware that all devices enrolled to WSO, needs to be wiped and re-enrolled then in order to connect to Intune (at least all COPE and fully managed ones).

0 Kudos

jasonbayton
Level 4.0: Ice Cream Sandwich
In response to Moombas

2 weeks ago - last edited 2 weeks ago

I think the EMM link makes it annoying. @bam do you have an account manager or someone in omnissa who can either reactivate the trial or remove the bind? Otherwise a FR for @Lizzie to support removing the link from ZT is required 😁

0 Kudos

bam
Level 1.5: Cupcake
In response to jasonbayton

2 weeks ago

Hi @jasonbayton and thank you for your reply.

I will try and see if I can reach out to Omnissa on this, but I doubt it as we ended the trial and we didn't go for their product. We don't have a support relationship in place.

What's does "FR for @Lizzie to support" mean? 🙂 

0 Kudos

jasonbayton
Level 4.0: Ice Cream Sandwich
In response to bam

2 weeks ago

feature request

 

😁

0 Kudos

bam
Level 1.5: Cupcake
In response to jasonbayton

2 weeks ago

Right, that's something that may take some time then.

 

As for our immediate issue, we need to regain access to WSO, otherwise there is no way to break the tie administratively? Is that it?

 

My 2 cents for @Lizzie: is there any way you could look at sponsoring this feature? If Google wants to seriously compete with Apple in this space, then this sort of thing should not be an afterthought. That, and there should be some way to get directly in touch with support.

0 Kudos

bam
Level 1.5: Cupcake
In response to Moombas

2 weeks ago

Hi @Moombas and thank you for your kind reply.

This does work for devices that are already in there. But newly added devices get added with the "Enterprise Default Profile", and that'll be WSO. As it says in various places in this doc, "If the zero-touch account is linked with EMM, the "Enterprise default profile" will override the default configuration."

Thus, I need to be able to change the "Enterprise Default Profile" and that is what I am struggling with.

0 Kudos

Moombas
Level 4.1: Jelly Bean
In response to bam

2 weeks ago

@bam Ok, my guess was/is that the enteprise default profile is the default profile you choose in the configurations tab.

@jasonbayton Is there a difference (as you have more knowledge on that)? 

If yes, that doesn't make sense.

0 Kudos

Moombas
Level 4.1: Jelly Bean
In response to bam

2 weeks ago

Can't the reseller upload devices with a profile id, so "workaround" it?

0 Kudos

bam
Level 1.5: Cupcake
In response to Moombas

2 weeks ago

That could work on a small scale. However, we are a 2000+ people organization with relationships with tens of resellers around the world. We can't be asking all of them to do this every time we submit an order, we need a structural solution for this problem.

I also imagine most of them will not have the facility to do this in an automated way e.g. I imagine someone like Verizon will have some kind of API integration with AZT that adds the devices automatically and without human interaction... I doubt they'll have the facility to specify a customer-specific identifier alongside their submission. 

0 Kudos