Howdy,
It's possible to use ZT with a custom DPC, but you'll need to apply to have it listed. Perhaps @Lizzie can advise on the process of this and if it's still open to all?
Correct me if I'm wrong but any device enrolled using ZTP, is enrolled as device owner. So you have full control about your device (depending if it's enrolled as a COBO or COPE with more or less permissions) but needs to be enrolled during first steps.
Only if you want to have BYOD devices, those can't be enrolled using ZTP but via a link (or QR) provided to the end-user and limited access/possibilitys for management for the device itself as the employee is the owner of it and no need to wipe it before.
Hello Moombas and Jason,
Thank you for your reply.
The Device Owner app that we have designed is not within the Play Store so the QR provisioning configuration is similar to this one :
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":
"com.emm.android/com.emm.android.DeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":
"gJD2YwtOiWJHkSMkkIfLRlj-quNqG1fb6v100QmzM9w=",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":
"https://path.to/dpc.apk",
"android.app.extra.PROVISIONING_SKIP_ENCRYPTION": false,
"android.app.extra.PROVISIONING_WIFI_SSID": "GuestNetwork",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"dpc_company_name": "Acme Inc.",
"emm_server_url": "https://server.emm.biz:8787",
"another_custom_dpc_key": "dpc_custom_value"
}
}
We want to implement a similar configuration for Zero Touch. However, it's not possible due to my understanding that Zero Touch automatically downloads the DPC (Device Policy Controller) or DO (Device Owner) controller from the Play Store. This process requires an EMM (Enterprise Mobility Management) token for configuration, which means the device will be counted as one device. This easily leads us to exceed the quotas established by the Android Management API. Is there any way to utilize a configuration similar to the one used for QR provisioning, but for Zero Touch instead?
Thank you !
Just to the configuration:
As i understand it, you should be able to use the same configuration from the QR in the Zero-Touch portal 1:1.
I did the same in the past, so i took the configuration from the ZTP and created an enrollment QR or changed that configuration to test the enrollment via QR before pasting the exact same code to the ZTP as a configuration.
And yet it worked well.
And as you see here in the collection of @jasonbayton : https://bayton.org/android/android-enterprise-zero-touch-dpc-extras-collection/ there are several different things in extras for the relevant MDM/DPC app.
You'll need to upload the app to Google play, and it has been previously possible to register a custom DPC with ZT for selection from the list of available EMMs, I'm just not sure of the exact process ( @Lizzie again).
You can stop worrying about AMAPI, a custom DPC has nothing to do with it, AMAPI doesn't support using your own DPC so with it you'll only be leveraging the on-device APIs of Android enterprise since PlayEMM APIs are no longer available to new vendors also.
A little guidance from Google will help here, but getting the basics sorted like where the DPC is hosted will help
