Not all devices in Zero Touch Portal are forcing a fully managed profile.

CuriousNE
Level 1.5: Cupcake

a week ago

We have Zero Touch and use Intune. We do not have Intune linked to Zero Touch. We created a configuration in Zero Touch.  The devices should enroll as fully managed. 

Several devices are successfully enrolling as fully managed however, some are being prompted to set up a work profile rather than enroll as fully managed.  

It doesn't seem to be consistent as to make, model or OS version.  All of the devices below are in Zero Touch and should have been enrolled as fully managed.  They all point to the same configuration in Zero Touch. 

Also, some devices prompt for work profile setup but then only go so far before endinto a screen that says the device cannot be setup. 

CuriousNE_0-1728409210173.png

Any insight or advice would be appreciated. 

Thank you, Nancy 

0 Kudos
4 REPLIES 4

Lizzie
Google Community Manager
Google Community Manager

Wednesday

Hello @CuriousNE,

 

Great to meet you Nancy, it's interesting to see this. My first thought is to check if everything is set up in Intune as it should be. There are quite a few variables that could be at play here, so a good starting point might be to check this with Microsoft. 

 

Have you done this already?

 

(If anyone else has any other ideas please do add them here too 😀)


Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

0 Kudos

Michel
Level 2.2: Froyo

Wednesday

Hi Nancy,

 

Devices marked als personal in Intune are not enrolled via zero touch, If they should have been then there is something wrong in your configuration or devices did not have an active internet connection when the first configuration was done. 

 

When using the Google / Android zero touch portal via Intune, I advice you to stay away from the Zero touch bulk menu option in the Android enrollment page of Intune. It has caused me more headaches then I wish for. When using this portal, I make sure it is not connected to the Intune tenant and create a manual configuration profile myself in Android zero touch. 

 

Configuring that is described here (be carefull, this links to the correct steps direclty. Do not scroll up or you will follow the instructions for the part i advice you to ignore): https://learn.microsoft.com/en-us/mem/intune/enrollment/android-dedicated-devices-fully-managed-enro...

 

High level, these items should be configured properly:

  • Devices should be listed in Android / Google zero touch
  • A profile, or multiple, should have been created in Google zero touch
    • Profile contains a token which corresponds with the enrollment profile token in Intune (one of 4 management profiles)
  • Device must have a profile assigned
  • Device must be connected to internet when starting the initial setup

this will make sure a device is enrolled as corporate in Intune. Make sure to use filters or groups with users to give it the policies needed. 

CuriousNE
Level 1.5: Cupcake

Wednesday

I have not contacted Microsoft yet as the devices are not reaching intune. 

The device is in Zero Touch. It does have internet connection - I've attempted using wifi and using the mobile data, both get the same result. It prompts for a work profile to be set up. 

I have tried to setting it to use the configuration as well as setting the configuration to None - behavior is the same. 

I've contacted the vendor to see if it has something to do with the way they are adding them to Zero Touch. Currently still waiting for a response from them. 

 

0 Kudos

Michel
Level 2.2: Froyo
In response to CuriousNE

Thursday

I've had some rare occasions where an upload was faulty. Re-uploading them fixed this, thats something your reseller should be able to do. 

0 Kudos