Barcode setup without ENROLLMENT_TOKEN
Hi We are preparing to enroll over 600 Zebra and Honeywell barcode scanners into Microsoft Intune. These devices are distributed across more than 250 locations and span over 35 distinct configuration profiles. To ensure a smooth rollout, especially for our non-technical users, we aim to automate the enrollment process as much as possible—minimizing manual input and reducing the risk of user errors, including Wi-Fi setup. Our intended workflow is for users to simply scan a QR code at the initial "Hi there" screen. This QR code should contain the necessary Wi-Fi configuration and trigger device provisioning via the Google Zero-Touch portal, bypassing the setup wizard entirely. However, when we generate a QR code using the following JSON configuration, the Wi-Fi settings are not being applied as expected. After the QR code is scanned, the device proceeds to the Wi-Fi setup screen, where users are required to manually enter the network configuration. According to Google’s documentation, the EXTRA_ENROLLMENT_TOKEN is optional. Is it possible to fully automate this step without including the token, or is it required in practice for the Wi-Fi configuration to be applied correctly? Any help would be much appreciated—thank you! { "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "android.app.extra.EXTRA_PROVISIONING_WIFI_SSID": "**SSID**", "android.app.extra.EXTRA_PROVISIONING_WIFI_PASSWORD": "**PASSWORD**", "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA", "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_CONSENT": true, "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_SETUP": true, "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_ACCOUNT_SETUP": true, "com.google.android.apps.work.clouddpc.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true } }
Enabled FRP and now I'm stuck
We're building an Emm solution so while testing I enabled FRP and thought of giving it a shot. So, after factory resetting all i can see is a google window asking me to verify with the account that was previously in the device. What I cannot understand is there was no account signed in except the one google created ( the managed account with the briefcase thingy ). I'd like to understand how can i recover it now? i do have some of the device details on enterprise.devices.get endpoint. Any help would be much appreciated! Rino.
Android 15 - Cannot set default password app
We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling passwords. I cannot find any settings in Intune to allow it. All devices are fully managed corporate owned devices. The devices are all Google Pixel 8 or 8a devices. Is this a bug in 15 or am I missing something?
Zero Touch Portal - Error Message
Hi Team, I have created a new configuration item and linked it to Microsoft Intune token. Then I have decided to remove the Intune token configuration before removing the configuration file from Zero touch (which I dont think it should matter). Then I went to remove the configuration item from Zero touch and was getting a strange error message, see below. Now I'm left with a configuration item in Zero touch that I can't remove. Can someone please help or reach out, that would be great. Also, let me know if there is anything else you require from my end.Need Help with QR Enrollment for Multiple Devices in Educational Environment – Is External MDM Required?
Hi everyone, I'm managing a large number of Android tablets in an educational environment. I'm trying to enroll the devices using Android Enterprise with QR code enrollment, but I'm having trouble getting the QR method to appear. So far, only Zero-Touch shows as an option, but most of our devices were not purchased through Zero-Touch resellers, so we can't use that method. My main question is: Is it strictly necessary to use an external MDM (like Miradore, Intune, etc.) to generate the QR code, or is there a way to create and use it directly from the Google Admin console or natively through Android Enterprise? We want to deploy the tablets efficiently and avoid entering accounts manually. Ideally, each device would automatically enroll with our managed Google Play account by scanning a QR code after a factory reset. This is especially important in a school context, where we have many students and limited time for configuration. We are already registered in Google Workspace, and the tablets are in a dedicated organizational unit for students. The admin account is managed, and we are using the Android Enterprise platform linked to our domain. For reference, here are two YouTube videos showing the configuration steps I followed (which reflect our current setup): https://www.youtube.com/watch?v=jI-C_y1u8jE https://www.youtube.com/watch?v=h__pvfp559Q Any advice or clarification would be greatly appreciated. Especially if there’s a native way to enable QR enrollment without needing a full external MDM platform. Thanks in advance!Does anyone allow multiple users on their Androids?
I've got a use case for some multi-user Android tablets and I'm trying to figure out the best solution. I know Android allows you to create secondary users by default but it appears that Microsoft Intune is disabling this setting automatically. Doesn't seem to be a way to allow it given that the only options are block or not configured. I put in a ticket with Microsoft and I'm sure their answer will be to use Microsoft Entra Shared Mode and the Managed Home Screen but that doesn't work very well. Also, it appears multi-user functionality is documented by Google and an EMM can set it up so the user can create secondary users using the standard Android settings or the DPC can create the secondary user. Also looks like there's some work to be done as far as making sure the DPC can still manage the secondary users as well. https://developer.android.com/work/dpc/dedicated-devices/multiple-users So I am curious for those using other EMMs: do you allow secondary users on any of your Android devices?
Play Protect Blocking Custom DPC Apps — How to Get Approval or Alternatives?
Hi everyone, I'm a developer who helps enterprises build custom DPC (Device Policy Controller) Reference Documentation apps to manage Android devices based on their unique requirements. Recently, Play Protect has started blocking the installation of custom DPC apps, even when these apps are signed and used internally. The warning claims the app may pose a risk due to access to sensitive data - even though it's strictly for enterprise use. To make things more difficult: Google is no longer accepting registration of custom DPC apps with Android Enterprise, which limits official distribution and management options. Android Management APIs don’t support all use cases, and also have quote limit. I’ve applied twice to join the Android Enterprise portal to build a SaaS-based device management platform, but both requests were rejected without a clear reason. My questions for the community: Is there any official way to get a custom DPC app approved or whitelisted by Play Protect? Are there any alternative ways to manage Android devices at scale (outside of AMAPI or legacy EMM)? How can new developers or startups gain access to Android Enterprise features when onboarding is currently restricted? Any help, direction, or shared experience would be greatly appreciated. Thanks, Kulwinder
Google services
We have a cloud customer on SoTI mobicontrol who wants to block all outbound traffic in their firewall and only allow what is strictly required. I’ve provided the customer with the official system requirements for SOTI MobiControl and Android Enterprise. However, the customer is only familiar with managing Apple devices and is looking to open the absolute minimum necessary for Android Enterprise to function — particularly avoiding wildcard domains (*) where possible. Can anyone help clarify which Android Enterprise network requirements are actually essential, especially when it comes to Google services, and which ones we can safely leave out? No file sharings, and remote control will be allowed by the customer.
