Silent installation of applications on TELPO devices using Android Enterprise
I have an Android application that I want to use on TELPO devices, but in a way that updates are downloaded silently on the device, meaning the user does not have to intervene to update or install an application. I understand that with the configurations offered by Android Enterprise, it is possible to set up a device to allow the actions I require.
requirements for provisioning an app on android 13
I have an app that I designed private for my company .... which gets permissions imei android ID block the use of factory restore unlock OEM unlock lock and unlock screen kiosk mode , and I install it by adb command and work perfect with all devices I have more than 170 devices made in this way and takes a lot of time , I would like to provision my app and placed as device owner through the QR the problem is that I do not know how to do it correctly try many things I saw on the internet , like for example the signed app get the sha256 from the apk and pass it to base64 make the json but I don't understand if I have to configure something else in the app for the provisioning I tried to scan a generated qr with everything correct and it didn't work it says contact your IT support for more information if someone can guide me it would be great, android 12+ a friend sent me some java and kt files for provisioning that worked for him, but for my app it doesn't work. my app has no icon because I need to pass silently and already does but as I say the problem is that I do not know if I am missing a file or a specific configuration I am missing only this and I would be grateful if someone can help complete it or guide me, I saw options like google workspace but I could not modify the block screen to be customized, try with the api google managament android and also does not let you create the company by command then I'm desperate and do not know what to do Thanks for readSamsung devices getting stuck during enrolment when using zero-touch or QR in Germany
Hello, We are currently supporting our German-based client enrol and manage over 700 Samsung (Android 14) tablets and phones into their Microsoft Intune tenant, both dedicated and fully managed. Over the last 2 months we have been having significant issues with enrolment when using all methods except token based (afw#setup), whereby the device gets stuck and hangs at the 'Install Work Apps' screen for several hours until they finally install and enrolment can continue. We have tried multiple troubleshooting steps but without an easy way to access the logs from the enrolment screen I have an inclination that this is not a Microsoft issue since the device does actually appear in Intune as enrolled (just not registered in Entra given it doesn't reach that UI step). We have tried enrolling devices into a completely fresh Microsoft tenant with no app or device configuration and the stuck issue still persists. The issue appears for brand new, never enrolled, devices straight from our vendor so it's not an Entra/Intune object caching problem either. Interestingly though, this issue doesn't happen when devices are enrolled from the UK, whereby methods like Knox zero-touch and QR work as expected and complete within a few minutes. The client is currently German-based but is using Starlink as their primary ISP with an any/any rule on the onboard firewall (for now), so I do wonder whether this could be Starlink or Google Germany related. Looking for some urgent assistance on this please so we can support our customer and avoid using the clunky token-based enrolment process. Thanks, Ethan
WPCO Enrollment into Google Workspace using Zero Touch
Hi there! I am implementing Zero Touch enrollment for our newly purchased Android devices. It is working well and our testing devices end up in "Fully Managed" state after enrollment. I have been wondering if the enrollment could be adjusted so the device ends up in "Work profile on corporate-owned" (WPCO) state instead. I have done a little research and Android spec should allow a device to end up in WPCO state after it is enrolled via Zero Touch. Is this end result achievable with following combination? Device: Samsung with Android 14 Enrollment: Zero Touch during device setup EMM: Google Workspace Google Workspace AFAIK does not have any switch for this in UI. Could the management mode be configured during Zero Touch by using DPC extras set in Zero Touch portal? Developer oriented documentation suggests this is governed by EXTRA_PROVISIONING_MODE. I have tried following Custom Configurations in Google Zero Touch portal so far (all targeting com.google.android.apps.work.clouddpc) : { "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "com.google.android.apps.work.clouddpc.EXTRA_FORCED_DOMAINS": "[\"mycompany.com\"]", "PROVISIONING_MODE": "MANAGED_PROFILE" } } and { "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "com.google.android.apps.work.clouddpc.EXTRA_FORCED_DOMAINS": "[\"company.com\"]" }, "android.app.extra.PROVISIONING_MODE": "2" } and { "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "<SIG-CHECK>", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_ROLE_HOLDER_SIGNATURE_CHECKSUM": "<SIG-CHECK>", "android.app.extra.PROVISIONING_ROLE_HOLDER_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "<TOKEN>", "com.google.android.apps.work.clouddpc.EXTRA_FORCED_DOMAINS": "[\"company.com\"]", "PROVISIONING_MODE": "MANAGED_PROFILE" } } In all three case the devices goes trough Zero Touch enrollment. Device Policy is installed. User is required to log in with a Google Account with company.com account. The device ended up in "Fully Managed" state in all three cases...
Not all devices in Zero Touch Portal are forcing a fully managed profile.
We have Zero Touch and use Intune. We do not have Intune linked to Zero Touch. We created a configuration in Zero Touch. The devices should enroll as fully managed. Several devices are successfully enrolling as fully managed however, some are being prompted to set up a work profile rather than enroll as fully managed. It doesn't seem to be consistent as to make, model or OS version. All of the devices below are in Zero Touch and should have been enrolled as fully managed. They all point to the same configuration in Zero Touch. Also, some devices prompt for work profile setup but then only go so far before endinto a screen that says the device cannot be setup. Any insight or advice would be appreciated. Thank you, Nancy
Device doesn't show factory reset message (2 hours) after signing configuration in Zero Touch Portal
We have some devices registered on the Zero Touch portal that belong to the organization, and whenever we signed up for an enrollment configuration, since this device was not configured in our EMM, it would request a factory reset with a message saying that the device belonged to organization X and would be formatted within 2 hours. But that stopped working. Does anyone know if anything has changed in the Zero Touch portal's ownership policy?Android zero-touch customer portal
Learn more about the changes to the new zero-touch customer portal The new zero-touch customer portal has been designed to make it easier for you to manage your account. Here are some of the key changes: New look and feel: The portal has been redesigned with a modern look and feel, making it easier to navigate and find the information you need. Improved navigation: The navigation menu has been simplified and reorganized, making it easier to find the pages you're looking for. Updated Terms of service: Updated the zero-touch customer terms of service and customers will be prompted to accept the terms of service upon next login to the zero-touch customer portal. The terms of service need to be accepted once by an admin or owner of the customer account. If you own multiple accounts, you might need to accept the terms of service for each one. Note: when attempting to access the zero-touch customer API. Any existing solutions leveraging the zero-touch customer APIs to access an account that has not yet accepted the new terms of service will receive a TosError response. Users will need to accept the terms of service by signing in to the zero-touch enrolment portal. New features/changes: The portal now includes a number of new features, such as: Improved search: search for specific device(s) by the fields below, without specifying which identifier(ie. IMEI, MEID, serial number). Additional fields on device CSV download: You can download a CSV of existing devices assigned to your organization, which contain all data seen on the device management page with additional field(ie. Reseller name and reseller ID). Additionally, unified the formats so the customer can download a CSV, make changes to the profiles, and upload it. Undelete account: You can no longer undelete the account once deleted, alternatively you can reach out to your reseller who can then reach out to us to recover your account with valid reason. To access the new customer portal, simply go to link. You will need to log in with your existing username and password To help you navigate the changes, please refer to the customer portal guide. We value your feedback, please use the feedback button as shown in the attached GIF to share your insights: If you have any questions about the new customer portal, please create a new community conversation in the General Discussion board. Thank you.How to set 'forcedResetTime' field in Zero Touch provisioning
Hello, I am trying to set the forcedResetTime field that is mentioned in the "Google device provisioning services" documentation: https://developers.google.com/zero-touch/reference/customer/rest/v1/customers.configurations#Configuration But, the problem is, I can't set this value through the Zero-Touch portal, the configuration form that is available on the website does not have this optional field. So, is there a way to set this value through the portal? If so, where can I find this field to edit? If not, is there any other way or EMM that I can use to set this value? Ref.: Thanks, Eduardo.[Product Update] Zero-touch enrollment enhancement: Multi-Identifier Registration
*[Updated 17th, September 2024 -enhancements are now live] Hello everyone, We're excited to let you know about some upcoming enhancements to the Zero-touch enrollment process that will give resellers greater flexibility over device registration. Key Improvement: Multi-Identifier Registration Soon, your reseller will be able to register a device using multiple identifiers: Serial number, manufacturer, and model combination Up to two hardware IDs of the same type (either MEID or IMEI) This change will bring several benefits: Improved provisioning reliability by reducing the risk of registration failures due to identifier mismatches. Enhanced inventory management with the ability to track devices using multiple identifiers. Important Note: These changes will be reflected on the zero-touch customer API. Timeline and Next Steps These change are now live. Please contact your reseller to discuss this further. We hope these improvements will greatly enhance your experience with Zero-touch enrollment. As always, we'd love to hear your feedback. If you have any questions about this announcement please comment below. Thank you.
