Can you skip network connection in Android Enterprise Edition?

Question

Hello community,We have Samsung XCover6 Pro Enterprise Edition sent to customer in May this year. (Android v.12)They have started the phone and then didn't enroll it. They have just started the phone and put it on the shelf and battery has died and now they have started the phone. There are two problems:1. They can skip to connect to the Wi-Fi2. Even if they connect to Wi-Fi the phone doesn't get enrolled, the enrollment phase never comes up, you can just continue to setup the normallyIf we remove the phone from Zero Touch Portal, hard wipe the device by connecting it to a PC and then upload it to ZTP and connect it to Wi-Fi. Then it starts with enrollment. So I wanted to test this myself. I took the exact same model of the phone Samsung XCover6 Pro Enterprise Edition from our shelf and started it and to my surprise I COULD NOT skip network connection. Now the only difference between the phone that I tested and the phone that we sent to the customer is that, we sent the phone to customer like 6 months ago. But my test phone purchased recently, like a month ago.I tested this with several different Enterprise phone models and got the exact same result! COULD NOT skip network connection. I had to connect to a network before continuing with the setup.This is exactly what I want because of the obvious reasons. So my questions:Isn't this policy / feature (that you MUST connect to a network) by default set to TRUE for all Android Enterprise? Or is it different based on Android version?

jasonbayton · Accepted Answer

Hello @jasonbayton and @Moombas Thank you for the reply 🙂
We are using only ZT for this customer but I am familiar with Samsung's KME too and have used it with other customers.
But here is another thing that I discovered. I tested four different enterprise model of Samsung phones. A53, A33, XCover6 Pro and S22 and without even uploading them to Knox or ZTP. They behaved exactly the way I want them. Out of the box, I couldn't skip network connection in first setup. This was set to true for all the models above that I tested.

So this could be very much as you say, there could be another build of OEM image on these phones that are sent to our customer.
But then these phones, we have uploaded them to ZTP before we sent to the customer, this is what gives me headache! They don't talk to ZTP, after they are turned on and connected to network, nothing happens. And no there is no network restrictions that could prevent them from talking to Google APIs and services.

And of course we could solve the problem by hard wiping the device, reimport them into ZTP and enroll them because this works. But we are talking about more than 100 phones here....

I have double checked and they have a config profile in ZTP and imported correctly.

I just want to know the root cause of the problem (why they aren't talking to ZTP and why we have to hard wipe every device) so I can present it to our customer.

I think you'll need to speak to Samsung on this.

If the devices are showing correctly registered in ZT either via IMEI1 or SN & hardware details, and the config is assigned, it sounds to me like a bug in the build missing a step.

Are you buying enterprise edition models or anything outside of standard off-shelf devices from a normal retailer?

Are you able to flash/update with e-FOTA or OTA these devices to their latest builds and verify the behaviour still happens?

Sean · Answer

To my knowledge and based on actual testing, because Zero Touch relies on the device connecting to Google's servers over the internet for verification, even if the setup wizard initially opts for an offline configuration, once the device connects to the internet, the system, through Google Play Services, detects Zero Touch settings and will mandates a forced reset of the device.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded