Forum Discussion
Barcode setup without ENROLLMENT_TOKEN
Hi
We are preparing to enroll over 600 Zebra and Honeywell barcode scanners into Microsoft Intune. These devices are distributed across more than 250 locations and span over 35 distinct configuration profiles. To ensure a smooth rollout, especially for our non-technical users, we aim to automate the enrollment process as much as possible—minimizing manual input and reducing the risk of user errors, including Wi-Fi setup.
Our intended workflow is for users to simply scan a QR code at the initial "Hi there" screen. This QR code should contain the necessary Wi-Fi configuration and trigger device provisioning via the Google Zero-Touch portal, bypassing the setup wizard entirely.
However, when we generate a QR code using the following JSON configuration, the Wi-Fi settings are not being applied as expected. After the QR code is scanned, the device proceeds to the Wi-Fi setup screen, where users are required to manually enter the network configuration.
According to Google’s documentation, the EXTRA_ENROLLMENT_TOKEN is optional.
Is it possible to fully automate this step without including the token, or is it required in practice for the Wi-Fi configuration to be applied correctly?
Any help would be much appreciated—thank you!
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"android.app.extra.EXTRA_PROVISIONING_WIFI_SSID": "**SSID**",
"android.app.extra.EXTRA_PROVISIONING_WIFI_PASSWORD": "**PASSWORD**",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
"com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_CONSENT": true,
"com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_SETUP": true,
"com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_ACCOUNT_SETUP": true,
"com.google.android.apps.work.clouddpc.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true
}
}
17 Replies
- wbaeckLevel 1.5: Cupcake2 months ago
I also tried this json as QR code but then the Zero Touch configuration from the portal is ignored:
{ "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup", "android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true, "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA", "android.app.extra.PROVISIONING_WIFI_SSID": "**SSID**", "android.app.extra.PROVISIONING_WIFI_PASSWORD": "**PASSWORD**" }
Is there no way to just read the Wi-Fi config via QR code and the rest is pulled down from ZT portal?
- mattdermodyLevel 2.3: Gingerbread2 months ago
I am not 100% on this but I want to say that Zero Touch and QR based enrollment are independent of one another. Zero Touch is generally a bit of a misnomer considering it requires numerous touches, especially when manually having to type in WiFi credentials. It is more like Zero Touch for IT admins, but lots of touches for end users. For line of business devices from Honeywell and Zebra I generally recommend other enrollment strategies like QR or StageNow (Zebra) or Enterprise Provisioner (Honeywell). If you're already having the users scan a QR code containing the WiFi credentials you might as well complete the whole enrollment at that time and avoid the overhead and added complexity of ZTE entirely.
ZTE can be painful with these mission critical devices that go in for repair on repair contracts as you typically are required to unenroll /deregister devices from the ZTE portal before shipping them in which can become a bottleneck in you RMA process.
"Zebra requires customer to deregister their Android device from Android zero-touch portal prior to sending the unit in for hardware inspection and repair."- mattdermodyLevel 2.3: Gingerbread2 months ago
And I forgot to mention, I highly advise against using Intune for line of business Android devices from Zebra and Honeywell.
- wbaeckLevel 1.5: Cupcake2 months ago
Why this? We are using this since years without any issues. What are the alternatives?
- MoombasLevel 4.1: Jelly Bean2 months ago
Zero Touch is generally a bit of a misnomer considering it requires numerous touches, especially when manually having to type in WiFi credentials
Jus a short note on this: Zero-Touch for the ADMIN, not for the user i guess was the thinking on that but for the end-user it seems silly naming as they still have to do steps, thats true.
Would be nice to have an "skip all" config just providing the settings via the JYSON maybe except the screen "this device isn't private".
- wbaeckLevel 1.5: Cupcake2 months ago
Like in my second example you can add this to the json to skip most of the questions:
"android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true
But I get the point - either QR code or ZTE onboarding.
Would be nice to have a combination of that. Combine the configuration of QR Code and ZTE - where ZTE is priorized - and then start the setup with this information. So you can have Wi-Fi information in QR Code so users don't need to enter complex password on the small keyboard.
- BenCowellLevel 1.6: Donut2 months ago
On this, ZT & QR are independent of each other.
As Matt says, use StageNow (or equivalent) and scan the QR code to do the full enrolment. You can then consider adding the devices into the ZT console post enrolment (if you need this, and at this point you won't). With Wi-Fi only devices QR > ZT.
Avoid intune in this usecase. WS1 has been mentioned (by Omnissa). Also note-worthy are MobiControl (by SOTI), SureMDM (by 42 Gears) or Scalefusion.
You should pick the MDM on whichever you are comfortable managing, or whatever your partner has experience in. If a partner has advised you to buy InTune, find another partner immediately.
This problem is also solved by shipping the hardware to a competent partner, and asking them to do the config / staging and final delivery. This wouldn't be a costly service.
- MoombasLevel 4.1: Jelly Bean2 months ago
Just to add here again, if it's not Zebra or Honeywell., you can just use ZTP for ZTE and provide a Wifi-QR (if no SIM with mobile data has to be entered) to provide for example an enrollment Wifi.
We do it like that in our headoffices when preparing devices which is easy to setup and costs nothing 😉
- Emilie_BGoogle Community Manager2 months ago
Hi wbaeck - just wanted to check in and see if your issue was solved?
mattdermody, Moombas, Michel and BenCowell thanks for jumping in and helping out!
Related Content
- 2 years ago