Forum Discussion

wbaeck's avatar
wbaeck
Level 1.5: Cupcake
2 months ago

Barcode setup without ENROLLMENT_TOKEN

Hi

 

We are preparing to enroll over 600 Zebra and Honeywell barcode scanners into Microsoft Intune. These devices are distributed across more than 250 locations and span over 35 distinct configuration profiles. To ensure a smooth rollout, especially for our non-technical users, we aim to automate the enrollment process as much as possible—minimizing manual input and reducing the risk of user errors, including Wi-Fi setup.

 

Our intended workflow is for users to simply scan a QR code at the initial "Hi there" screen. This QR code should contain the necessary Wi-Fi configuration and trigger device provisioning via the Google Zero-Touch portal, bypassing the setup wizard entirely.

 

However, when we generate a QR code using the following JSON configuration, the Wi-Fi settings are not being applied as expected. After the QR code is scanned, the device proceeds to the Wi-Fi setup screen, where users are required to manually enter the network configuration.

 

According to Google’s documentation, the EXTRA_ENROLLMENT_TOKEN is optional.

 

Is it possible to fully automate this step without including the token, or is it required in practice for the Wi-Fi configuration to be applied correctly?

 

Any help would be much appreciated—thank you!

 

{
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
    "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
        "android.app.extra.EXTRA_PROVISIONING_WIFI_SSID": "**SSID**",
        "android.app.extra.EXTRA_PROVISIONING_WIFI_PASSWORD": "**PASSWORD**",
        "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
        "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_CONSENT": true,
        "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_USER_SETUP": true,
        "com.google.android.apps.work.clouddpc.extra.EXTRA_PROVISIONING_SKIP_ACCOUNT_SETUP": true,
        "com.google.android.apps.work.clouddpc.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true
    }
}

 

Devices
EMM
Enrolment
fully managed
Management
microsoft intune
Zero-touch

17 Replies

  • wbaeck's avatar
    wbaeck
    Level 1.5: Cupcake
    2 months ago

    I also tried this json as QR code but then the Zero Touch configuration from the portal is ignored:

     

    {
  "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
  "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
  "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=setup",
  "android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true,
  "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA",
  "android.app.extra.PROVISIONING_WIFI_SSID": "**SSID**",
  "android.app.extra.PROVISIONING_WIFI_PASSWORD": "**PASSWORD**"
}

     

    Is there no way to just read the Wi-Fi config via QR code and the rest is pulled down from ZT portal?

     

  • mattdermody's avatar
    mattdermody
    Level 2.3: Gingerbread
    2 months ago

    I am not 100% on this but I want to say that Zero Touch and QR based enrollment are independent of one another. Zero Touch is generally a bit of a misnomer considering it requires numerous touches, especially when manually having to type in WiFi credentials. It is more like Zero Touch for IT admins, but lots of touches for end users. For line of business devices from Honeywell and Zebra I generally recommend other enrollment strategies like QR or StageNow (Zebra) or Enterprise Provisioner (Honeywell). If you're already having the users scan a QR code containing the WiFi credentials you might as well complete the whole enrollment at that time and avoid the overhead and added complexity of ZTE entirely.

     

    ZTE can be painful with these mission critical devices that go in for repair on repair contracts as you typically are required to unenroll /deregister devices from the ZTE portal before shipping them in which can become a bottleneck in you RMA process.


    "Zebra requires customer to deregister their Android device from Android zero-touch portal prior to sending the unit in for hardware inspection and repair."

     

    https://supportcommunity.zebra.com/s/article/Deregister-a-Device-from-Android-Zero-Touch-Enrollment?language=en_US

    • mattdermody's avatar
      mattdermody
      Level 2.3: Gingerbread
      2 months ago

      And I forgot to mention, I highly advise against using Intune for line of business Android devices from Zebra and Honeywell. 

      • wbaeck's avatar
        wbaeck
        Level 1.5: Cupcake
        2 months ago

        Why this? We are using this since years without any issues. What are the alternatives?

    • Moombas's avatar
      Moombas
      Level 4.1: Jelly Bean
      2 months ago

      Zero Touch is generally a bit of a misnomer considering it requires numerous touches, especially when manually having to type in WiFi credentials

       

      Jus a short note on this: Zero-Touch for the ADMIN, not for the user i guess was the thinking on that but for the end-user it seems silly naming as they still have to do steps, thats true.

      Would be nice to have an "skip all" config just providing the settings via the JYSON maybe except the screen "this device isn't private".

      • wbaeck's avatar
        wbaeck
        Level 1.5: Cupcake
        2 months ago

        Like in my second example you can add this to the json to skip most of the questions:

        "android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS": true

         

        But I get the point - either QR code or ZTE onboarding.

         

        Would be nice to have a combination of that. Combine the configuration of QR Code and ZTE - where ZTE is priorized - and then start the setup with this information. So you can  have Wi-Fi information in QR Code so users don't need to enter complex password on the small keyboard.

    • BenCowell's avatar
      BenCowell
      Level 1.6: Donut
      2 months ago

      On this, ZT & QR are independent of each other.

       

      As Matt says, use StageNow (or equivalent) and scan the QR code to do the full enrolment. You can then consider adding the devices into the ZT console post enrolment (if you need this, and at this point you won't). With Wi-Fi only devices QR > ZT.

       

      Avoid intune in this usecase. WS1 has been mentioned (by Omnissa). Also note-worthy are MobiControl (by SOTI), SureMDM (by 42 Gears) or Scalefusion. 

       

      You should pick the MDM on whichever you are comfortable managing, or whatever your partner has experience in. If a partner has advised you to buy InTune, find another partner immediately.

       

      This problem is also solved by shipping the hardware to a competent partner, and asking them to do the config / staging and final delivery. This wouldn't be a costly service.

      • Moombas's avatar
        Moombas
        Level 4.1: Jelly Bean
        2 months ago

        Just to add here again, if it's not Zebra or Honeywell., you can just use ZTP for ZTE and provide a Wifi-QR (if no SIM with mobile data has to be entered) to provide for example an enrollment Wifi.

        We do it like that in our headoffices when preparing devices which is easy to setup and costs nothing 😉