User Profile
Moombas
Level 4.4: KitKat
Joined 3 years ago
User Widgets
Contributions
Re: We have all our devices on Samsung Knox; I would like to try using Android Zero-Touch enrollment as well. Is that possible?
I can confirm from our side, we do the same: Knox (free) for Samsung, ZTP for the rest. And in general the reason for that is way more simple as Michel wrote (from our side): The view and information displayed there is way better than in ZTP (sorry Google). But in general i hope Google is aiming to a similar direction to become more equal sometime in future.Re: Android COPE Devices randomly wiping
During enrollment ensure you use ideally a Wifi which is not limited (no FW,...) and not using a proxy to ensure the device and the portal get the relevant information that the device was enrolled using ZTP. For testing, enroll only via mobile data for example. (Maybe you did this test already?) If for some reason this doesn't happen, the device might not detect correctly it was going through ZTP (but for example DPC identifier or so) and then the mentioned error message is displayed and device wiped 2 hours later for security reasons (default).Re: Possible to deploy API commands via Provisioning Profiles in MDM?
Not sure what you mean by "deploy" but you should be able to disable FRP just by setting it: Custom DPC: https://docs.omnissa.com/de-DE/bundle/android-device-managementV2410/page/AndroidProfilesCustomDPC.html#:~:text=Save%20%26%20Publish.-,Enterprise%20Factory%20Reset%20Protection,-Factory%20Reset%20Protection AMAPI: https://docs.omnissa.com/bundle/android-device-managementV2410/page/AndroidProfileAMAPI.html#:~:text=for%20OTA%20updates.-,Enterprise%20Factory%20Reset%20Protection,-Factory%20reset%20protectionRe: Advanced zero-touch provisioning
What kind of login URL are you talking about? What kind of EMM are you using? What kind of enrollment type are you trying to setup (BYOD, COPE, COBO)? If you use zero-touch normally the zero-touch config assigned to the relevant devices should provide ideally everythink you need through the EMM it assignes the devices to. So please provide us a bit more details. My 🔮 seem not to work good enough currently 😉Re: ZTE Enrollment Profiles Issue
It's possible but depends on the MDM. I can tell, again, we do this with Mobicontrol with a lockdown screen (not going to deep into details here now). Example: But as we don't use Intune (thank god) as you, i can't tell if something similar is possible there. Someone with experiences there (maybe jasonbayton ?) can tell you if that is possible there.Re: Option for MDM to place app shortcuts on home screen
For the DEX screen only, yes. There it worked at least as you can provide the app and X + Y coordinates and that worked well. As you have only one screen, not as on normal homescreen, where you can have multiple, the "page" option is missing. And as said, limited to the dex screen itself, not affecting the normal home screen.Re: Option for MDM to place app shortcuts on home screen
The impact is hard to say from my perspective but if our retail part of the company comes a long with that, they seem to see definitely a big gain out of it. Also what Michel mentioned "... Companies want to offer a unified experience when people recieve a new phone..." also takes place there as well. Don't know about other companies yet but see many requests and struggles when companies use kiosk/lockdown and maybe a setting like "just don't allow access to several settings but keep the home screen default available, not blockking any intents or other actions" would be something other companies might think of instead if possible.Re: ZTE Enrollment Profiles Issue
Thats not entirely true. Ofc you can do that but in case of PCB swap (Zebra did this quite often on our end), IMEI/SNR will change so, you have to delete the old one latest you get to know that and ask reseller to add the new one. And as the old PCB with your IMEI could already be repaired and re-used, your ZT-assignment could cause trouble to others. Thats why, from my knowledge, Zebra requests to remove devices from ZTP and not just removing the config. And yes we had such cases with Zebra as well (also with Lancom for Switches as a side note) and could cause a lot of trouble, so i really recommend to do it as stated before to be friendly also to other customers who might get your old PCB.Re: ZTE Enrollment Profiles Issue
Yeah can underline that for Zebra devices as well, depending on the frequent of repairs (we had not so many in our use case but this can be very different in a warehouse or somewhere else). Also it always needs the involvement of the reseller after repair to put the devices back to your ZT account and you might also need to reassign the relevant configuration to it. So, i also recommend for enrollment and wiping, use a StageNow profile instead everything else i posted below, outside of knowledge of Intune possibilities ;)Re: ZTE Enrollment Profiles Issue
Depends on your setup and maybe which MDM you are using. I tell you how we made it work in Mobicontrol (semi automatic) not sure if that's what you are looking for or even if something like that is possible in Intune. All our devices which should be for stores using the same ZTE rule pointing to 1 specific enrollment policy in Mobicontrol. They all land in one folder where they get a kiosk screen in which you have to enter some data manually. In our case: Environment, storenumber and devicenumber (as it's done in html/JS you can use free text fields (we do use regex on those) or drop down). This data is stored to an ini file on the device and taken by the Mobicontrol agent to the MDM console and will decide then with further device relocation policies where the device will end up. Completely independent of the device serial or IMEI. So, to your question in general: Yes it's possible. To your question in combination with Intune: I don't know (but would wonder).Re: What to Include in Your 2026 Plan: A Quarterly Roadmap to Maximize Your Android Deployment
Yeah but that was an account with not many assignements setup and no EMM bound to it during the process. To be honest, i would feel way more comfortable to go this step if i would know to have fast and easy way to get into contact with Google and sure get fast response as a lot is connected to it. I know we pay for Google support but past tells not really asap help.Re: What to Include in Your 2026 Plan: A Quarterly Roadmap to Maximize Your Android Deployment
Nice to read JordanOC. Just a short question about Q1: As i read it, it's getting mandatory to have the account providing the apps (assigned to the EMM), to be assigned to the Google domain? We haven't done this transformation yet for the productive account yet, as i somehow fear to get into trouble and (because of experience of the past regarding support and running cases on Google side) that then it may take long to get it solved.Re: Option for MDM to place app shortcuts on home screen
Hey Lizzie, even I'm from same spot as Stinus i think i can add more relevant information why a "kiosk" mode isn't a solution to us in any way. Just put on some facts: We provide configurations somehow globally to entire fleet if possible (if settings are the same). We try to have the settings in any country the same where "country" is the minimum to have the same setup from mobile side. But we can have different apps provided per country (yes many are the same but some countries have additional specific ones like voip app,...). Negatives of a kiosk/lockdown (such in our scenario, there are ofc in other scenarios positives): With lockdown we remove the ability for stores to find more effective ways to sort the apps (we might be get notified about new order wished because was tested already by stores) Result: Less flexibility / improvement With lockdown we remove the ability to freely remove/add other shortcuts (even for ex. chrome web-shortcuts) if a (single) store finds it usefull. Result: Less flexibility If we would go with kiosk mode, we most likely would need to provide (worst case scenario) one kiosk (Lockdown called in our MDM) profile configuration per country (~30) to provide stores all relevant apps. Result: Massive workload in configuration and MDM distribution On each change (app removed, app added, placement changed) we would need to change it for minimum one country, most likely many countries (so up to ~30 times). Result: Massive workload in configuration/management If we could arrange icons on homescreen from Android: We keep the flexibility for the users We don't need to take care of any app regarding shortcut (we only want to place some of the most important ones to defined places) A change (app or placement changes) would be a change in one profile (way less configuration/management effort) If it would be implemented in native Android: No need of external launchers maybe saving money (if a chosen launcher would come with costs) one less app/license to be managed still using native Android (troubleshooting is easier as external launchers also can be the cause of issues) making Android more flexible in this area which would mean also more attractive to enterprise some OS (partially) provide this already Motorola via oem config (in total) Samsung via oem config (only for DEX screen) And yes, there are few things which also need to be defined (maybe by options), like: Should these icons be "sticky" on their position or after first placement being allowed to be moved around? Should they moved back when they got deleted or moved? And so on... In general we would need ideally X and Y placement + page + option if sticky or not (maybe per app). Everything could be an option by MDM (if you want to move them back if they got moved, just provide this setting again on a checkin resulting the icons to be moved to their defined position again).
