Zero-touch

42 Topics

Zero-Touch-Registration is not available
Dear Community Members, We are currently encountering an issue with the enrollment of three recently acquired Samsung S23 devices. While we are able to successfully enroll other devices, these specific models are presenting a persistent problem. The error message displayed is as follows: "Zero-Touch Registration is not available. Check your internet connection and try again." To address this, we have attempted the following troubleshooting steps: Utilized mobile data from various carriers as well as Wi-Fi connections, yet the error persists. Formatted the devices. Completely removed the devices from the Zero-Touch portal (https://partner.android.com/zerotouch#) and subsequently re-added them. Attempted manual enrollment using the QR Code provided by Intune. Despite these efforts, the issue remains unresolved. Interestingly, we have successfully enrolled a Samsung XCover 5 without encountering any similar difficulties. We are reaching out to inquire if others in the community are experiencing similar challenges with Samsung S23 devices. Any insights or suggestions would be greatly appreciated. Thank you for your attention to this matter. Kind regards, Zackory
Solved
Zackory
2 years ago Place General discussions
37KViews
2likes
71Comments
Android zero-touch customer portal
Learn more about the changes to the new zero-touch customer portal The new zero-touch customer portal has been designed to make it easier for you to manage your account. Here are some of the key changes: New look and feel: The portal has been redesigned with a modern look and feel, making it easier to navigate and find the information you need. Improved navigation: The navigation menu has been simplified and reorganized, making it easier to find the pages you're looking for. Updated Terms of service: Updated the zero-touch customer terms of service and customers will be prompted to accept the terms of service upon next login to the zero-touch customer portal. The terms of service need to be accepted once by an admin or owner of the customer account. If you own multiple accounts, you might need to accept the terms of service for each one. Note: when attempting to access the zero-touch customer API. Any existing solutions leveraging the zero-touch customer APIs to access an account that has not yet accepted the new terms of service will receive a TosError response. Users will need to accept the terms of service by signing in to the zero-touch enrolment portal. New features/changes: The portal now includes a number of new features, such as: Improved search: search for specific device(s) by the fields below, without specifying which identifier(ie. IMEI, MEID, serial number). Additional fields on device CSV download: You can download a CSV of existing devices assigned to your organization, which contain all data seen on the device management page with additional field(ie. Reseller name and reseller ID). Additionally, unified the formats so the customer can download a CSV, make changes to the profiles, and upload it. Undelete account: You can no longer undelete the account once deleted, alternatively you can reach out to your reseller who can then reach out to us to recover your account with valid reason. To access the new customer portal, simply go to link. You will need to log in with your existing username and password To help you navigate the changes, please refer to the customer portal guide. We value your feedback, please use the feedback button as shown in the attached GIF to share your insights: If you have any questions about the new customer portal, please create a new community conversation in the General Discussion board. Thank you.
Lizzie
2 years ago Place General discussions
21KViews
7likes
43Comments
Master ownership of Android devices
Factory Reset Protection / persistence is a powerful tool but it does not yet feel complete, and it is quite frustrating and potentially dangerous in its current state. It is not always apparent whether any given device is persistently linked using ZeroTouch, Intune or even Google Account FRP. While these tools are available to some, they are not a financially viable option for everyone, especially for consumers. There may be documentation describing the intimate intricacies of how all of these tools work and when/where they leave signs of their presence, but I cannot find it. I have not found a PSA from google for consumers saying "if you buy a second hand phone, check x, y and z to make sure it is not locked, otherwise someone can potentially remotely brick it." As a small company we have various scenarios where we provide phones to employees and also distribute loan/event devices for other small-medium companies, and don't necessarily have the ability to invest in enterprise-grade tools like ZT, InTune or Android Enterprise. If you think, on Windows all you need is to set the BIOS password and the Admin password and User Account Control takes care of the rest. Now take the android example, you add a google account and think it's safe with the user not knowing the password, but there is nothing to stop the user from adding their own personal google account, removing yours (no password required), setting their own PIN, and turning a $1000 phone into a paperweight. If they can unlock the phone, they are the master owner. There did used to be a feature for Multi-User on android but I haven't seen it in a long time, and I think there were performance issues with it as they all had to be loaded at once. While I may be lacking understanding knowledge and making some assumptions, should a consumer really need to know exactly how Android Enterprise works in depth just to buy a second hand/"refurbished" phone? And I dare anyone to get into a device after it's been factory reset while attached to a personal google account with a PIN set without hacking tools. I know there have been exploits with Talkback in the past but it's been patched now, and again these are not lengths to which consumers should need to go. If I knew someone's pattern (most common security type and very hard to hide effectively), and had their phone for 2 minutes, I could turn it into a paperweight simply by adding a disposable google account, removing theirs, and setting a PIN. How are we supposed to protect against that as a small business?
Josh
2 years ago Place General discussions
14KViews
7likes
17Comments
Randomized Mac Address Disabled Option
Background: We use Zero Touch Enrollment for android and Intune for our android devices but run into issues with the Wi-Fi MAC Address being set to randomized by default. We preset the Device MAC Address on our on-prem android devices in our system for validation along with a certificate. These devices must have the Device MAC Address first and validate the certificate later. Issue: A device comes in and we have to enter the Wi-Fi setting before the device connect to Zero Touch Portal and Intune. Does seem like that big of issue but when you have a large number of devices and have to manually enter Wi-Fi settings or scan barcodes then this can waste a large amount of time - days. Best solution would be the ability to provision the device in Zero Touch Enrollment because only thing that would need to be done with on-prem device is power it on. Problem is missing MAC Address provisioning. "android.app.extra.PROVISIONING_WIFI_PASSWORD": "xxxxxxxxxxxxx", "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE": "WPA2", "android.app.extra.PROVISIONING_WIFI_SSID": "network-ssid", "android.app.extra.PROVISIONING_WIFI_HIDDEN": "true", "android.app.extra.PROVISIONING_WIFI_MAC_Address": "device", ???? Next best solution would just be a QR code we could scan to connect to our network, but I can't find any QR code generator that includes MAC address set to device MAC in the options. Most devices we have are Zebra and we do use StageNow but that does work well with newer androids.
Solved
ariley
2 years ago Place General discussions
8.9KViews
0likes
8Comments
Samsung S23 with Knox Mobile Enrollment fails to enroll in Intune
I was wondering if anyone else was having problems enrolling Samsung S23s using Samsung Knox Mobile Enrollment into MS Intune? I read the other thread about S23s and Zero-Touch failing, but that seems different than what we see. We get to a point where Chrome browses to https://play.google.com. The page says: Please click here to continue. No matter how many times you tap that link, nothing happens. Everything is just stuck. If you wait a long time, the phone just restarts and is in some weird state. Using the QR code works fine. Also, other models, like the Samsung S20, enroll just fine using Knox Mobile Enrollment into Intune. This is what it looks like. I opened a case with MS, but they say that is Google's page, and they can't control what it does.
kc
2 years ago Place General discussions
7.1KViews
0likes
11Comments
Android Zero-Touch not working on new Samsung devices
Hello, I have new model devices Samsung Galaxy Tab A9+ and Galaxy Tabe S9 FE+ and the Zero-Touche Enrollment (ZTE) is not working. Nothing happens and ZTE doesn't appear. It works with the Galaxy Tab A8 model. Is it the issue related to Android client portal ? Can you help me ? Regards
Solved
danieltang
12 months ago Place General discussions
6.9KViews
0likes
18Comments
Force settings on Dedicated devices during enrollment
Hello all, I'm trying to deploy a Dedicated device profile in Microsoft Intune, I created the configuration profiles and the compliance policy with some settings, in specific about PIN creation and complexity, but during the setup users are not asked to enter any PIN, and at the end the device result non-compliant until the PIN is set and is fulfilling the rules I set. Is there by any chance a way to force the PIN creation request during the enrollment phase as happens for user-associated devices? Thanks in advance /Lucius
LFagni
2 years ago Place General discussions
5.4KViews
1like
8Comments
Does Android devices lose contact with Google ZTE portal if they are not activated or they do not report back after x number of days? Is there a policy for that?
So we have some Android devices that are imported to ZTE and then sent to the customers but the customers didn't enroll the devices immediately. They have inactive and turned off for 5 months. After 5 month when they start the device and connect to the internet (Wi-Fi) the enrollment is NOT happening. It just starts without any company profil. You can set it up as a normal private device without access to company apps etc. so my question is, is there a policy in ZTE for this? If the device doesn't report back after x number of days just kick it out / don't talk to that device anymore even if it is still in ZTE portal with a profil.
Solved
Arifn
2 years ago Place General discussions
5.3KViews
0likes
11Comments
Auto Launch Android App when deployed from MDM(Google Workspace etc)
Hi Folks, I am focused on to auto-launch my app upon installation when deployed from MDMs, to set up and sync with servers. But I can not find a way to do so. I am curious if there is any way to achieve this by any exclusive support for auto-launch by Android Enterprise programmatically. A few MDMs provide this auto-launch feature. Any kind of help is appreciated. Thanks.
Solved
Alirfan
2 years ago Place General discussions
4KViews
2likes
2Comments
Migration from MI to Intune
I am looking for a bit of advice.. Currently use MobileIron as our MDM (all assigned via AZT) and we want to migrate to Intune, but at the moment all Android phones in AZT are pointed to MobileIron using the configuration. Looking to deploy 300 Android tablets (all corporate owned) which needs to be done in Intune, but I cannot see a way of creating a config for AZT for Intune as well as MobileIron. The current phones setup in MI will eventually either be retired or replaced so need to stay live for the time being until tablets are setup. Any help / advise appreciated, as I'm at a bit of a loss at the moment on how I can do this
PW1
2 years ago Place General discussions
2.6KViews
0likes
3Comments