Provisioning Android Devices

You can provision Android devices in several different ways depending .

Some are more usable for users in a BYOD or COPE scenario, where you use the Android "Work Profile". Creating a work profile separates work apps and data from the personal profile.

• The device owner provisions with the EMM client

Others are more suitable for the Work Managed Devices ("Device Owner Mode" where the EMM service "owns" the devices), typically in a COBE scenario.

There are multiple methods to provision a device as a managed device. Some devices may limit which methods are available.  A device must always be new or wiped and the process begins from the first setup screen, that is, language selection.

• Use NFC with a separate provisioning device (see Provisioning Android Devices with NFC)
• Use a QR code with a separate provisioning device (see Provisioning Android Devices with a QR Code)
• Use a DPC identifier (see below)
• Use Zero-touch (see below)

Zero-touch provides the best user experience.

DPC identifier

This method can be performed by the user during the normal device setup wizard. As with the other methods, the device must be a new or fully wiped device.

The user needs to:

1. Start the device
2. Follow the setup wizard as usual until the device asks the user to enter his Google email address or phone number
3. Enter the following code (as the email address/phone number):
   

   afw#mysync

   The device will download the mySync EMM client app from Google Play
4. Accept installing it. The mySync EMM client app starts, sets itself up as the "device owner", and restarts.
5. Continue provisioning the device as usual.

Zero-touch

The EMM platform supports Android Zero-touch provisioning starting Android version 8.0 (Oreo). Using zero-touch requires purchasing devices from a Zero-touch reseller, which will provide an enrollment portal for purchasing and physical asset management.

Brief overview of Zero-touch is available here.

Google instructions for IT administrators are available here.

Provisioning Zero-touch devices is very easy. Google provides simple instructions for end-users here.

Integrating mySync and Zero-touch

On Zero-touch configuration portal, it is possible to set many important values to customise configuration. Relevant Google documentation is available at Android- zero-touch enrollment.

When creating a Zero-touch configuration, select "mySync" as the EMM DPC. The following mySync-related JSON snippet in DPC extras makes device enrollment and provisioning with mySync totally Zero-touch.

{
	"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
		"serviceUrl": "https://mysync.trivore.com/rest/api",
		"installationCode": "xxxexample"
	}
}

When automating and provisioning multiple devices, it is useful to define a multi-use installation code (see Installation codes on mySync main menu pane on the left) and use that in Zero-touch configuration on Zero-touch portal.