Introduction
TABLE OF CONTENTS
Zero-touch is an over-the-air (OTA) deployment method that is supported by Android devices. It's supported on all phones using Android 9.0+, select Android 8.0 devices and some Wi-Fi only tablets. It is a tool used to install the Ensemble MDM with the proper admin permissions.
Ensemble can be integrated with Zero-touch by either creating a new customer ID or enrolling with an existing customer ID.
Create A New Zero-Touch ID
- To access Zero-touch management, go to the Devices section on the navigation menu, choose Devices, and click “Google Zero-touch” under the Deployment options.
- Use "Click here to enroll".
- "Setup a New Zero-touch Customer" dialog box will appear.
- Enter a company name
- Select an owner account (must be a Google account).
- (Optional) Selecting an admin account (must be a Google account).
- Click Enroll.
- A dialog will appear which confirms your enrollment.
Enroll with an existing Zero-Touch Customer ID
- Use the "here to re-enroll" option to enroll with an existing Zero-touch customer ID.
Zero-touch configurations
Zero-touch configurations are used to indicate what MDM should be installed by Zero-touch during setup. It also configures certain settings during deployment.
New Account: Allowing Configuration Management
- You must be logged into the owner email to setup the Zero-touch configurations. Log in by using "click here to sign in"
- Google will direct you to log in. Make sure to choose the Owner Email account.
- Google's Terms of Service must be accepted before Ensemble can be used to setup the configurations.
- Use "Sign into the zero-touch portal" to view and accept the terms.
- Proceed to sign in to the Zero-touch portal and accept the Terms and Conditions.
- This is what you will see after accepting the terms of service:
- Make sure that the correct Google account is selected in the upper right-hand corner
- Make sure that the correct Zero-touch customer is selected in the upper left-hand corner
Adding A User
You can add a user to your Zero-Touch portal by clicking the Users tab on the left side of the screen, and then clicking Add User.
When you add a user, you will need to enter their email address, and then choose a role: Admin or Owner, each with their own permissions.
- Admin: Can manage configurations and assign them to devices
- Owner: Can manage configurations and assign them to devices, and manage users.
Zero-Touch Configurations
- You can add a configuration in one of two ways: Using the Zero-Touch portal, or by creating one with Ensemble. First, how to do it within Ensemble:
- Setting up the configuration through the Ensemble management portal automatically selects Ensemble the desired MDM to install and shows the deployment options supported by Ensemble.
Fill out the fields as needed using your company's information. You can include a message in the Custom Message field, change the locale, or change the main color of the configured devices if you choose. The only required fields are Configuration Name, Company Name, Contact Phone Number, and Contact Email.
- Disable system apps will block the default system apps from being usable on the device(s).
- Allow provisioning over mobile data will allow it to grab the configuration while off of WiFi.
- Prompt user to log into a Google Account will force the end user to log into a Google Account during the setup wizard.
- Opt out of being able to grant sensor related permissions will prevent the MDM from being able to grant sensor related permissions, including location, camera, activity recognition, body sensors, and microphone (recording audio).
- Please note, these can still be denied individually using the security settings in Project Policies if this is checked.
- Opt out of collecting personal identifiers will stop the MDM from collecting location information, phone number, IP/MAC addresses, and the SIM ICCID.
- You must accept the protected health information terms and conditions under HIPAA and HITECH Act to use this feature. Please see our HIPAA article for more information.
Select the "Make Default" checkbox to mark this as the default Zero-Touch profile for all devices added to your company after creating this configuration.
Note: A default configuration MUST be selected before uploading devices or the profile will not be applied automatically.
To edit a configuration, you can click the pencil icon next to the dropdown menu of your created configurations, or click the + button to create a new one. You can also click the Clear Default button if you wish to have no default Zero-Touch configuration.
Note: Configurations created via Ensemble and via the Zero-Touch portal are visible in this menu once they have been created.
Next, this is what it looks like when creating a configuration from within the Zero-Touch portal itself:
Click the Add Configuration button to get started.
First, be sure to give your configuration a name. In the next field, the EMM DPC field, select Ensemble from the list to ensure you create it using our system.
The next field is DPC Extras, this is not a mandatory field to fill out. For more information on DPC Extras, see the Google support forum here.
Next is the company name, support email address, and support phone number fields, which are the same as they are in Ensemble and are required. Finally is the custom message field, much like within Ensemble.
When you are done, click Add and the configuration will be made.
Once a configuration has been made, you can edit it within the Zero-Touch portal as well, by clicking the Edit button, or the Delete button if you wish to remove it.
Assigning Profiles To Devices Individually
If you do not wish to have a default Zero-Touch configuration, you can apply Zero-Touch configurations to devices individually.
From your device management table, find the device that you wish to add the configuration to, click Options, then Configuration, and then ZT Config.
Choose the configuration you wish to add from the dropdown list, and click Apply, and it will apply that Zero-Touch configuration to the device.
