In a modern workplace, employees have access to mobile devices with secure connectivity, relevant work applications, rich content documents, and collaborative experiences. However, achieving this isn’t easy. Behind the scenes, most IT teams have a hard time as they configure, distribute, and manage numerous devices, all while ensuring their security posture to battle threats and potential corporate data loss. It isn’t a great experience for employees either.
Productivity declines when employees become heavily dependent on the IT helpdesk from the moment they collect the company-allocated devices. Setting up login credentials, gaining network access, and installing the required applications pull IT admins away from more strategic projects. Thankfully, Zero-touch deployment automates the onboarding and deployment of devices without the need for an IT admin to manually configure the device in person.
What is Zero-touch Deployment?
Zero-touch deployment is a streamlined process of allowing organizations to automate the device setup process using a mobile device management (MDM) system. The required settings, configurations, and applications are automatically provisioned on the device without any manual IT intervention.
Advantages of Zero-touch Deployment
- By automating the deployment process, organizations reduce their dependence on internal IT support. It eliminates the overhead of enrolling each device manually and saves operational costs and efforts.
- Pre-configuring corporate devices means organizations can deliver devices directly to employees for out-of-the-box activation. Devices remain registered and re-enrolled after any factory reset.
- Zero-touch automates the process of enrolling devices through the organization’s MDM and enforces policies, configurations, and enterprise apps.
- Zero-touch deployment, through MDM, allows for immediate device supervision and granular control. For instance, organizations can whitelist apps and filter websites to maintain employee productivity and improve data protection.
Zero-touch Deployment for Bulk Device Enrollment
Organizations purchase mobile devices in bulk and deploy them to their employees for various types of work. For example, quick-service restaurants use devices in self-service kiosk experiences; frontline workers in hospitals use mobile devices to access patient information; and line-of-business employees in the transportation industry use devices to oversee employees or daily operations.
IT staff needs to set up devices quickly, install required apps, apply corporate policies, and make devices ready for employees. Bulk enrollment is a streamlined way to enroll many mobile devices. It automates most steps and makes corporate-owned devices ready for use. Common use cases for bulk device enrollment include:
- Set up kiosk mode to restrict devices to single or multiple applications
- Provision devices to allow the devices to be shared across multiple employees
How to Enroll Devices through Zero-Touch Deployment Using Scalefusion MDM
For Android Devices
There’s no need to manually configure devices or enforce a complicated setup on employees with zero-touch. When assigned with an enterprise configuration, Android devices initiate the fully managed device provisioning method and download the Scalefusion MDM agent, which then completes the setup of the managed device.
Pre-requisites
Before enrolling the devices via Android Zero-touch, organizations must ensure that the devices they wish to manage are:
- Purchased from a Zero-touch reseller partner or a Google partner
- Running Android 6.0 and above (Android 4.2 and above for kiosk mode experience)
- A Google account associated with a corporate email account
- A pre-configured Android device profile
Step 1
Log in to the Scalefusion portal
Step 2
Navigate to Getting Started > Android Enterprise Setup. Select the Android Zero Touch & Samsung KME Setup tab
Step 3
Click on Create Configuration. Enter a name and select a QR code configuration from the dropdown list. Click Save
Note:
- The QR code configuration allows IT admins to map a device profile or group against a QR code.
- You can view the QR code configuration on the Scalefusion portal from Enrollment Configurations > QR Code COnfigurations
- Each Zero-Touch configuration will need a unique QR code configuration.
Step 4
Copy the configuration payload
Note – The configuration payload streamlines the process of setting up a large number of devices. The configuration payload instructs the mobile device to enroll itself as soon as the Scalefusion MDM client is downloaded on the device.
Step 5
Sign in to the Zero-touch portal account. It contains the details of the devices, resellers, and MDM configurations. The portal contains four main parameters.
| Parameters | Description |
| Configurations | Create, edit, and delete configurations here. Set a default configuration for any devices added to zero-touch enrollment going forward. |
| Devices | Browse or search for devices and then apply configurations to them. Also, deregister devices from zero-touch enrollment. |
| Users | IT admins who are account owners can add, edit, and delete users to manage portal access for the organization. |
| Resellers | Add additional resellers to share the account with multiple resellers. |
Navigate to Configurations. Click the ‘+’ sign to add a new configuration.
- Enter a configuration name
- Select Scalefusion – Kiosk & MDM Agent from the dropdown menu under EMM DPC
- Paste the configuration payload in DPC Extras copied earlier from the Scalefusion MDM portal
- Enter the company name, support email address, phone number, and custom boot up message
Click Add
Navigate to Devices. Search the devices by entering an IMEI number. Select a configuration for the device, and click update.
Note: IT admins can select a default configuration to apply on any new devices
For iOS Devices
Scalefusion MDM supports Zero-Touch enrollment using Apple Business Manager to automatically configure devices after turning them on.
Prerequisites
Before enrolling the iOS devices, organizations must ensure the following to enable a zero-touch enrollment strategy –
- Create APN (Apple Push Notification) Certificates to allow mobile device management software to communicate with Apple devices safely and securely.
- Enroll the organization into Apple’s Device Enrollment Program (DEP). (Note – DEP is now called Automatic Device Enrollment)
Step 1
Log in to the Scalefusion portal. Navigate to Getting Started > Apple Setup; Select the DEP tab and click on the Configure Device Setup Settings button as seen above.
Step 2
Click on the Choose button to select a configuration containing an iOS device profile or device group
The configuration settings are deployed as soon as the Apple device is turned on. For devices in use, the configurations are applied after a factory reset. When the Apple device boots, the Apple server pushes the DEP configuration file to the device(s). It initiates the device enrollment process.
Wrapping Up
Once devices are enrolled via zero-touch, IT admins can enforce the automatic installation of apps, and employees can start using the devices that have the required policies and configurations set by Scalefusion MDM. Book a free 14-day trial to get hands-on experience in enrolling Android devices using Scalefusion MDM.
