Here’s just a quick one about DPC extras when enrolling a device with Android Zero Touch that might come in handy.
android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED
Android documentation https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED
System Apps are applications that comes on the device out of the box, this means its all apps that the manfucaturer has put on the device thats not part of the standard Android OS apps. For example Netflix and any OEM specific apps. We can enable or disable these app during enrollment with Zero touch. If we later want to do the same thing we can do that with Intune and Endpoint Manager if we want to.
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":false"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":trueExamples
Following device was enrolled with Zero Touch as a Dedicated device. Its a Samsung Xcover 5 running Android 11. The pictures below illustrates the difference between having the setting configured as false or true.
true
false
android.app.extra.PROVISIONING_LOCALE
Android documentation https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#EXTRA_PROVISIONING_LOCALE
"android.app.extra.PROVISIONING_LOCALE":"en_US""android.app.extra.PROVISIONING_LOCALE":"en_GB""android.app.extra.PROVISIONING_LOCALE":"se_SV""android.app.extra.PROVISIONING_LOCALE":"dn_DK""android.app.extra.PROVISIONING_LOCALE":"nb_NO"For the PROVISIONING_LOCALE this will override the user selection once the enrollment continues. For example if you have set the provisioning_locale to en_US and during the setup of the device the user chooses se_SV then it will apply the en_US once the user gets the Zero touch profile applied to their device during the enrollment process.
In this example the user selected Swedish as their language on during setup but the Android Zero Touch profile was configured with “android.app.extra.PROVISIONING_LOCALE”:”en_US” as such you can see here that it switches language during the process.
Full overview of all screens during the process:
If you want to use these 2 as part of your Zero Touch profile it would look something like this in the Zero Touch Portal:
That’s it for now, Don’t forget to follow me on twitter @timmyitdotcom
Do you know if this has changed somehow since this article was written? Im trying to enroll a Samsung phone to Intune with Android Zero Touch, and none of the DPC Extras seems to be working. The phone is enrolled to Intune with the correct token, so that part is working. But neither locale nor leave system apps true or false seems to be working.
I just tested a new enrollment with those 2 DPC extras and it worked just fine for me. I was using an Samsung Xcover 5 running Android 13.
What type of device and version of Android are you using ?
Hi Timmy,
We use the Google Zero-Touch enrollment method (as we don’t only own Samsung devices, so we don’t want to use Samsung Knox), and I managed to get the “LEAVE_ALL_SYSTEM_APPS_ENABLED” option working (works inside and outside the “ADMIN_EXTRAS_BUNDLE” part, so not sure what the preference would be).
But the “USE_MOBILE_DATA” option does not seem to do anything (always asks for WiFi (with the option to choose for mobile internet) instead of skipping that step and directly use mobile internet), both inside and outside the “ADMIN_EXTRAS_BUNDLE” part (and I also tried both true and false, but no differences whatsoever).
The “USE_MOBILE_DATA” option does seem to have the described behaviour when you add this setting to the QR-code enrollment method (or only wifi, or only mobile internet, not both), but we don’t want to use that.
See documentation for described behaviour:
https://developer.android.com/reference/android/app/admin/DevicePolicyManager#EXTRA_PROVISIONING_USE_MOBILE_DATA
And there are more settings which do not seem to do anything, for example:
“android.app.extra.PROVISIONING_DISCLAIMERS”
“android.app.extra.PROVISIONING_DISCLAIMER_HEADER”
“android.app.extra.PROVISIONING_DISCLAIMER_CONTENT”
“android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS”
“android.app.extra.PROVISIONING_SKIP_USER_CONSENT” (this one is already deprecated, so sounds logical that this one no longer works, but I do want to mention it)
But maybe I do not use them properly.
That’s why I’m trying them inside and outside of the “ADMIN_EXTRAS_BUNDLE” part, and it seems the 3 DISCLAIMER ones need to be used as a bundle (but how).
Like I said we don’t want to use Samsung Knox, but it seems within Free part of Samsung Knox there are some settings which make the enrollment procedure to skip some enduser actions, which makes the enrollent procedure a little bit shorter for our endusers.
And to me it looks like the same should be possible via the PDC Extra’s in Google Zero-Touch as well (for example: “SKIP_USER_CONSENT” and/or “SKIP_EDUCATION_SCREENS”).
(same goes for the extra Agreements option in Knox, it sounds like this is done via the 3 DISCLAIMER extra’s)
So perhaps you have some more information for me?
Thanks
George