A few weeks back in Microsofts service release for Endpoint Manager 2208 there was one thing that caught my attention and that was the introduction to a feature that were related to Android Zero Touch.
Week of August 15, 2022 (Service release 2208)
The documentation on this is somewhat limited as of right now but I wanted to test it out and see what it actually does. In the past we had to always go to partner.android.com/zerotouch to manage the configuration and link the devices to the correct profile etc but maybe the intergration with Intune directly makes life a bit simpler.
Setup from the MEM portal
In the MEM portal Devices – > Android -> Android Enrollment we will find the new functionallity under Bulk enrollment methods and Zero-touch enrollment. Clicking on that will take you through the setup and configuration.
The setup is pretty straight forward, first you login with your account associated with Android Zero touch
and then you select which organization or company to you want to link (This means all the devices registered in Zero touch). Once linked you can check the configuration information and that just shows you the DPC settings it have configured.
By default from my expereience the profile type it selected for Zero Touch was the “Corporate-owned, fully managed user device” and we can not change that during the configuration or afterwards.
Next step is to add the support information about your company.
If we go back to the Zero touch portal we can now see that a new profile has been created thats called “Enterprise Default Profile” on device level.
However this profile will not show up under the Configuration tab where you see all the once you have created in the past. Personally I find this a bit strange and would exspect it to show up.
And if we open developer tools in our browser and look at the network traffic we can see that we do actually get the new profile to show up but it won’t be visable.
First impression and conclusions
This new feature at its current state makes me a bit confused and I would exspect it to change and improve over time. Not being able to change the default profile or adding multiples ones from the MEM portal forces you to still do all the configuration from the Zero touch portal. Single pane of glass has been one of the things Microsoft has pushed for why you should use the MEM portal and over times it keeps getting better and better. I hope we can see this feature to move in that direction as well.
Already using Android Zero Touch
If you are already using Zero touch and have it configured there’s no reason for linking it up through the MEM portal right now. I can’t find any value or benefit for doing so at this time, but I would for sure keep my eye on it and see how it improves over time.
About to get started with Android Zero Touch
If you are about to start your journey with Zero touch the only reason why you would perhaps consider linking it up through the MEM portal would only be if you are only planning to use “Corporate-owned, fully managed user device” for all of your devices.
As soon as you want to have another profile, multiple ones or change the DPC settings you still need to create them in the Zero Touch portal and you can’t change any of the configuration from MEM.
That’s it for this time, Don’t forget to follow me on twitter @timmyitdotcom
Hi,
thanks for the investigation. When we link it, where do we see that assigned ““Enterprise Default Profile” in the zero touch portal in Intune? Which config/compliance policy is used for that “Enterprise Default Profile” in Intune?
Thanks