First look at managing Android updates for Zebra devices with Intune

Managing updates is always a hot topic and when it comes to managing updates for Android devices its a mixed blessing. I have previously covered how you manage updates for your Samsung devices with the help of E-FOTA and Intune that you can find here:

This time I will take a first look at a preview feature that was introduced in Intune a few weeks back when Microsoft announced the support for Firmware over-the-air updates (FOTA) for Zebra devices.

This gives admins the capability to in a granular way manage updates to their fleet of Zebra devices. Lets have a look and see what we can do with it !

Setup and configure – Firmware over-the-air update

From the Intune portal, Navigate to Tenant Administration -> Connectors and tokens -> Firmware over-the-air update (preview) and click on “Zebra”. Follow the instruction on the page

clicking on the “Authorize Intune on the Zebra Portal” opens a new tab in your browser where you have to be logged into your Zebra account ( ) and from there you need to allow the permissions.

Once back, you can copy the Enrollment Token ( you need the token later on when we configure the App configuration policy)

We have now connected our Intune tenant with the backend services from Zebra. Lets move on to configure the Apps needed.

Get the required Apps and configurations

Next up is to get the apps we need and the configuration that’s required.

From the Intune portal, navigate to Apps -> Android Apps -> Add -> Managed google Play App

The 2 apps you want to approve are

Zebra Common Transport Layer
Zebra Enrollment Manager

App configuration profile

We need to create 2 App configuration policies. One for each app we just assigned to our Zebra devices. these configurations will make sure the apps has the required configuration and permissions on the device.

Zebra Enrollment Manager

From portal, navigate to Apps -> App Configuration policies

first we will create a policy for the Zebra Enrollment Manager application where we select the platform to be Android Enterprise and the profile type will be “Fully Managed, Dedicated and Corporate work-profile only

On the Settings pane, Add a configuration setting using the “Configuration Settings format – Use configuration designer“. Select the 2 configuration we get, Action and Claim Device Token.

Use the token you retrieved earlier and paste that in to the Claim Device Token field and select Claim Device for the Action. Add permissions and select the “Phone State (read) and configure it to “Auto grant

From here we just need to assign the policy to the correct group.

Zebra Common Transport Layer

Now its time to create another policy but for the Zebra Common Transport Layer app.

Now we should have 2 different App configuration policies created and assigned to our Zebra devices.

Creating and deploying updates

Next up is the creation of our Update deployment, navigate to Devices -> Android -> Android FOTA deployments (preview) and click on “Create Deployment

Give the Deployment a name and move along to the settings part

In this example we will pick a custom release and specify one model type, in this case its the Zebra TC26. By the looks of it you need to create a deployment per model type if you have multiple types of models you need to cover. Meaning that you can’t seem to target different models in the same policy.

After selecting the custom release, TC26 as our model and what version we want to target it looks like this

One really nice thing is that once you have selected the Firmware version you can click on “Manufacture release note” and choose “Download PDF” which brings you to the documentation for that specific firmware which can be super helpful and I like this because then I don’t have to spend time to google my way through and finding what’s in that specific update.

Now we need to determine what our Deployment Schedule should look like. For the sake of simplicity I will be choosing “Run as soon as possible“. But we have the option to schedule when the update should start.

Device condition lets us determine whats the minimum battery level for perfoming patching (Range between 30-100) or if we require the device to be connected to a charger and also what Network type it requires to download the firmware.

Once done, we target the group we want to deploy this policy. And here’s the Deployment overview.

In the portal, we get a status update that the deployment is in progress

Firmware getting applied

We have created our deployment and next would be to take a look at what do we see on our Zebra device once the process has started to update the device with the firmware we selected.

The first thing that popped up was an indication that the system update could not be applied because the battery level was below 40% that was configured in our policy.

Once we reached 40% battery level we got this notification:

After the preparation the OS update started automatically and told us it was working on it.

System Update information was also update with the latest Baseline and Patch Level information on the device.

If we look at the Hardware information we get from the device in Intune, we can see that the information on the current “Operating system build number” and “Security Patch level” has been updated.

Heading back to Devices -> Android -> Android FOTA Deployments and looking at our deployment we can now see that it reports back as “Completed

That’s it for this time, Don’t forget to follow me on twitter @timmyitdotcom


Leave a Reply