Provisioning

How do I enroll a personal device in a work profile?

Open EMM Console to the Policies screen.
On the desired work profile policy, click Generate Enrollment Barcode.
Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click Generate.
Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.
Provide the codes (and their expiration date) to the end-users who will be enrolling their personal devices.

In their personal Google Play store on their device, install Android Device Policy Controller (DPC).
Open Android DPC to the Enroll this device screen and click Next.
Scan QR code provided by the IT administrator or press Enter code to type code manually.
Click View terms to review general work profile information about the IT administrator’s access and any organization-specific terms and conditions. Click Accept & continue.
Once the work profile finishes loading, click Next.
Profile registers. Screen continues to Set up your work profile with steps designated by the IT administrator.
Follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.
Click Install to install work apps. Click Next once complete.
Click Done to return to device. It will now have a separate section for work profile apps (how these are divided may vary by device).

Open EMM Console to the Policies screen.
On the desired policy, click Generate Enrollment Barcode.
Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click Generate.
Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.

The device must start out at factory reset state.
Press Start on the initial startup screen.
If the device has a barcode scanner and has a built-in option to set up off of a barcode, scan the QR code now, which automates steps 5-6 and 8-9.
Select and login to a WiFi network.
When prompted to copy apps and data from the cloud, select Set up as new.
When prompted to login to a Google account, in the Email or phone field enter the EMM token afw#setup and submit.
The device will begin setting up for Android for Work, and will provide a View terms link to Google’s terms and conditions. Click Accept & continue.
Enroll this device screen will display. Click Next.
Scan the QR code or press Enter code to manually type in the code.
When the device finishes updating, follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.
Click Install to install work apps. Click Next once complete.
The device opens to its designated main page - either the Android home if a managed device, or the kiosked app/set of apps if a dedicated device.

Zero-touch enrollment is a process which configures Android devices to their owners’ specifications out of the box with minimal user selection. On first boot or factory reset, the device checks for a configuration, downloads the appropriate DPC, and proceeds through setup. In order for the company IT administrator to register for a customer zero-touch account, the company must receive its devices from a reseller with a reseller zero-touch account. For more information, see Google’s article on Zero-touch enrollment for IT admins.
Register for a zero-touch portal customer account here, or the company’s device reseller can add a customer account.

Open EMM Console to the Policies screen.
On the desired policy, click Generate Enrollment Barcode.
Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click Generate.
Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.

Click Configurations in the navigation panel.
Click + in the Configurations table to add a configuration.
Configuration Name: Enter a name for the configuration.
EMM DPC: Select “Android Device Policy.”
DPC Extras should be left empty
Company name: Enter company name as would like it displayed to the user during provisioning.
Support email address: Enter the email address to be displayed on the provisioning screen for the user to contact with issues during setup.
Support phone number: Enter the phone number to be displayed on the provisioning screen for the user to contact with issues during setup.
Custom message (Optional): Enter a brief message to be displayed on the support contact info screen before provisioning.
Click Add to save the configuration.
Click Devices in the navigation panel.
Locate the device to be configured with zero touch and set the appropriate configuration.

Boot device for the first time or factory reset it. Press the Start button on the initial setup screen.
If there are multiple options to proceed through setup (e.g. scanning a barcode and manual setup), zero-touch will block options other than manual setup.
Device will display a message stating that it “will be managed and kept secure” by the organization. It will have a View terms link for Google’s terms and conditions and a link to the contact information that the organization’s IT administrator entered in the Zero-Touch Portal.
Click Accept & continue.
Android DPC is automatically installed. Enroll this device screen is displayed. Click Next.
Scan the QR code or press Enter code to manually type in the code.
When the device finishes updating, follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.
Click Install to install work apps. Click Next once complete. The device opens to its designated main page - either the Android home if a managed device, or the kiosked app/set of apps if a dedicated device.