zero-touch-enrollment

The number of mobile devices in companies has increased dramatically in recent years and companies tend to enable their workforce through mobile as well. Although this is a real advantage for employees, technical departments have to make a lot of effort to cope with this increase. For IT admins especially, scaling a mobile fleet can cause some headaches and lots of manual work.

Zero-touch is one way of dealing with this phenomenon and allows companies to quickly scale their business.

What is Zero-touch in device management?

Zero-touch is a process that allows the automatic configuration and deployment of mobile devices (smartphones, tablets and laptops).

This means that any settings defined as a standard by the company are automatically installed on the devices without any  IT intervention after the purchase or employees adding their level of customisation. Effectively this means that the configuration is made one time for many devices.

Also, Zero-touch enabled EMM allow device updates to be spread automatically instead of reworking each device to apply a given change.

What are the five benefits of Zero-Touch for a company ?

Time saving

It is a way to relieve the technical departments: they no longer need to configure the devices one by one because they arrive ready to go.

The technical team and employees can therefore concentrate on the priority tasks.

First, Zero-Touch is automation of IT work that was previously manual. IT admins used to unbox each device, then allow it to boot in order to apply its settings. It is estimated that an average device setup takes about 20 minutes if you have to manually apply network settings, security settings and configure accounts or apps.

Second, Zero-Touch saves time in logistics required to have a device delivered to the employee. Without Zero-Touch, IT has to physically receive and setup the device before routing it to the right employee. With Zero-Touch, IT can deliver the order from the manufacturer to the employee directly.

Greater freedom in remote working

An administrator, from anywhere, can have fully configured computers delivered to his employees, wherever they are.

With the emergence of teleworking, new employees can use their new device without having to go through the technical team to configure it, whether they are working in your offices or remotely. 

Less error possible

A great benefit of using Zero-Touch is about preventing human error. Configuring devices individually by hand isn’t only time consuming, it is also error-prone. If one configuration mistake is made or the wrong configuration is applied, it might require some more time to fix. Also, hand-made configurations can’t scale rapidly.

Whereas Zero-Touch’s close bind with Mobile Device Management makes all work completed upstream with the creation of configuration templates that are immediately deployable, scalable and editable.

A better and more durable user experience

Zero-Touch eliminates the need of physical intervention during employee support requests. Combined with Mobile Device Management, OS updates and configuration changes can be applied  remotely. Within the Mobile Device Management console, IT admins can also access and interact with all information about the device’s state and current configuration.

Greater data security

Another benefit of Zero-Touch is that when combined with Mobile Device Management, security settings can be applied and changed remotely. IT admins can define policies to apply to devices and even create dynamic security policies depending on the use-case or device type. These policies can be applied once the device has been set but also over the device’s lifespan when using EMM. Without Zero-Touch, applying any security policy requires IT to have physical access to the device.

In the event a device is lost or stolen, IT admins can remotely lock or wipe the device. Devices that are enrolled with Zero-Touch are permanently locked in with management. 

They can’t be repurposed by users themselves or sold without IT approval. Learn more about Zero Touch and Mobile Device Management.

Accessible to all 

Zero Touch as a concept is available on both iOS and Android modern versions.

Zero-Touch on Android and iOS

Android and iOS have each developed their own implementation of Zero Touch. While concepts and end-results remain the same, the implementation can be different.

Android Zero-Touch

Android’s Zero-Touch enrollment allows for large-scale Android deployments. On first boot, devices check to see if they were assigned to enterprise management and configuration.

Once the device is connected to the Internet, configuration settings are applied automatically and the device is provisioned for management.

To enable this process, IT admins need to purchase their devices from a specialized reseller within Android’s Enterprise Solution Directory. Purchased devices can then be linked through the Zero-Touch portal with the EMM (Enterprise Mobility Management) solution of your choice, such as Appaloosa.

Default or customized device settings can then be set up directly from the EMM portal.

iOS DEP is Zero-Touch

On iOS, the Zero-Touch concept is mostly known as Device Enrollment Program (DEP) or lately as Automated Device Enrollment (ADE). Unlike Google, device purchases must be made directly from Apple or authorized resellers.

Your company must set up Apple Business Manager and link it with the EMM of your choice.

From Apple Business Manager, Automated Device Enrollment Configuration settings will allow your organization to select a default EMM solution for devices. Alternatively, businesses can also assign different EMMs based on the device type.

Zero-Touch on iOS offers many customization options to facilitate the preparation of devices running iOS such as selective skipping first configuration steps for end-users.

So if you are planning to renew the mobile devices of your company and want to get them up and running quickly, consider using Zero-touch enrollment. You will get rid of manual installations. Your IT department will save time and your employees can quickly get to work.

Consider Appaloosa when looking for EMM solutions with Zero-Touch support. Appaloosa supports both iOS and Android with a simple to use MDM platform.

Julien Ott
January 25, 2023