Skip to main content
Battles with Modern Device Management

Customising the Android Enterprise Enrolment QR Code

·2 mins· 0
Intune Android Enrolment
Author
Nick Benton
Principal Modern Device Management Consultant and Intune Blogger
Table of Contents

Introduction #

We have already looked at allowing Android Enterprise enrolment using Mobile Data in a previous post, now it’s time to look at some of the other provisioning values that can be used to create a custom enrolment QR Code.

Configuration #

This time, it’s adding in a WiFi profile, to allow the devices to auto-connect as part of the enrolment process…anything to make life easier for users.

Extracting the QR Code Data #

First off you’ll need the QR code being used for your Android Enterprise enrolment, you can find this within the Android section of Microsoft Intune. Save this file to your computer and use an online reader to get the full QR code data:

{
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
   "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
      "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"SELECTED ENROLMENT TOKEN"
   }
}

WiFi Settings #

We’re now going to add in four new lines of data into the existing JSON content from the Android Developer Reference Guide:

  • This is the SSID of the wireless network you want to connect to. "android.app.extra.PROVISIONING_WIFI_SSID":"WIFI_SSID"
  • This is the password of the wireless network. "android.app.extra.PROVISIONING_WIFI_PASSWORD":"WIFI_PASSWORD"
  • This is the security type of the network, select either none, WPA, WEP or EAP "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"NONE/WPA/WEP/EAP"
  • And finally whether the network is hidden to broadcast, using either true or false "android.app.extra.PROVISIONING_WIFI_HIDDEN":true/false
Now, please be aware that these settings are all available in plain text by anyone scanning the QR code, so I would recommend using a guest wireless network if you are going to allow you end users to use a corporate network to go through the enrolment process.

Updating the JSON Data #

Now that we’ve got the required strings ready to be added, we need to update the existing JSON data. The below settings, need to go after the android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE" section:

"android.app.extra.PROVISIONING_WIFI_SSID":"corp-guest-wifi",
"android.app.extra.PROVISIONING_WIFI_PASSWORD":"supersecurepassword",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
"android.app.extra.PROVISIONING_WIFI_HIDDEN": false

Full JSON Data #

So the full JSON string should look like the below, with the SELECTED ENROLMENT TOKEN the correct one from the original QR code:

{
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
    "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
       "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"SELECTED ENROLMENT TOKEN"
    },
    "android.app.extra.PROVISIONING_WIFI_SSID":"corp-guest-wifi",
    "android.app.extra.PROVISIONING_WIFI_PASSWORD":"supersecurepassword",
    "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
    "android.app.extra.PROVISIONING_WIFI_HIDDEN": false
 }

Creating a new QR Code #

For completions sake, we should validate the JSON formatting using an online tool before we use a QR Code Generator to create our new QR code:

QR Code

Summary #

This new QR Code can then be provided to your users, pending testing, to allow them to enrol their new Android device in Microsoft Intune when in range of your corporate guest wireless network.

Related

Enrolling Android Enterprise devices Using Mobile Data
·1 min· 0
Intune Android Enrolment
What happens when your Android Fully Managed Corporate Owned users get a new Android 11 device and they can’t enrol to Intune using mobile data, well there’s a fix for that.
The Hidden Power of Windows Autopilot Group Tags
·5 mins· 0
Intune Windows Autopilot Windows 10 and later Enrolment
A hidden gem with Autopilot service, is the Group Tag attribute for Autopilot devices, this tag can be provided during the pre-registration by a supplier or OEM, and can be configured or updated after the device has been imported. What can we use it for in Intune?
Bulk Adding Device Notes to Enrolled Devices
·4 mins· 0
Intune Administration PowerShell
Ever had to add notes to Intune Managed Devices in bulk? Me either, well not until a few weeks ago when I needed an easy way to update the notes field on 100’s of devices.