Skip to main content
MEM v ENNBEE - Battles with Modern Device Management

Customising the Android Enterprise Enrolment QR Code

· loading ·
Intune Android Enrolment
Author
Nick Benton
Principal Cloud Endpoint Consultant and Intune Blogger
Table of Contents

We have already looked at allowing Android Enterprise enrolment using Mobile Data in a previous post, now it’s time to look at some of the other provisioning values that can be used to create a custom enrolment QR Code.

Configuration
#

This time, it’s adding in a WiFi profile, to allow the devices to auto-connect as part of the enrolment process…anything to make life easier for users.

Extracting the QR Code Data
#

First off you’ll need the QR code being used for your Android Enterprise enrolment, you can find this within the Android section of Microsoft Intune. Save this file to your computer and use an online reader to get the full QR code data:

{
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
   "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
      "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"SELECTED ENROLMENT TOKEN"
   }
}

WiFi Settings
#

We’re now going to add in four new lines of data into the existing JSON content from the Android Developer Reference Guide:

  • This is the SSID of the wireless network you want to connect to. "android.app.extra.PROVISIONING_WIFI_SSID":"WIFI_SSID"
  • This is the password of the wireless network. "android.app.extra.PROVISIONING_WIFI_PASSWORD":"WIFI_PASSWORD"
  • This is the security type of the network, select either none, WPA, WEP or EAP "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"NONE/WPA/WEP/EAP"
  • And finally whether the network is hidden to broadcast, using either true or false "android.app.extra.PROVISIONING_WIFI_HIDDEN":true/false
Now, please be aware that these settings are all available in plain text by anyone scanning the QR code, so I would recommend using a guest wireless network if you are going to allow you end users to use a corporate network to go through the enrolment process.

Updating the JSON Data
#

Now that we’ve got the required strings ready to be added, we need to update the existing JSON data. The below settings, need to go after the android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE" section:

"android.app.extra.PROVISIONING_WIFI_SSID":"corp-guest-wifi",
"android.app.extra.PROVISIONING_WIFI_PASSWORD":"supersecurepassword",
"android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
"android.app.extra.PROVISIONING_WIFI_HIDDEN": false

Full JSON Data
#

So the full JSON string should look like the below, with the SELECTED ENROLMENT TOKEN the correct one from the original QR code:

{
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
    "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
       "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"SELECTED ENROLMENT TOKEN"
    },
    "android.app.extra.PROVISIONING_WIFI_SSID":"corp-guest-wifi",
    "android.app.extra.PROVISIONING_WIFI_PASSWORD":"supersecurepassword",
    "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",
    "android.app.extra.PROVISIONING_WIFI_HIDDEN": false
 }

Creating a new QR Code
#

For completions sake, we should validate the JSON formatting using an online tool before we use a QR Code Generator to create our new QR code:

QR Code
QR Code for enrolment

Summary
#

This new QR Code can then be provided to your users, following successful testing, to allow them to enrol their new Android device in Microsoft Intune when in range of your corporate guest wireless network.

Related

Enrolling Android Enterprise devices Using Mobile Data
· loading
Intune Android Enrolment
With the change to Android 10+ requiring a wireless network to go through the Fully Managed device enrolment, you may be asking, “Well what if my users don’t have access to a wireless network?”, don’t fret, with a bit of effort you can regenerate a new QR code that allows the use of Mobile Data.
The Hidden Power of Windows Autopilot Group Tags
· loading
Intune Windows Autopilot Windows 10 and later Enrolment
So you’re using Windows Autopilot in some shape or form to deploy Windows 10/11 devices to your users, and you’re probably already familiar with the Autopilot dynamic group queries used for targetting these devices, right? Good. So what if you have multiple deployment profiles, or different device use cases with the same profile, or different user personas, or test and pilot deployments, or a range of applications, configurations or scripts that you want to separate out to the devices or users of the devices?
Bulk Adding Device Notes to Enrolled Devices
· loading
Intune Administration PowerShell
Ever had to add notes to Intune Managed Devices in bulk? Me either, well not until a few weeks ago when I needed an easy way to update the notes field on 100’s of devices. So luckily I stumbled upon a post by Paul Wetter about getting and setting notes on devices using Graph API, and specifically the Beta channel of Graph.