Skip to main content
MEM v ENNBEE - Battles with Modern Device Management

Enrolling Android Enterprise devices Using Mobile Data

· loading ·
Intune Android Enrolment
Author
Nick Benton
Principal Cloud Endpoint Consultant and Intune Blogger
Table of Contents

With the change to Android 10+ requiring a wireless network to go through the Fully Managed device enrolment, you may be asking, “Well what if my users don’t have access to a wireless network?”, don’t fret, with a bit of effort you can regenerate a new QR code that allows the use of Mobile Data.

Configuration
#

The below sections detail the steps to generate a new QR code for enrolment, allowing the use of Mobile Data.

Get the QR Code Data
#

Use QR Reader on an existing phone or using an online reader to get the full QR code data:

{
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
   "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
      "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"TOKENVALUE"
   }
}

Updating the JSON Content
#

Add in the below code snippet before the android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE section:

"android.app.extra.PROVISIONING_USE_MOBILE_DATA":true,

So the full JSON string should look like the below, with the TOKENVALUE obviously the correct one:

{
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
   "android.app.extra.PROVISIONING_USE_MOBILE_DATA":true,
   "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
      "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"TOKENVALUE"
   }
}

Summary
#

Copy the string and paste it into an online QR code generator to generate the new QR code. This can then be provided to your users, pending testing, to allow them to enrol their new Android device in Microsoft Intune, whether connected to wireless or mobile data.

Related

Renaming Windows Autopilot Hybrid Joined Devices
· loading
Intune Windows 10 and later Windows Autopilot Hybrid Azure AD PowerShell
You’ve probably hit the limitation with Windows Autopilot Hybrid Azure AD Join deployments and the device name templates being less than flexible, restricting to only a prefix and, well, that’s it. You’ve also probably been asked whether you can configure the device name to match an asset tag or another unique bit of information, well this script, adapted from an existing one by Michael Niehaus can help.
Enabling BitLocker and WinRE on failed Windows Devices
· loading
Intune Windows 10 and later BitLocker Security Encryption PowerShell
You may have enabled and configure BitLocker for silent encryption on your Windows 10 Autopilot joined devices, but have you had the headache of devices that don’t have a Windows Recovery Environment (WinRE) configured? Yep? Me too… What you’ll see in either the BitLocker-API event log, or within the Encryption Readiness reporting in Microsoft Intune the following, glorious error:
About
I’m Nick Benton, an end-user computing specialist with over a decade of experience in consulting, architecture, design, and implementation of modern device management, and enterprise mobility solutions. I’m currently the Principal Consultant for Device Management at Phoenix Software Ltd who are the Microsoft Partner of the Year for Modern Endpoint Management 2023, where my main focus is assisting customers in their road to a modern workplace using Microsoft Intune, with a focus on migration, security and zero touch deployments.