Set up zero-touch enrollment

To set up zero-touch enrollment in Sophos Mobile Admin, you configure the settings applied to zero-touch enabled Android devices (“zero-touch devices”) when they enroll with Sophos Mobile.

Requirements

You’ve created a task bundle for QR code enrollment. The task bundle must have an Assign policy task for an Android Enterprise device policy and must not have an Enroll task.
You’ve registered your organization with Android Enterprise in Better Together Enterprise or Managed Google Play Account mode. See Registration modes.

To set up zero-touch enrollment:

On the menu sidebar, select Setup > Google setup, and then select the Zero-touch tab.
Select Use zero-touch enrollment.
Under Zero-touch configuration settings, select DPC extras to configure settings applied to the device:
- Language: The language of the Android user interface.
- Time zone: The time zone set on the device.
- Enable system apps: On Android Enterprise fully managed devices, system apps with a launcher icon are disabled by default. Select this setting to keep all system apps enabled.
Based on your settings, Sophos Mobile creates a configuration code you must enter in the Google zero-touch enrollment portal.
Under Enrollment settings, configure the enrollment of zero-touch devices with Sophos Mobile:
- Device group: The device group devices are assigned to.
- Task bundle: The task bundle transferred to the device.
- User authentication: Clear this checkbox to enroll user-less devices such as kiosk devices. User-less devices are Android Enterprise fully managed devices that you don’t connect to an email account during enrollment. For details on user-less Android devices, see User-less Android devices.
Select Save to save the enrollment settings.

To complete the zero-touch enrollment setup, create a configuration for Sophos Mobile in the Google zero-touch enrollment portal.