Android Zero Touch Enrollment (ZTE) is the best approach when it comes to managing Android devices at scale. When deployed, employees just need to turn their device on, connect to the Wi-Fi network, and everything sets up by itself, from company email and security policies to work apps.
In this guide, you'll learn:
- What Android Zero-Touch Enrollment is
- Its benefits and prerequisites
- Step-by-step setup with miniOrange MDM
- Best practices and troubleshooting
- What happens when a device boots up
What is Android Zero-Touch Enrollment (ZTE)?
Android Zero-Touch Enrollment (also called Android Zero Touch Provisioning, or ZTP) is a device enrollment method by Android Enterprise that helps businesses automatically configure corporate-owned devices the moment they connect to the internet.
When combined with a Mobile Device Management (MDM) platform like miniOrange, it ensures that every Android phone or tablet:
- Automatically installs company apps
- Enforces security policies
- Locks down configurations in fully managed mode
Once assigned, devices are always managed, even after a factory reset.
Advantages & Benefits of Android Enterprise Zero Touch
1. Large-scale device deployment
Zero-Touch lets you assign entire batches of devices in one go, irrespective of device status or location.
2. Automatic re-enrollment after resets
Even if a user does a factory reset on the mobile device, Android ZTE will retain control over that device after the reset.
3. One-time profile creation
With Android ZTE in place, the IT admin needs to design the management policy only once in the Zero-Touch portal (or via your MDM solution), and every assigned device inherits it.
4. Better user experience & faster time-to-productivity
Users unpack the device, power it on, connect to Wi-Fi, and everything happens for them. They get to the "work experience" faster, without needing to contact IT.
5. Scalable across device lifecycle changes
Because zero-touch is tied to the device, not the user, devices can be reassigned or refreshed easily.
Prerequisites Before You Begin
| Requirement | Details |
|---|---|
| Supported Devices | Android 9.0 (Pie) or higher; must be Zero-Touch-capable (check with your reseller). |
| Zero-Touch Customer Account | Created through a Google-validated device reseller. |
| miniOrange MDM Solution | Needed to define and push policies, apps, and configurations. |
| Admin Access | The Google Account linking Zero-Touch must have Owner/Admin rights. |
| Internet Connection | Devices must connect to Wi-Fi or cellular data during first boot. |
Tip: Work only with Zero-Touch-validated resellers to ensure device compatibility.
How to Link Your Zero Touch Account with miniOrange MDM (Quick Steps)
Before linking anything, ensure Android Enterprise registration is complete in miniOrange and you have a Google Account with Owner rights.
Step 1: Verify Android Enterprise Registration
- Log in to your miniOrange MDM console.
- Go to Getting Started → Android.
- Confirm that you have registered your Android Enterprise.
Step 2: Open the Zero-Touch Tab
- Go to the Zero-Touch tab inside the miniOrange MDM dashboard.
- Click on Link Account in the Link Zero-Touch Account section.
Step 3: Choose the Correct Google Account
Sign in with your Google corporate account that was provided to your reseller (must have Owner role)
Step 4: Link and Confirm
- Select your organization's account and click Link.
- miniOrange will establish a secure connection to your Zero-Touch portal.
Step 5: Confirm and Save the Connection
- Once the accounts are linked, you'll see a confirmation message on the screen.
- Click Next, review the connection details, and then add your support contact information (such as company name, email, or phone number).
- Finally, click Save to complete the setup.
That's it — your Zero-Touch Customer Account is now officially linked to your miniOrange MDM.
Quick tips:
- Use a corporate Google account, not a personal Gmail. Google Help
- If linking fails, check reseller registration and account roles in the Zero-Touch portal.
- Test with a single device first: register its IMEI in the portal, apply a test configuration, then boot and confirm provisioning.
Common Considerations & Best Practices
Even though Zero-Touch is powerful, there are a few considerations and best practices to keep in mind:
1. Link/unlink carefully
If you ever delete or migrate your Android Enterprise setup, unlink Zero-Touch first. Otherwise your Zero-Touch account may become permanently locked or unusable.
2. Expiration & re-issuance of tokens
Zero-Touch configurations often have expiry settings. Monitor token expiration and renew before existing ones expire to avoid disruptions.
3. Role-based access control
Grant portal Owner / Admin / Manager roles only to trusted IT staff. Limit Viewer roles where appropriate. Audit regularly.
4. Monitoring & logs
Regularly review audit logs in the Zero-Touch portal — check for unassigned devices, config changes, or role additions.
5. Handling overseas / remote shipping
If devices ship across regions, ensure your Zero-Touch setup is regionally valid (reseller permissions, regional support).
How to Configure the Zero-Touch Enrollment Token
Once your Zero-Touch Customer Account is successfully linked with your Android Enterprise setup and MDM (like miniOrange), the next step is to configure the enrollment token.
Step 1: Open the Enrollment Configuration
In your miniOrange MDM dashboard, go to the section labeled Enrollment Configuration. This is where you define how Zero-Touch devices will behave the first time they're turned on.
Step 2: Choose the Right Group
Select the group. The policy of this group will be attached to the device right after enrollment, and the device will then be added to this group in your MDM dashboard.
Step 3: Set the Validity Duration
Next, choose how long the enrollment token will remain valid. You will need to create a new enrollment token after this duration so that the devices will be able to enroll in the future.
Note: This is the enrollment configuration for new or factory reset devices, and this doesn't remove the enrolled devices from MDM management.
Save the configuration, and you will see the next steps on the screen.
How to Configure the ZTE Customer Portal?
Step 1: Log into the Zero-Touch Portal
Go to https://zerotouch.google.com and sign in with your Zero-Touch Customer Account credentials. Once inside, navigate to the Configurations tab — this is where all device setup profiles are managed.
Step 2: Add a New Configuration
Click on the "+ Add Configuration" button to create a new profile. Choose Android Device Policy as EMM DPC. We need to copy the JSON value given in the MDM dashboard and paste it in the DPC Extras box.
Step 3: Save and Assign the Configuration
After filling in all the required details, click Add to save your configuration profile. You now have two options:
- Set it as Default: This ensures every new device automatically receives this configuration by default.
- Assign Manually: If you prefer, you can assign configurations individually to specific devices through the Devices tab.
This flexibility lets you apply different profiles for various departments or use cases, perfect for organizations with mixed device fleets.
What You'll Get on Your Android Device
Step 1: Device Activation
Turn on the device or Factory reset the devices that are already added in the zero touch portal.
Connect to the Wi-Fi, and it then starts to set up the device fresh.
Step 2: Automatic Enrollment
The device then automatically begins enrolling with miniOrange MDM. Once the device enters this process, it can't be set up in non-managed mode.
Step 3: Completion and Full Management Mode
Click on Accept and Continue and accept the next screens. Once setup is complete, the phone is fully managed and ready for business use.
Zero-Touch vs Other Enrollment Methods
| Feature | Zero-Touch | QR Code Enrollment | Knox/EMM (OEM) |
|---|---|---|---|
| Automation | Fully automated | Manual scan required | OEM-specific |
| Scale | Enterprise-ready | Small-scale only | Medium to large |
| Factory Reset Re-enroll | Yes | No | Limited |
| Setup Time/Device | Less than 1 minute | 5–10 minutes | 2–5 minutes |
| MDM Integration | Required | Optional | Required |
Final Thoughts & Next Steps
Android Zero-Touch Enrollment is a powerful tool in the enterprise toolkit. By automating device provisioning, enforcing management from day one, and minimizing manual efforts, it transforms how organizations deploy mobile fleets.
For growing organizations, it's not just convenience; it's essential infrastructure.
By combining ZTE with miniOrange MDM, you gain:
- End-to-end automation
- Compliance from first boot
- Centralized Android device management and reporting
Frequently Asked Question
What happens if a user skips Wi-Fi and tries to set up the device offline to avoid Zero-Touch Enrollment? Can they use it for personal purposes?
No, they can't. If the user sets up the device without Wi-Fi, it will only complete a partial setup. Since there's no internet, the required apps and configurations won't be installed, so the device won't work properly.
Once the device connects to the internet, it automatically detects the MDM management profile and displays a warning that it will reset soon. Within a few minutes, the device resets itself to factory settings, preventing any personal use.
Leave a Comment