Our Voice

What is Cloud Transformation? The Complete Guide

Discover what cloud transformation means, its benefits, and how CWSI helps businesses modernise IT systems and drive innovation through cloud solutions.

Learn More
BOOK A MEETING

Enrolling Zebra Devices to MDM for Android Enterprise Device Owner (AEDO) Mode Using StageNow

A recent project involved securing and managing Zebra Android-based ruggedised scanning guns (Zebra MC93’s). The ideal solution was an Android Enterprise (AE) kiosk, but first we needed to get the device into Android Enterprise Device Owner (AEDO) mode, a prerequisite for an AE kiosk.

Android Enterprise Zero-touch (ZT) will do this for you as part of the setup process, but in this case ZT was not an option. As the devices in-question do not have cameras, NFC-bump and QR-code AE enrolment does not appear to be supported – an unusual oversight from Zebra/Google here, given these devices’ raison d’être is to scan codes and read NFC tags.  Token enrolment (afw#your_mdm_here) was an option, but we were trying to avoid as much typing as possible during the setup process.

This is where Zebra’s StageNow tool is fantastic. StageNow is a free Windows-based tool that allows you to build configuration workflows for Zebra devices, which it encodes into barcodes (and in some cases additional package files) that you can subsequently scan with the devices to apply the configurations in seconds.

The “Enroll in an MDM” StageNow wizard will create a barcode that can be scanned on the very first screen of the Android setup wizard, causing the device to join a Wi-Fi network, skip the wizard, download the MDM agent, install and launch it.  There’s only one problem: the “Enroll in an MDM” wizard in StageNow will only enrol AE devices into Device Owner mode for the SOTI MDM solution, for all other MDM solutions the devices will only be in Work Profile mode.

MDM for Android Using StageNow Step-by-step Process

Step 1

After a bit of digging, the only difference between the StageNow configuration package that does MDM enrolment for SOTI vs. other MDMs, is a single Intent call to the MDM agent app – “Enroll a Device Owner”. This Intent in StageNow requires a Package Name (your MDM agent) and Class Name (your MDM agent’s Device Owner enrolment class); the next trick is figuring out what these are for your MDM solution.

Step 2

In the case of this project, the MDM was MobileIron Core.  MobileIron provide an app called Provisioner, which generates QR-codes/NFC-bumps that are used during the enrolment of Android Enterprise devices with a camera/NFC-reader.  Decoding one of these QR codes (plenty of free apps to achieve this) gives you content something like this –

Step 3

The value of interest here is PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME”: “com.mobileiron/.receiver.MIDeviceAdmin”, which tells Android to provision the com.mobileiron package as Device Owner via the class com.mobileiron.receiver.MIDeviceAdmin.  We can use this information in our StageNow Intent to make the MobileIron agent Device Owner –

Note the “Enroll a Device Owner” Intent should be called after the MDM agent is installed, but before it is launched. As you cannot add steps to a StageNow wizard-based Profile (like “Enroll in an MDM”), you’ll need to use an Xpert Mode custom profile and add the various steps yourself. It might looks something like this –

Step 4

Create a new Xpert Mode Profile and give it a name.  You’ll then be asked to add any StageNowConfig and/or Deploy steps to the Profile, you’ll want one Wi-fi config to add a Wi-fi network to the device then another to join that Wi-fi network –

Step 5

Then in the Deploy stage, you’ll want a FileMgr step to download the MDM agent APK, an AppMgr step to install the downloaded APK, an Intent to make the agent Device Owner and an Intent to launch the agent –

Step 6

Next you can work through these six steps and configure them appropriately.  The first Wi-fi step you should use to add a Wi-fi network –

Step 7

The next Wi-fi step will tell the device to connect to the network you added in the previous step –

Step 8

Now onto the Deploy steps, the first of which is to download the latest MDM agent APK and store it on the device –

Step 9

The next step will install the APK downloaded in the previous step –

Step 10

Next is the Intent used to make the MDM agent Device Owner –

Step 11

The last step then will be to launch the MDM agent –

The Publish page will allow you test the Profile, it will present a barcode on-screen that if scanned from the first page of the Android setup wizard on a new or factory reset Android device, should join your Wi-fi, download and install the MDM agent, make it Device Owner and launch it so you can log in. Assuming the config is done in your MDM to support it, the device should now be in either Device Owner (AEDO) or Device Owner with Work Profile mode!

I hope you find this guide useful – the reason I’ve decided to put this together was the lack of material for this specific type of enrolment, in my research I found this guide from Jason Bayton to be particularly useful. So be sure to check his material out if you are doing any further research. If you would like to learn more about the work we do you can visit our case studies or solutions sections.

For what it’s worth, these are the Intent details you need for some of the MDMs we came across –

MDMPackage NameClass Name for “Enroll a Device Owner” IntentClass Name for launching the MDM agent Intent
MobileIron Corecom.mobileIroncom.mobileiron.receiver.MIDeviceAdmincom.mobileiron.MIClientMain
MobileIron Cloudcom.mobileiron.anyware.androidcom.mobileiron.polaris.manager.device.AndroidDeviceAdminReceivercom.mobileiron.polaris.manager.ui.StartActivity
SOTInet.soti.mobicontrol.androidworknet.soti.mobicontrol.admin.DeviceAdminAdapternet.soti.mobicontrol.startup.SplashActivity
Microsoft InTunecom.microsoft.windowsintune.companyportalcom.microsoft.omadm.client.PolicyManagerReceivercom.microsoft.windowsintune.companyportal.views.SplashActivity

How to Install OS Updates Using Zebra StageNow

By following these 11 steps, you’ll learn how to install OS updates using Zebra StageNow:

  1. Select the ‘Create New Profile’ option.
  2. Secondly, select the MX version from the drop-down menu.
  3. Thirdly, click the Perform OS Update Wizard, and select Create.
  4. Enter a name for the profile and select Start.
  5. To choose to connect to this network using StageNow bar codes, select Yes, and then select Continue.
  6. Look at Profiles / Connect Network for instructions on how to connect to a network and how to populate the settings window.
  7. If presented, select whether to connect to this network using the Rapid Deployment (RD) Client. Click Yes for devices that don’t include the StageNow Client.
  8. If you selected Yes, choose whether to set up Wi-Fi options and/or Wi-Fi profiles. See Setting Types / Wi-Fi manager.
  9. Choose a method for performing the OS update, and then select Continue.
  • Select No, I would like to download the file to push an OS update zip file to the device.
  • Select Yes, I want to apply the file to use an OS update zip file that already resides on the device.
  1. If you selected No, I would like to download the file:
  • Select whether to prevent Wi-Fi from turning off while downloading. See Setting Types / Wi-Fi for information.
  • Enter the information for the ZIP file. See Setting Types / File for more information on the File Manager.
  • Select whether to allow Wi-Fi to turn off after downloading. See Setting Types / Wi-Fi for information.
  1. Enter the information for the ZIP file. See Setting Types / Power for more information on the Power Manager.
  2. Select Continue to apply the update and proceed to the Review window.

Contact us

Contact us to learn more about how we can help with Android Enterprise Device Owner mode and enable your organisation to thrive in a mobile-first world.

Relevant Resources

Our Voice

What is Cloud Transformation? The Complete Guide

Discover what cloud transformation means, its benefits, and how CWSI helps businesses modernise IT systems and drive innovation through cloud solutions.

Learn More

Our Voice

The Complete Guide to Advanced Persistent Threats

Learn everything you need to know about Advanced Persistent Threats in this guide by CWSI. Get in touch today for more information.

Learn More

Our Voice

The Complete Guide to Cyber Threat Actors: Understanding and Defending Against Digital Threats

Learn all you need to know about Cyber Threat Actors in this detailed guide from CWSI. We discuss different actor groups, techniques and tactics.

Learn More