Zero Touch Enrollment of Android Endpoints for Remote Workers

With the advent of Covid-19, working from home instantly became a necessity for many employees. While many organizations already had flexible policies to support remote workers, others were forced to make changes to enable their employees and contractors as soon as possible.

Employees who work remotely are often offered a choice of either corporate-owned business-only (COBO) or corporate-owned, personally enabled (COPE) Android endpoints. IT can ship these Android devices to remote users and seamlessly onboard users, so that when users log in to their devices for the first time, they are automatically onboarded using zero touch enrollment. Combined with Mobileiron, organizations can provide seamless device and user provisioning, configuration, application deployment and security and control for every type of remote user, including frontline responders, knowledge workers and contractors. 


What is zero touch enrollment for Android endpoints?

Onboarding a fleet of Android devices manually can be challenging for any organization given that there are many vendors of Android devices available today such as Google, HTC, LG, Samsung, Zebra, Honeywell and more. Zero touch enrollment along with Mobileiron UEM is the process of automating the onboarding, user provisioning, configuration, application deployment and security and control of Android endpoints for users including remote workers. With zero touch enrollment you can also:

  • Seamlessly and quickly onboard remote users on Android endpoints
  • Provision the devices in specific modes based on the privacy/security requirements

You can expedite user provisioning for corporate owned Android devices with native user experience. With UEM and zero touch enrollment you can:

  • Automate user provisioning when users log into devices  
  • Centrally configure and push user email, Wi-Fi, and VPN settings 
  • Set device-security standards
  • Track device inventory and details

Zero touch enrollment enables simplified application distribution and management by delivering applications and updates right out of the box. You can also:

  • Seamlessly install business applications to the device
  • Disallow and block unauthorized application install  
  • Automate application and Android updates




Using zero touch enrollment and UEM you can rapidly secure your corporate data and its privacy. You can:

  • Secure your corporate data on device by enforcing passcodes and activating disk encryption
  • Ensure data privacy compliance by separating corporate data from end user data on your device 

As mentioned previously zero touch enrollment is applicable only to COBO and COPE Android devices and not to BYOD.  


Benefits of zero touch enrollment

Below are the top three benefits of zero touch enrollment:

  • Improve productivity with automated user onboarding and provisioning. This is especially important for remote users and frontline responders such as nurses, doctors, and grocery store workers who all need to be enabled quickly to respond to emergency situations like Covid-19.
  • Provide a seamless and native user experience for corporate owned Android endpoint of their choices.  MobileIron supports native zero touch enrollment for various Android device vendors including Google, Samsung, HTC, LG, Zebra and Honeywell.
  • Combined with UEM, maintain data privacy compliance by separating user data from corporate. MobileIron enables this for both COBO and COPE Android devices  


Examples of zero touch enrollment for Android vendors

There are several Android vendors that provide zero touch enrollment, such as Google Zero Touch Provisioning (ZTP) and Samsung Knox Mobile Enrollment. The vendor enrollments are detailed below with their authentication methods and requirements.





Corporate Owned, Business Only (COBO)

Corporate Owned, Personally Enabled (COPE)

Privacy Policy

  • Fully managed
  • Stringent company privacy policy
  • All device data can be wiped

Privacy Policy

  • Fully managed
  • Dual persona
  • Stringent company privacy policy
  • Moderate user privacy policy
  • All device data can be wiped

Enrollment Recommendations

  • Android Zero Touch
  • Samsung KNOX Mobile Enrollment

Enrollment Recommendations

  • Android Zero Touch
  • Samsung KNOX Mobile Enrollment

Android Enterprise: Work Managed Device (AFW)

Android Enterprise: 
Managed Device with Work Profile

Work Managed Device (Device Owner)

Managed Device with Work Profile (Profile Owner)

Single or Multi-User Kiosk



As you can see, there are several Android zero touch enrollment options for organizations to onboard remote users seamlessly and quickly with Android native user experience, increasing productivity. In combination with UEM, organizations can also meet the provisioning, configuration, security and manageability needs of admins. If you would like to learn more about COPE and COBO enrollment options made available via MobileIron and Android, please register for an upcoming webinar.



Download this infographic as a PDF


Sam Kumarsamy

Sam Kumarsamy

Director of Product Marketing

About the author

Sam Kumarsamy brings more than 20 years of experience in marketing, sales and business development at Gigamon, Infoblox, Blue Coat, Check Point, Cisco, Citrix, E&Y as well as successful VC-funded security and networking startups. Currently he is the Director of Product Marketing at MobileIron responsible for GTM strategy and marketing of cloud based unified end point management product and solutions. He has promoted, launched and sold several disruptive products, services and solutions globally, both directly to customers as well as through channels. Sam has a bachelor’s degree in engineering from India and an MBA from W.P. Carey School of Business at Arizona State University.