Set up zero-touch enrollment

To set up zero-touch enrollment in Sophos Mobile Admin, you configure the settings applied to zero-touch enabled Android devices (“zero-touch devices”) when they enroll with Sophos Mobile.

Requirements

You’ve created a task bundle for QR code enrollment. The task bundle must have an Assign policy task for an Android Enterprise device policy and must not have an Enroll task.
Enrolling user-less devices requires the Managed Google Play account scenario. See Managed Google Play Account scenario.

To set up zero-touch enrollment:

On the menu sidebar, select Setup > Google setup, and then select the Zero-touch tab.
Select Use zero-touch enrollment.
Under Zero-touch configuration settings, select DPC extras to configure settings applied to the device:
- Language: The language of the Android user interface.
- Time zone: The time zone set on the device.
- Enable system apps: On Android Enterprise fully managed devices, system apps with a launcher icon are disabled by default. Select this setting to keep all system apps enabled.
Based on your settings, Sophos Mobile creates a configuration code you must enter in the Google zero-touch enrollment portal.
Under Enrollment settings, configure the enrollment of zero-touch devices with Sophos Mobile:
- Device group: The device group devices are assigned to.
- Task bundle: The task bundle transferred to the device.
- User authentication: Clear this checkbox to enroll user-less devices such as kiosk devices. User-less devices are Android Enterprise fully managed devices that you don’t connect to an email account during enrollment. For details on user-less Android devices, see User-less Android devices.
Select Save to save the enrollment settings.

To complete the zero-touch enrollment setup, create a configuration for Sophos Mobile in the Google zero-touch enrollment portal.