Introduction
For a company, it is important to move fast and efficiently. Lost Time translates in lost productivity which in turn translates into foregone earnings. Year after year companies try to minimize these costs but oftentimes fail or come to the conclusion that it is too much of an investment to digitalise the existing infrastructure. Some reasons behind the willingness to digitalise may come from the fact that it takes up a lot of resources or that the budget for this year does not include such a strategy. That’s why Google has come up with a great Zero-touch enrollment program. In simple words, this takes away the need for a company to personally enrol devices. They arrive preconfigured and the company can configure predefined access rights.
Zero Touch enrollment
Samsung’s Knox enrollment program or Apple’s Device enrollment program can be taken as a comparison. Those programs are directed towards making the workforce mobile. Every registered device will get access to relevant company applications and shares. Today such Enterprise Mobility Management solutions (EMM) are common business practice. Just to list a few of them; MobileIron, Microsoft’s Intune or Soti are all EMM’s. This leaves the business world with a large selection of solutions to choose from. Sometimes it may be frustrating to choose from so many but the ultimate goal of these EMMs is to streamline work processes and make it easier for end-users to work. Implementations of these solutions take some time and it may result in a lot of work for a business to do the initial setup. That’s why Google has been keen to resolve this issue. The so-called “Zero-touch resellers” program was created to facilitate the implementation of such an EMM.
How it exactly works
Organisations will purchase Android 8.0+ devices from a Zero-touch reseller. The reseller then creates a Zero-touch console customer account. This account then deals as a supervisor for the registered new devices. At this point, the company has direct access to those devices and can associate them with any given EMM solution which suits the need of the company. Nevertheless, it must be noted that not all EMM’s allow for a fully managed deployment scenario via a configuration. You must be sure that you have this option in order for this scenario to work seamlessly. This configuration method also supports DPC extras which in turn means you can configure server URL and username.
Procedure
To have a visual image it can be explained in the following way: The company purchases these devices from an authorized Zero-touch reseller. The devices are registered with the Zero-touch console. Once that is done the devices are handed out to the employees and they will set up the device from scratch. The phone will prompt the employee to accept the EMM in order to set up the work environment, else the phone will not continue to the next setup steps.
From an EMM perspective not much has changed it might have become simpler as the device is almost fully EMM agnostic. From a reseller perspective, the task is to create the customers’ Zero-touch portal account. This account, as stated before, will allow for the DPC and configurations to be set. Once that is done the customer can then manage which resellers they want to be associated with if it ever changes.
When does Zero Touch make sense?
For a company setting up a completely new mobility strategy, it is sensible to opt for a Zero-touch reseller. Nevertheless, if the company seeks to use current devices which were bought a couple of years ago or allow its employees to use their personal devices then the Zero-touch strategy would not be viable. Reason being that those devices are not pre-configured or associated yet to a Zero-touch console. However, this does not mean you cannot have an Enterprise Mobility management strategy in place. The process may just take a bit longer but still can be done easily.
Here you will find the link to a Zero-touch setup provided by Jason Bayton.
Zero Touch in a Nutshell:
no blocker, maximum security, immediately ready to go
Android zero-touch enrollment offers a seamless deployment method for corporate-owned Android devices making large scale roll-outs fast, easy and secure for organizations, IT and employees. Additional advantages of zero-touch enrollment include:
- Customer IT admins don’t need to provision individual devices because a config can be automatically set for purchased devices in bulk.
- Customers stay in control of their devices at all times—even after factory resets.
- End users, after receiving a boxed device, just need to sign in and then they are ready to go.
Truly Mobile – the next step after Zero Touch
As shown before Zero Touch delivers a seamless experience for both the user and the Security expert. But as soon as the device is deployed the seamless experience comes to an end. Reason being the lack of Single Sign-on is one of the most crucial for EMM customers. Getting prompted to input credentials all the time is frustrating as well as the dependency of a stationary computer in case of changing the password.
Hypergate is built on top of these EMMs and offers Seamless Kerberos based Single Sign-On by leveraging the existing infrastructure. The software takes over the need for its users to continuously authenticate themselves. Another beneficial feature of Hypergate is the ability to change and reset the password directly on the mobile device itself. This reduces the IT cost drastically as up to 50%(Gartner estimates) of all IT-Helpdesk requests are Password-Reset related.
To boil it down
Hypergate turns your mobile device in a fully fledged Active Directory client, which uses the same infrastructure like any other computer. This gives your company the ultimate flexibility and your employees can become truly mobile.
Hypergate is being used by various clients around the globe who appreciate the usability and the security aspects solution. One of which them is the Fortune 500 US-based Investment bank Jefferies. Give the Success story a read
If you are eager to know how much your business can save on costs with Hypergate you can check out our interactive cost calculator.
Hypergate Files
Is a very simple file browser that provides seamless access to on-premise network shares. Let your users collaborate freely with their teams and edit all files directly on their mobile devices. All file types are supported by their native apps, no special viewer, editor or custom implementation, just pure usability.
Hypergate Authenticator
Delivers a seamless and secure Single Sign-On solution integrating directly with Active Directory. The solution leverages industry standards like Kerberos to provide the best possible user experience without compromising on security. Save IT support costs by allowing your users to change or reset their expired passwords on their own devices, no computer needed.