Devices that ship with Google services pre-installed (also known as GMS devices) test their connectivity to certain Google endpoints when connecting to Wi-Fi networks. If these connectivity checks fail, out-of-box enrollment and provisioning of Internal Applications uploaded to the [Apps & Books > Applications] pages fail.
If the network being used to enroll the device is also closed and has no access to Google endpoints, it is possible to skip the connectivity checks by using a Proxy Auto-Configuration (PAC) file that simply directs the device to make connections directly, without the use of proxies.
The contents of the PAC file:
function FindProxyForURL(url, host) {
return "DIRECT";
}
Note that an actual proxy server is not required. A PAC file with the contents above should be hosted on an http/https endpoint within the closed network.
During work managed enrollment, the device downloads the Workspace ONE Intelligent Hub. Since the device does have access to Google Play, the application file must be hosted on an http/https endpoint within the closed network for download. The latest version of the Workspace ONE Intelligent Hub can be downloaded from the My Workspace ONE portal.
See Generate a QR Code with the Enrollment Configuration Wizard, Android for steps to create the QR code.
To create a QR code for closed-network enrollment, you must:
For closed-network deployments, you must manually add the network during out-of-box setup.
Power on the device. The setup wizard prompts the user to tap the Welcome screen six times. The taps have to be done in the same place on the screen.
For Android 8.0+ devices, proceed to step 2 in order to download the QR Code reader. For Android 9.0+ devices, the camera will open automatically after you complete the six taps, so you can skip to step 3.
Connect to Wi-Fi and download a QR code reader by following these steps:
To enroll Android 13 devices in closed networks, add an additional flag to the QR code:
Example JSON payload for QR Code with flag added:
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "6kyqxDOjgS30jvQuzh4uvHPk-0bmAD-1QU7vtW7i_o8=\n",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=hub",
"android.app.extra.PROVISIONING_SKIP_ENCRYPTION": false,
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true,
"android.app.extra.PROVISIONING_ALLOW_OFFLINE": true,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"serverurl": "ds135.awmdm.com",
"aospEnrollment": "True"
}