# Provisioning

## Provisioning <a href="#provisioning" id="provisioning"></a>

### How do I enroll a personal device in a work profile? <a href="#how-do-i-enroll-a-personal-device-in-a-work-profile" id="how-do-i-enroll-a-personal-device-in-a-work-profile"></a>

#### Steps for IT Admin in the EMM <a href="#steps-for-it-admin-in-the-emm" id="steps-for-it-admin-in-the-emm"></a>

1. Open *EMM Console* to the *Policies* screen.
2. On the desired work profile policy, click *Generate Enrollment Barcode*.
3. Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click *Generate*.
4. Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.
5. Provide the codes (and their expiration date) to the end-users who will be enrolling their personal devices.

#### Steps for End-User on the Device <a href="#steps-for-end-user-on-the-device" id="steps-for-end-user-on-the-device"></a>

1. In their personal Google Play store on their device, install [Android Device Policy Controller (DPC)](https://play.google.com/store/apps/details?id=com.google.android.apps.work.clouddpc\&hl=en_US).
2. Open Android DPC to the *Enroll this device* screen and click *Next*.
3. Scan QR code provided by the IT administrator or press *Enter code* to type code manually.
4. Click *View terms* to review general work profile information about the IT administrator’s access and any organization-specific terms and conditions. Click *Accept & continue*.
5. Once the work profile finishes loading, click *Next*.
6. Profile registers. Screen continues to *Set up your work profile* with steps designated by the IT administrator.
7. Follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.
8. Click *Install* to install work apps. Click *Next* once complete.
9. Click *Done* to return to device. It will now have a separate section for work profile apps (how these are divided may vary by device).

### How do I enroll a managed or dedicated device via QR code? <a href="#how-do-i-enroll-a-managed-or-dedicated-device-via-qr-code" id="how-do-i-enroll-a-managed-or-dedicated-device-via-qr-code"></a>

#### Steps in the EMM <a href="#steps-in-the-emm" id="steps-in-the-emm"></a>

1. Open *EMM Console* to the *Policies* screen.
2. On the desired policy, click *Generate Enrollment Barcode*.
3. Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click *Generate*.
4. Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.

#### Steps on the Device <a href="#steps-on-the-device" id="steps-on-the-device"></a>

1. The device must start out at factory reset state.
2. Press *Start* on the initial startup screen.
3. If the device has a barcode scanner and has a built-in option to set up off of a barcode, scan the QR code now, which automates steps 5-6 and 8-9.
4. Select and login to a WiFi network.
5. When prompted to copy apps and data from the cloud, select *Set up as new*.
6. When prompted to login to a Google account, in the *Email or phone* field enter the EMM token *afw#setup* and submit.
7. The device will begin setting up for Android for Work, and will provide a *View terms* link to Google’s terms and conditions. Click *Accept & continue*.
8. *Enroll this device* screen will display. Click *Next*.
9. Scan the QR code or press *Enter code* to manually type in the code.
10. When the device finishes updating, follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.
11. Click *Install* to install work apps. Click *Next* once complete.
12. The device opens to its designated main page - either the Android home if a managed device, or the kiosked app/set of apps if a dedicated device.

### How do I enroll a managed or dedicated device via Zero-Touch Enrollment? <a href="#how-do-i-enroll-a-managed-or-dedicated-device-via-zero-touch-enrollment" id="how-do-i-enroll-a-managed-or-dedicated-device-via-zero-touch-enrollment"></a>

1. Zero-touch enrollment is a process which configures Android devices to their owners’ specifications out of the box with minimal user selection. On first boot or factory reset, the device checks for a configuration, downloads the appropriate DPC, and proceeds through setup. In order for the company IT administrator to register for a customer zero-touch account, the company must receive its devices from a reseller with a reseller zero-touch account. For more information, see Google’s article on [Zero-touch enrollment for IT admins](https://support.google.com/work/android/answer/7514005).
2. Register for a zero-touch portal customer account [here](https://docs.google.com/forms/d/e/1FAIpQLSeDHeWgCN8QRbIQL-7uwmCkC2y2sVmMETfUcsLeNpfXw8AKaQ/viewform), or the company’s device reseller can add a customer account.

#### Steps for IT Admin in the EMM <a href="#steps-for-it-admin-in-the-emm_1" id="steps-for-it-admin-in-the-emm_1"></a>

1. Open *EMM Console* to the *Policies* screen.
2. On the desired policy, click *Generate Enrollment Barcode*.
3. Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click *Generate*.
4. Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.

#### Steps to Add a Policy Configuration in Zero-Touch Portal <a href="#steps-to-add-a-policy-configuration-in-zero-touch-portal" id="steps-to-add-a-policy-configuration-in-zero-touch-portal"></a>

1. Click Configurations in the navigation panel.

<figure><img src="/files/6Ob3MMbTC0VUlcnpBerS" alt="" width="563"><figcaption></figcaption></figure>

2. Click **+** in the *Configurations* table to add a configuration.
3. *Configuration Name:* Enter a name for the configuration.
4. *EMM DPC:* Select “Android Device Policy.”
5. *DPC Extras* should be left empty
6. *Company name:* Enter company name as would like it displayed to the user during provisioning.
7. *Support email address:* Enter the email address to be displayed on the provisioning screen for the user to contact with issues during setup.
8. *Support phone number:* Enter the phone number to be displayed on the provisioning screen for the user to contact with issues during setup.
9. *Custom message* (Optional)*:* Enter a brief message to be displayed on the support contact info screen before provisioning.
10. Click *Add* to save the configuration.
11. Click *Devices* in the navigation panel.
12. Locate the device to be configured with zero touch and set the appropriate configuration.

#### Steps for End-User to Provision Device <a href="#steps-for-end-user-to-provision-device" id="steps-for-end-user-to-provision-device"></a>

1. Boot device for the first time or factory reset it. Press the *Start* button on the initial setup screen.
2. If there are multiple options to proceed through setup (e.g. scanning a barcode and manual setup), zero-touch will block options other than manual setup.
3. Device will display a message stating that it “will be managed and kept secure” by the organization. It will have a *View terms* link for Google’s terms and conditions and a link to the contact information that the organization’s IT administrator entered in the Zero-Touch Portal.
4. Click *Accept & continue*.
5. Android DPC is automatically installed. *Enroll this device* screen is displayed. Click *Next*.
6. Scan the QR code or press *Enter code* to manually type in the code.
7. When the device finishes updating, follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.
8. Click *Install* to install work apps. Click *Next* once complete. The device opens to its designated main page - either the Android home if a managed device, or the kiosked app/set of apps if a dedicated device.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bluefletch.com/bluefletch-enterprise/product-guides/portal/emm-console/setup/provisioning.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.