Kiosk devices with Lollipop (5.1) enrollment via NFC

Question

I would like to ask, if somebody tried enroll Kiosk devices with Android via programmed NFC tags.

I found this great blog post and followed steps inside. But I'm unable to even start process of enrolling, tried on Android 5.1, 7.1.2 and 8.0.

I tried original way from blog post with only replacing token, but original link from post for DOWNLOAD_LOCATION seems to be dead, so I took link from Android Developers also I computed new SHA-1 check sum which should be 837C87477198CB2DFBFB6CA44829AF2921F3544B for latest version of downloaded apk. Inserted my enrollment token from Microsoft Intune Portal. Encryption is skipped according to fact that Lollipop is not encrypted by default and enrolling device could not be plugged to AC or is not charged to 70%.

I created with NFC Tools PRO (android app) new Custom record of data for application/com.android.managedprovisioning and inserted lines below.

android.app.extra.PROVISIONING_SKIP_ENCRYPTION=true
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION=https://play.google.com/managed/downloadManagingApp?identifier=setup
android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM=837C87477198CB2DFBFB6CA44829AF2921F3544B
android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME=com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver
android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE=com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN\=TOKEN

Then I write lines to NFC tag, no errors, everything looks fine.

Reading of tag show everything correctly wrote.

My device boots after factory reset and I place NFC tag to device's NFC antena.

And proccess immediately fails with "Oops! Couldn't set up your device. Contact your IT department."

Other enrollment methods works (QR code, ...) great but I need NFC method for Android 5.1 because other enrollment methods are not supported by this version of android.

Every reply will be highly appreciated.

Answer 1

so this code is finally working for Android 5.1. Wrote to NFC Tag with NFC Tools PRO

android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED=true
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION=https\://play.google.com/managed/downloadManagingApp?identifier\=setup
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM=g3yHR3GYyy37-2ykSCmvKSHzVEs
desc=InTune
android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE=com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN\=<secret from Intune>
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME=com.google.android.apps.work.clouddpc

Please note that, this code is only for Microsoft Intune EMM (as you can see there is desc=InTune)

Thanks for all comments!

Answer 2

Being honest I've never tried to put that information on a NFC tag.

I went ahead and checked one of my Kiosk tokens with a QR reader and I noticed something vs your lines, you don't have everything encased inside curly brackets.

This is the contents of my token (changed the ID to post here):

{"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver","android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"asdas32das5a1a5s4d3a2s1g54d54hrej54rsfsdfsd","android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup","android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"ABCDEFGHIJLMNPKAAAAA"}}

It has no linebreaks and everything is seems to be formated in Json.

When android reads the data from the NFC Tag it might be finding incorrectly formated data.

Can you give it a try and see if it works?