et'al Software Solutions
Back to blog
GuidesMarch 5, 2026·8 min read

Zero-Touch Provisioning: The Complete Guide

Samsung Knox, Google ZTE, and Apple ABM — everything you need to know about hands-free device enrollment.

Et'al Team

Engineering

What Is Zero-Touch Provisioning?

Zero-touch provisioning (ZTP) lets you enroll devices into your MDM platform automatically — without any manual setup by the end user or field tech. The device connects to the internet, contacts your MDM server, and configures itself based on your predefined policies.

For fleet operators managing hundreds or thousands of devices, this eliminates the most time-consuming step in deployment: manual enrollment. What used to take 30+ minutes per device now takes under 2 minutes.

Samsung Knox Mobile Enrollment (KME)

Samsung Knox KME is the zero-touch solution for Samsung Galaxy devices. When a device purchased through an authorized reseller boots up for the first time, it automatically enrolls in your MDM.

**Setup steps:** 1. Create a Knox KME account at samsung.com/knox 2. Add your MDM server URL and configuration profile 3. Upload device IMEIs or work with your Samsung reseller to assign them 4. Devices auto-enroll on first boot — no user interaction required

**Requirements:** Samsung Galaxy device (phone or tablet), purchased from an authorized channel. Works with Android 6.0+ but Android 9.0+ recommended for full Device Owner capabilities.

Google Zero-Touch Enrollment

Google's zero-touch enrollment works with any Android 8.0+ device from participating OEMs — not just Samsung. This includes Pixel, OnePlus, Motorola, and others.

**Setup steps:** 1. Create a Google zero-touch account at partner.android.com/zerotouch 2. Configure your MDM server as the management solution 3. Assign devices by IMEI through the portal or via API 4. Devices auto-enroll on first boot with your selected configuration

**Key advantage:** Works across OEMs, so you're not locked into a single hardware vendor. Ideal for mixed-Android fleets.

Apple Business Manager (ABM)

Apple Business Manager handles zero-touch enrollment for iPhones, iPads, and Macs. Devices purchased from Apple or authorized resellers can be automatically assigned to your MDM.

**Setup steps:** 1. Create an Apple Business Manager account at business.apple.com 2. Add your MDM server and upload the required APNs certificate 3. Assign devices to your MDM server 4. Devices enter Supervised mode on activation and download your configuration profile

**Supervised mode** gives you additional management capabilities: silent app install, restrict settings access, single-app kiosk mode, and more. It's the strongest management profile available on iOS.

Best Practices

Regardless of which zero-touch platform you use, follow these best practices:

- **Test with a pilot group** before mass deployment. Enroll 5-10 devices first and verify your policies work as expected. - **Pre-configure Wi-Fi profiles** so devices can connect automatically in warehouses and offices. - **Use device groups** to apply different policies to different device types or locations. - **Monitor enrollment status** in real-time from your MDM dashboard. Catch failed enrollments early. - **Keep firmware updated** — zero-touch works best with current OS versions.

Et'al MDM supports all three zero-touch platforms from a single console. Configure once, deploy everywhere.