Use and manage Zebra devices with Zebra Mobility Extensions in Microsoft Intune
Important
Microsoft Intune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. If you currently use device administrator management, we recommend switching to another Android management option in Intune before support ends. For more information, see Ending support for Android device administrator on GMS devices.
Intune includes a rich set of features, including managing apps and configuring device settings. These built-in features and settings manage Android devices manufactured by Zebra Technologies, also known as Zebra devices.
On Android devices, use Zebra's Mobility Extensions (MX) profiles to customize or add more Zebra-specific settings.
This feature applies to:
- Android device administrator
For Android Enterprise devices, use OEMConfig.
Your company may use Zebra devices for retail, on the factory floor, and more. For example, you're a retailer and your environment includes thousands of Zebra mobile devices used by sales associates. Intune can help manage these devices as part of your mobile device management (MDM) solution.
Using Intune, you can enroll Zebra devices to deploy your line-of-business apps to the devices. Device configuration profiles let you create MX profiles to manage your Zebra-specific settings.
This article shows you how to use Zebra Mobility Extensions (MX) on Zebra devices in Microsoft Intune.
Note
By default, the Zebra MX APIs aren't locked down on devices. Before a device enrolls in Intune, it's possible the device can be compromised in a malicious manner. When the device is in a clean state, we suggest you lock down MX APIs using Access Manager (AccessMgr
). For example, you can choose that only the Company Portal app and apps you trust are allowed to call MX APIs.
For more information, go to Locking down your device on Zebra's web site.
Before you begin
- Be sure you have the latest version of the StageNow desktop app from Zebra Technologies.
- Be sure to check Zebra's full MX feature matrix (opens Zebra's web site). Confirm the profiles you create are compatible with the device's MX version, OS version, and model.
- Certain devices, such as TC20/25 devices, don't support all of the available MX features in StageNow. Be sure to check Zebra's feature matrix (opens Zebra's web site) for updated support info.
Step 1 - Install the latest Company Portal app
On the device, open the Google Play store. Download and install the Intune Company Portal app from Microsoft. When installed from Google Play, the Company Portal app gets updates and fixes automatically.
If Google Play isn't available, download the Microsoft Intune Company Portal for Android (opens another Microsoft website), and sideload it (in this article). When installed this way, the app doesn't receive updates or fixes automatically. Be sure to regularly update and patch the app manually.
Sideload the Company Portal app
"Sideloading" is when you don't use Google Play to install an app. To sideload the Company Portal app, use StageNow.
The following steps provide an overview. For specific details, go to Zebra's documentation. Enroll in an MDM using StageNow (opens Zebra's web site) may be a good resource.
In StageNow, create a profile for Enroll in an MDM.
In Deployment, choose to download the MDM agent file.
Set the Support App and Download Configuration steps to No.
In Download MDM, select Transfer/Copy File. Add the source and destination of the Company Portal Android package (APK).
In Launch MDM, leave the default values as-is. Add the following details:
- Package Name:
com.microsoft.windowsintune.companyportal
- Class Name:
com.microsoft.windowsintune.companyportal.views.SplashActivity
- Package Name:
Continue to publish the profile, and consume it with the StageNow app on the device. The Company Portal app is installed and opened on the device.
Tip
To learn more about StageNow, go to StageNow Android device staging (opens Zebra's web site).
Step 2 - Confirm the Company Portal app has device administrator role
The Company Portal app requires Device Administrator to manage Android devices. To activate the Device Administrator role, some Zebra devices include a user interface (UI) on the device. If the device includes a UI, the Company Portal app prompts the end user to grant Device Administrator during enrollment (in this article).
If a UI isn't available, use the DevAdmin Manager in StageNow to create a profile that manually grants Device Administrator to the Company Portal app.
The following steps provide an overview. For specific details, go to Zebra's documentation. Set battery swap mode as device administrator (opens Zebra's website) may be a good resource.
- In StageNow, create a profile and select Xpert Mode.
- Add DevAdmin Manager to the profile.
- Set Device Administration Action to Turn On as Device Administrator.
- Set Device Admin Package Name to
com.microsoft.windowsintune.companyportal
. - Set Device Admin Class Name to
com.microsoft.omadm.client.PolicyManagerReceiver
.
Continue to publish the profile, and consume it with the StageNow app on the device. The Company Portal app is granted the Device Administrator role.
Step 3 - Enroll the device in Intune
After you complete the first two steps, the Company Portal app is installed on the device. The device is ready to be enrolled in to Intune.
Enroll Android devices lists the steps. If you have many Zebra devices, you may want to use a device enrollment manager (DEM) account. Using a DEM account also removes the option to unenroll from the Company Portal app, so that users can't unenroll the device as easily.
Step 4 - Create a device management profile in StageNow
Use StageNow to create a profile that configures the settings you want to manage on the device. For specific details, go to Zebra's documentation. StageNow profiles (opens Zebra's website) may be a good resource.
When you create the profile in StageNow, on the last step, select Export to MDM. This step generates an XML file. Save this file. You need it in a later step.
It's recommended to test the profile before you deploy it to devices in your organization. To test, in the last step when creating profiles with StageNow on your computer, use the Test options. Then, consume the StageNow-generated file with the StageNow app on the device.
The StageNow app on the device shows logs generated when you test the profile. For help with understanding any errors, Use StageNow logs on Zebra devices running Android in Intune has information on using the StageNow logs.
If you reference apps, update packages, or update other files in your StageNow profile, you want the device to get these updates. To get the updates, the device must connect to the StageNow deployment server when the profile is applied.
Or, you can use built-in features in Intune to get these changes, including:
- App management features to add, deploy, update, and monitor apps.
- Manage system and app updates on devices running Android Enterprise
After you test the file, the next step is to deploy the profile to devices using Intune.
You can deploy one or multiple MX profiles to a device.
You can also export multiple StageNow profiles, and combine the settings into a single XML file. Then, upload the XML file to Intune to deploy to your devices.
Warning
- If multiple MX profiles are targeted to the same group, and configure the same property, there will be conflicts on the device.
- If the same property is configured multiple times in a single MX profile, the last configuration wins.
Step 5 - Create a profile in Intune
In Intune, create a device configuration profile:
Sign in to the Microsoft Intune admin center.
Select Devices > Manage devices > Configuration > Create > New policy.
Enter the following properties:
- Platform: Select Android device administrator.
- Profile type: Select MX policy (Zebra only).
Select Create.
In Basics, enter the following properties:
- Name: Enter a descriptive name for the new policy.
- Description: Enter a description for the policy. This setting is optional, but recommended.
Select Next.
In Configuration settings > Choose a valid Zebra MX XML file, add the XML profile file you exported from StageNow (in this article).
When done, select Next.
Tip
For security reasons, you won't see the profile XML text after you save it. The text is encrypted, and you only see asterisks (
****
). For your reference, it's recommended to save copies of the MX profiles before you add them to Intune.In Scope tags (optional) > Select scope tags, choose your scope tags to assign to the profile. For more information, go to Use RBAC and scope tags for distributed IT.
Select Next.
In Assignments, select the groups that will receive this profile. For more information on assigning profiles, go to Assign user and device profiles.
Select Next.
In Review + create, when you're done, choose Create. The profile is created, and shown in the list.
You can also monitor its status.
The next time the device checks for configuration updates, the MX profile is deployed to the device. Devices sync with Intune when devices enroll, and then approximately every 8 hours. You can also force a sync in Intune using a remote action. Or, on the device, open the Company Portal app > Settings > Sync.
Update a Zebra MX configuration after it's assigned
To update the MX-specific configuration of a Zebra device, you can:
- Create an updated StageNow XML file, edit the existing Intune MX profile, and upload the new StageNow XML file. This new file overwrites the previous policy in the profile, and replaces the previous configuration.
- Create a new StageNow XML file that configures different settings, create a new Intune MX profile, upload the new StageNow XML file, and assign it to the same group. In this scenario, multiple profiles are deployed. If the new profile configures settings that already exist in existing profiles, conflicts occur.