Zero-Touch MDM enrollment

Ship devices to users and have them auto-provision on first boot-no imaging, no desk visits. Codeproof applies the right apps, policies, Wi-Fi/VPN, and certificates instantly across Android, iOS/iPadOS, and Windows.

⚡ Same-day deployment
🔒 Factory reset protection
📈 Scales to thousands

What is zero-touch MDM?

Zero-touch is a provisioning model where devices are pre-assigned in a vendor portal so that on first boot they automatically enroll into MDM and receive apps, policies, and settings-no manual steps by IT or users.

Android: Android Enterprise Zero-Touch (and Samsung KME) for company-owned devices.
Apple: Automated Device Enrollment via Apple Business Manager (ABM/DEP) with supervision.
Windows: Autopilot assigns deployment profiles that enroll and configure PCs.

Benefits

Speed: First-day productivity-devices arrive work-ready.
Security: Device factory-reset protection, enforce encryption, passcodes, app allowlists/denylists, and updates at enrollment.
Consistency: Standardized profiles across locations and teams.
Lower IT effort: No imaging, fewer tickets, remote-first friendly.
Lifecycle control: Re-enroll after reset; lock/wipe when lost or offboarding.
Compliance: Evidence for HIPAA, CJIS/LEADS, SOC 2, ISO 27001, and more.

Android Zero-Touch

Assign IMEIs/serials in the Zero-Touch portal via authorized reseller/carrier.
Link to Codeproof enrollment profile; factory reset re-applies MDM.
Supports Fully Managed & Dedicated/Kiosk deployments.

Learn more

Apple ABM (Automated Device Enrollment)

Serials flow from Apple/Reseller into your ABM tenant.
Assign devices to the Codeproof MDM server with ADE profile.
Supervision enables full management and re-enrollment on reset.

Learn more

Windows Autopilot

Register device IDs and assign deployment profiles.
First boot auto-enrolls and applies policies & apps.
Ideal for remote employees and drop-ship workflows.

Learn more

Prerequisites

Android

Zero-Touch portal access (from reseller/carrier).
Eligible devices listed by IMEI/serial.
Codeproof MDM profile configured.

Apple

Apple Business Manager (ABM) account.
Reseller connects serials to ABM.
Codeproof MDM server + ADE profile.

Windows

Autopilot tenant with device IDs registered.
Deployment profile bound to Codeproof enrollment.
Network access on first boot.

Need help? Codeproof can provision portals, configure profiles, and assist with cutover/migrations.

Android Zero-Touch flow

Order eligible devices via authorized reseller/carrier.
Assign Codeproof profile to IMEIs/serials in the portal.
Unbox & power on - device auto-enrolls to Codeproof.
Apps, policies, Wi-Fi/VPN, and certificates apply automatically.

Apple ADE (ABM) flow

Reseller/Apple links serials to your ABM tenant.
Assign devices to Codeproof MDM server and ADE profile.
Device boots → supervised → auto-enrolls to Codeproof.
Apps, restrictions, and network profiles apply automatically.

Windows Autopilot flow

Register device IDs and assign deployment profile.
Ship device; on first boot it pulls profile from cloud.
Automatic MDM enrollment into Codeproof.
Policies, apps, certificates, and baselines apply.

BYOD? Use Android Work Profile or iOS User Enrollment for a lightweight, privacy-respecting setup (not strictly zero-touch).

Provisioning matrix

Capabilities matrix for zero-touch methods
Method	Ownership	Factory Reset Required	Re-enroll after Reset	Use Cases
Android Zero-Touch	Company-owned	Yes	Yes	Fully Managed, Dedicated/Kiosk
Apple ADE (ABM/DEP)	Company-owned	Yes (initial) / Configurator for assignment	Yes	Supervised iPhone/iPad/Mac
Windows Autopilot	Company-owned	No (varies by scenario)	Yes	Enterprise PCs, remote onboarding
Android Work Profile	BYOD	No	N/A	Personal devices with corporate container
iOS User Enrollment	BYOD	No	N/A	Scoped controls, user-removable profile

Zero-Touch use cases

Zero-touch enrollment - sometimes called out-of-the-box enrollment, drop-ship deployment, or day-one provisioning - solves the high-touch device rollout problem at scale:

Remote and hybrid workforce: ship devices directly from an OEM or authorized reseller to the end user, fully configured on first boot.
Frontline and field workers: deploy rugged Android handhelds (Zebra, Honeywell, Samsung) to warehouses, retail floors, and delivery routes with no IT touch.
Retail and POS: provision dedicated kiosk devices with lock task mode, single-app launcher, and OEM-specific restrictions via OEMConfig.
Healthcare: bulk-enroll shared clinician tablets and bedside iPads with HIPAA-aligned baselines pre-applied.
Education: roll out 1:1 Chromebook, iPad, and Windows fleets to students with content filtering and testing-mode policies enforced from first power-on.
M&A and rapid onboarding: stand up new locations in days, not weeks, with consistent baselines via Android Zero-Touch, Apple Business Manager (ABM/DEP), Samsung Knox Mobile Enrollment (KME), and Windows Autopilot.
Device lifecycle management: when a device is lost, stolen, or returned, factory reset re-applies the MDM profile automatically - no re-imaging, no re-enrollment by IT.

Best practices

Pilot with a small cohort before wide rollout.
Standardize profiles by role/location; version your baselines.
Pre-assign apps and managed configurations; avoid first-day prompts.
Enforce minimum OS levels; quarantine non-compliant devices.
Use per-app VPN/certificates for sensitive apps.
Enable kiosk/dedicated mode where appropriate.
Automate reports and webhooks to ITSM/SIEM.
Document replacement & break/fix workflows (zero-touch swap).

Resources

Android Zero-Touch Apple Business Manager Windows Autopilot MDM overview MDM Buyer’s Guide Pricing & plans Talk to sales

Zero-Touch FAQs

What is zero-touch device enrollment?

It’s a provisioning method where devices are pre-assigned in a vendor portal so that on first boot they automatically enroll into MDM and receive apps, profiles, and policies-no manual setup by IT or the user.

Do users need to do anything during setup?

Typically just power on and connect to a network; enrollment and configuration occur automatically.

Does zero-touch work for BYOD?

Zero-touch is primarily for company-owned devices. For BYOD, use Android Work Profile or iOS User Enrollment to keep corporate data separate from personal content.

What happens after a factory reset?

For company-owned zero-touch methods, devices re-enroll automatically and receive the same (or updated) profiles.

Can we lock devices to a single app or set of apps?

Yes-use Dedicated/Kiosk mode (Android), Single-App or guided access policies (Apple), and assigned access on Windows with Codeproof policy enforcement.

How does this help compliance?

Baseline controls such as encryption, passcodes, app allowlists, VPN/certificates, and audit evidence are enforced automatically at enrollment, supporting frameworks like HIPAA, CJIS/LEADS, SOC 2, and ISO 27001.

Customer stories

Aculabs Inc. Android

Champion National Security Android

Compass Foundation Android, iOS

Daniel Mullins Trucking Android

Horizon Health Network iOS

MWPOL Android, iOS

Sprint Android, iOS

Always Dream Foundation Android

TetraTech Android

Terrapin Android

Gersh Android

Atlantic City School District Android

Regional Express Inc. Android

United Taxi Android

Miami Beach Medical Group Android, iOS

NHBlacklabs Delivery Android, iOS

Innovapptive Pvt. Ltd. Android, iOS

"Throughout my experience with Codeproof, it has worked flawlessly. Even more importantly, Codeproof support is unrivaled."

- Bob Baerwalde, CTO, United Taxi

Working with Codeproof has been a relief, it allows our company to have control over software and devices and visibility to ensure our employees have the proper equipment to do their job each and every day.

- CJ Brown, Vice President, Operations at Regional Express Inc.

We didn’t make a single compromise to get the protection we wanted and needed.

- Patrick Delaney, Daniel Mullins Trucking

We have site phones that we need locked and tracked. We have recovered lost or stolen phones...and pushed new apps remotely.

- Rachel Gutzke, Champion National Security

The Codeproof platform not only assists in fleet management, it has made retrieving company property far more reliable.
Customer support is always accessible, and the team consistently goes out of their way to ensure the MDM platform meets all of our needs.

- Dylan Smith, Aculabs Inc.

Codeproof had the right balance of easy individual device configuration and group-level settings, as well as an excellent support team and willingness to add new features to meet our needs, all at a competitive price.

- Marvin Martin, Compass Foundation

Having our employees work in remote locations, Codeproof has really helped us manage our devices...They are very helpful and detailed when explaining thing.

- Natalie McCall, Director, Finanace & Business Operations.

Codeproof has made device management much easier than some larger MDM solutions. From the beginning of our trial Console, up to the present, we were able to easily contact the development team at Codeproof with any ideas for improvements.

- Merle Bauman, MWPOL

With Codeproof, the first thing I noticed is that the UI is much more intuitive and simpler to navigate. I feel like there are as many, if not more, features available to me in Code Proof but they are a little easier to find.

- Pamela Ward, Account Manager II, Sprint

Foundation is so grateful for the partnership with Codeproof and their willingness to support students and families in need of literacy resources. While our technical needs are likely less than that of other companies, we have found great value in the Codeproof product.

- Lori Yamaguchi, Executive Director, Always Dream Foundation

Codeproof has great customer support. If there is an issue, or if we need assistance with anything, they are very quick to respond and lend a hand.

- Irvyn Mamwell, Mobile/Asset Management IT Manager, TetraTech

Terrapin Pharmacy’s Executive Management and Technology Developers would be extremely likely to recommend Codeproof to others based upon the interactions we have had with the Codeproof team and the can-do culture within their organization.

- Terry Peters, Director Product Development & Project Management

Codeproof is a very comprehensive MDM product. We received great service at all times from their technicians when we had issues. They are continually working on improving the product with feedback from customers like us, so we can have better control of our remote equipment.

- William Burke, IT Director and CISO at Gersh Management.

[An] upbeat, well-organized, and helpful company. Codeproof provided superior customer support during a time of uncertainty.

- Tracy Slattery, District Teacher Coordinator - Assessments & Technology, Atlantic City School District

Codeproof has been an asset in maintaining security, control and reducing liability of our mobile devices by allowing us blanketed control of our mobile fleet at all times regardless of day and location. It will continue to be the foundation for our mobile security for now and the future. Their security options and scalability is priceless.

- Daramid Mercado, Director of Information Technology at Miami Beach Medical Group

<b>Jeffrey Falkingham</b>,<br>Owner of NHBlackLabs Delivery LLC

I chose Codeproof over other players in the market because it's simple and customizable dashboard caters to the needs of my business. Codeproof tries to find solutions and treats you as partners rather than just a customer.

- Jeffrey Falkingham,
Owner of NHBlackLabs Delivery LLC

I chose Codeproof for our internal MDM solutions over other options because the case study and utilization of the system were very understandable. It decreased our potential costs related to device investments while increasing device security and reducing operational costs.

- Krishna Sharma, Senior Lead - Cyber Security, Innovapptive Inc.