Enroll a Fully Managed non-GMS Android device using ADB

When dealing with non-GMS Android devices (specialized rugged devices, devices in China) one big challenge is actually enrolling them, since the code that enrolls a Fully Managed device is not part of AOSP. As I mentioned in my post about China, only a few vendors took care of this. In this post we you will see how ADB works with the rest.

Disclaimer: this method works, but does not scale well, and was designed for testing in Android Emulator and not for production. Check with your MDM/EMM/UEM vendor for production support!

Basically, Android shell has a command called called dpm (Device Policy Manager) that can be used to enroll a Device Owner (= Android Enterprise Fully Managed). The effect is essentially the same as if you did full enrollment, but this is officially not guaranteed (which is why you’d want to check with your MDM provider).

Below is the script that waits for the device to connect, installs agent APK, and enrolls it as the device owner. Then after 1 second wait we launch the WS1 Hub to prompt for credentials etc. The example uses VMware Workspace ONE UEM, but would work for any other by replacing the vendor-specific piece.

adb wait-for-device
adb install c:\downloads\WS1hub.apk
adb shell dpm set-device-owner com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver
timeout 1
adb shell am start com.airwatch.androidagent

This is it, in a nutshell! Below are additional notes.

Additional notes

For the above to work, we need to get the APK and the string for set-device-owner (called Admin Component Name). How can we get them? The simplest way is to use your MDM to generate an Android Enterprise enrollment QR code, and then just get it from there using any standard QR reader. Here is an example for Workspace ONE:




"android.app.extra.PROVISIONING_SKIP_ENCRYPTION": false,
"android.app.extra.PROVISIONING_WIFI_SSID": "MySSID",
"android.app.extra.PROVISIONING_WIFI_PASSWORD": "MyPassword",

   "serverurl": "https://cn####.awmdm.com", 
   "gid": "MyOG", 

From there you can get all you need (because essentially both GMS Setup Wizard, which consumes this barcode, and ADB dpm command use the same API). Easy!

However, you can see that the Wizard can also take the enrollment data, creating a more automated scenario, as well as additional parameters. I’ve looked into the dpm source code and could not find anything there that would take such parameters. Thus, the ADB method is very laborious and manual: manually enable ADB, manually plug the device, manually provision connectivity, manually enter the enrollment details (hope you have the MDM QR code). At least, disabling ADB later on can be done via MDM. And after device reset all is gone! Which is why the recommended way is for the device vendor to apply some effort and create a small piece of enrollment code for their own non-GMS Initial Setup Wizard.

Currently, the vendors I know that can do it are:

  • Zebra
  • Honeywell

Maybe, there are more, but I don’t know. If you do know, or you are such a vendor – please write a comment! Also, I know for sure that as of now neither Samsung nor Nokia support automated device enrollment in China (I will surely update this once it changes!)


This ADB based method is very manual, does not scale well, not officially supported by many MDMs – but it works! So if you have nothing else to choose from, what else can you do? At least, it works! Write your opinion in comments, and press your device vendors to give some love to non-GMS devices!

3 thoughts on “Enroll a Fully Managed non-GMS Android device using ADB

Add yours

  1. Good stuff, thanks.
    In my case I have to use different usernames and passwords to enroll each device, so I would need to modify the QR contents for each one and then send it using adb.
    So, in that case, how should be the adb command to send the QR string?


    1. Hi, Andy. I have written in the blog that I did not find a way to pass the enrollment data such as username into the DPM command. The QR there is NOT the Android Enterprise QR code (that one requires GMS), but a WS1 Hub QR code. So you will have to generate a bunch of them yourself


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: