Suppressing key mapping on Zebra tablet using Intune

I've been doing a lot of work with Zebra devices recently. In this blog post, I showed how to use Zebra StageNow to create an XML file which could be deployed by Intune. I used the same technique to solve this latest problem.

I've developed an Android Enterprise dedicated device solution to turn Zebra ET40 rugged tablets into kiosk devices running Chrome only. Everything was working correctly except for one minor detail. I could press the top left button on the device which displayed the settings menu for the device. That's not what you want on a kiosk.

The button is labelled number 3 in the graphic above. The Zebra documentation tells me that this is a programmable button (or a key that supports key mapping) called P1. I carried out a lot of testing and I discovered that pressing P1 on the ET40 defaults to the settings app. I needed to suppress this key mapping on P1.

I was able to do that by creating a StageNow Xpertmode profile.

I added the KeyMappingMgr CSP.

I selected the following settings and saved the profile:

• “Remap Key” button
• "The key to modify" :  Select “P1 button” from drop down
• "Key behaviour": Suppress Key

 Then I exported the settings to xml.

<wap-provisioningdoc>

  <characteristic version="9.2" type="KeyMappingMgr">

    <parm name="Action" value="1" />

    <characteristic type="KeyMapping">

      <parm name="KeyIdentifier" value="P1" />

      <characteristic type="BaseTable">

        <parm name="BaseBehavior" value="5" />

      </characteristic>

    </characteristic>

  </characteristic>

</wap-provisioningdoc>

This XML file was then use to create an Intune configuration profile based on the Zebra OEMConfig app. 

Select Configure > select the three dots next to Transaction Steps > and then select Add setting.

 

From the list of settings select, Device Administration Configuration.

Under Device Administration Configuration only two settings are required.

• Action = Submit XML
• Submit XML = the .xml data we copied above. Paste it into this field.

Complete the wizard to create the device configuration profile and assign it to a group of your devices. Now pressing the P1 button now has no effect and the kiosk is secure.

Until next time......

Android Enterprise devices losing Wi-Fi network when using proxy

This was a little awkward to solve, especially as the devices were single app kiosks and the device settings were not available. This was my scenario:

• Devices: Zebra TC52X handheld scanner
• Management platform: Microsoft Endpoint Manager (Intune)
• Android Enterprise: Corporate-owned dedicated devices
• Kiosk: single app (Chrome)
• Proxy: Zscaler (devices could not connect to corporate apps without going through proxy)

This would periodically show up on the devices (No internet connection). It would also present after every restart.

On restart, kiosk operators were told that the device had limited Wi-Fi connectivity. It was a straightforward temporary workaround. The operator had to double-click the message.

The operator had to check the box Don't ask again for this network and click Yes.

This would solve the problem for a while, but would inconvenience the operators. I wanted to solve this programatically. Before I could do that I had to understand what was happening.

This issue is caused by captive portal detection. A captive portal is what we call a network that requires your action before it allows you to connect to the Internet. This action could be to log in using a username and password, or just to accept the network's terms and conditions.

The way most networks do this is by redirecting you to such a page. Chrome will make automatic connections to detect these redirects. When those happen, you may see a notification indicating that you may need to log into the network. Normally, after you do this, the tab will be closed automatically. Occasionally, it will be kept around to display a message from the network's owners. These actions can happen seamlessly using open Wi-Fi systems. However, this becomes problematic in conjunction with a corporate proxy. The solution is to disable captive portal detection.

Luckily Zebra (and other vendors) provide a solution for that. I can create a Zebra StageNow profile which can be exported to and deployed by Intune. See the Zebra documentation for details on installing and using StageNow.

Launch StageNow and create new profile.

Choose your MX version (10.1 in my case) and select Xpert Mode. Click Create.

Give your profile a name and click Next.

Select Wi-Fi and click the Plus icon to move it over Config column. Click Add.

Scroll down and check the "Specify Advanced options" box to expose more options.

Search for Captive Portal detection and choose Disable.

Complete the wizard.

Complete the profile and generate the StageNow configuration barcode. You can also export to XML after creating your StageNow profile by clicking Export for MDM.

<wap-provisioningdoc>

  <characteristic version="10.1" type="Wi-Fi">

    <parm name="UseRegulatory" value="0" />

    <parm name="UseDiagnosticOptions" value="0" />

    <parm name="UseAdvancedOptions" value="1" />

    <characteristic type="AdvancedOptions">

      <parm name="CaptivePortalDetection" value="0" />

    </characteristic>

    <parm name="UseHotspotOptions" value="0" />

  </characteristic>

</wap-provisioningdoc>

This is the XML generated. Once we have the XML we can import into Intune and assign to a group.

In the MEM admin console, create a Device Configuration profile of type OEMConfig.

Enter a name and select the OEMConfig app, in this case it's for Zebra. Each vendor will have their own OEMConfig app, which must be added in advance to Intune.

Select Configure > select the three dots next to Transaction Steps > and then select Add setting.

You will see a list of settings.

From the list of settings select, Device Administration Configuration.

Under Device Administration Configuration only two settings are required.

• Action = SubmitXML
• Submit XML = the .xml data we copied above. Paste it into this field.

Complete the wizard to create the device configuration profile and assign it to a group of your devices. You won't see the No internet connection warning again or be prompted that you have limited connectivity.

Until next time......