In this post I will be looking at the different ways that you can enroll a Windows 10 device into an MDM solution, as with the other posts my focus is on the VMware Workspace ONE UEM solution although most of the methods are available for other MDM offerings.

I’d like to initially illustrate the differences between the traditional approach to preparing devices for end-users versus the , potential modern approach as it’s quite stark…

Where we will end up (and VMware is doing this today) is rather than the IT dept preparing a device for a new user.

So following a successful job interview(s) the user is offered a position with your company. The user will be given a choice of the device they want via email, the user selects their preferred device, the device will be automatically ordered for them and shipped to their home address. By the time the device arrives the user has already been issued their username and password (securely) and when they log into their new device with their credentials, the device is enrolled and configured automatically.

So when the user walks into their new job on day 1 they already have a device that is familiar to them and fully configured with everything they need!

But that’s the future and most organisations are not ready to embrace that level of automation yet, so lets look at the first step – managing the devices using Modern Management, to do that we need to enroll them and that’s what this post is about.

The first consideration is the version of windows 10 you are using, the following are supported:

Windows 10 Home
Windows 10 Pro
Windows 10 Enterprise
Windows 10 Education

End-user enrollment is greatly simplified via the use of the Windows Auto-Discovery Service (WASD). WADS uses the domain name of the users email address to resolve the enrollment details of the MDM tenant specific to your organisation, this enables a user to enroll their devices with just their username (email address) and AD password.

There are three mechanisms that are used to facilitate the enrollment of Windows 10 devices:

Native MDM functionality of Windows 10
AirWatch Intelligent hub agent
Azure AD integration

Each enrollment method detailed below uses one of the above mechanisms to enroll the devices.

One final mechanism exists for SCCM manged devices to enable co-management of Windows 10 devices, co-management uses a hybrid approach to management whereby both MDM policies ad Group Policies are applied to the devices.

AirWatch Intelligent hub Agent for Windows Enrollment

This is the simplest method for enrolling devices but requires that the user download the agent and enroll their devices using their username and password. If the WADS has been configured then the MDM tenant address and group ID will have been populated automatically.

This enrollment method represents the simplest method from an administrative perspective to get users enrolled – especially with WADS configured – since no additional integrations needs to be considered or configured besides using the AirWatch Cloud Connector to synchronise your on-prem AD with your AirWatch tenant.

Azure AD Integration enrollment

This method relies on Azure AD Identity Services integration between UEM and Azure AD and it simplifies the enrollment process for both admins and users. There are three methods to initiate enrollment, join Azure AD, Out Of Box Experience (OOBE) enrollment or Office 365 enrollment. By integrating UEM with Azure AD devices enrolling into Azure AD – a process designed to be simple by Microsoft – the devices get automatically enrolled in UEM. So if you are already using Azure AD Premium (not the O365 version) then this method will be of interest.

Native MDM enrollment

The built-in MDM enrollment mechanism in Windows 10 can now be used to enroll into UEM and offers a way to enroll without needing to install the Intelligent Hub agent.

It’s worth noting that the workflows differ using this method depending on the version of Windows 10 your device is running and also whether WADS has been configured.

Device Staging

When you want to configure a device prior to sending it to the user Device staging allows you to enroll using the Intelligent Hub and install device-level profiles so the device is partially configured before the user even touches it – apps and user MDM profiles will then be applied once the user has logged on, been associated with the device in UEM and completed the enrollment process.

Windows Desktop Auto-Enrollment

This method is only available for specific Dell desktop devices currently but may be available on more devices in the future. At the point of purchase Dell apply a customised image containing some of the apps you wish to deploy including the Intelligent Hub pre-populated with your UEM tenant information, when the user runs through the OOBE setup the device is automatically enrolled and is ready use in less time since applications have already been installed.

Bulk Provisioning and Enrollment

Using the Microsoft Assessment and Development kit multiple devices can be automatically enrolled without any user intervention, this approach uses imaging to create provisioning packages though so is more labour intensive for the administrator.

Mar 25, 2024

Essential Tips for Mastering Microsoft Loop

In this episode, we're unravelling the mysteries of the latest Microsoft 365: Loop. Join us as we equip you with all the essential details to transform from a Loop novice to a Loop legend.

Feb 5, 2024

The power of Copilot: tips, tricks and real world wins

Join us as we explore the innovative world of Copilot, diving into its various versions, standout features, and the benefits they bring. Consider this episode your guide to integrating Copilot seamlessly into your organisation, equipped with essential tips on data governance and organisation-wide templates.

Oct 2, 2023

Navigating the Modern Management Maze: A Deep Dive into Intune and Autopilot

In this tech-packed conversation, we demystify the intricacies of modern management and unveil the power duo – Microsoft Intune and Windows Autopilot.

Blog

Windows 10 device enrollment

Read more of our blog posts below...

Define Tomorrow™

Our latest blog posts