Enroll Win 10,11 Laptops, Desktops & Surface Pro Tablets
With the advent of Windows 10 and 11, MDM now lets you manage any kind of Windows device - be it laptop, desktop or Surface Pro tablets. The major advantage is the unified dashboard to manage all your Windows 10 and 11 devices and machines, ensuring all the requisite configurations aren't done twice - once for devices and once for machines.
Procedure
Follow the steps given below to enroll a Windows machine with MDM:
- On the MDM server, click on Enrollment tab from the top menu and select Laptop and Surface Pro enrollment, present under Windows.
- Download the enrollment tool from the MDM server, on the machine to be enrolled and extract the contents. You can also copy the extracted contents and paste it on the machines to be enrolled.
- From the extracted contents, run enrollment.bat to enroll the machine with MDM. You can view the list of devices enrolled by clicking on Laptop and Surface Pro enrollment tab from the left pane.
- Now the enrolled devices will be listed in the MDM server. You need to assign users to these devices to complete enrollment.
- You assign users on a device-to-device basis or in bulk using a CSV. In case of the former, click on the Assign user option present under Actions, against the device and provide the requisite data to complete user assignment. In case of the latter, click on Assign Users and upload a CSV (View Sample CSV) file with requisite details. You can additionally add devices to multiple groups to automate the distribution of apps, profiles and documents to devices.
- You can verify if the machine has been enrolled by navigating to Settings --> Accounts --> Access work or school and an MDM account will be displayed here.
Sample CSV Format
- The fields Serial Number, User Name, Email Address and Group Name are mandatory. All the other fields are optional. Ensure the specified group name is already created in the MDM server. If values are not provided, default values will be taken.
- The default values for various non-mandatory fields are:
Domain Name -- MDM
Owned By -- Corporate - If multiple groups are specified, the group names must be separated with a slash (/)
- The first line of the CSV is the column header and the columns can be in any order.
- Blank column values should be comma separated.
- If the column value contains comma, it should be specified within quotes.
Automated Enrollment for Endpoint Central Users
Endpoint Central is ManageEngine's unified endpoint management solution. So if you are a Endpoint Central user you can enjoy the benefits of managing both the modern and legacy systems right from a single console.
MDM has further simplified the enrollment process for Windows Laptops, and Surface Pros that are already managed by Endpoint Central. Follow the steps given below to automate your Win laptop and surface pro enrollment-
- On the MDM server, navigate to the Mobile Device Mgmt tab and select Enrollment from the left pane.
- Under the Windows Enrollment methods, click on Laptop and SurfacePro Enrollment.
- From the server, download the zip file titled ManageEngine_MDMLaptopEnrollment.zip by clicking on Download. Extract the file once the download is completed.
- Navigate to the Configurations tab on the Endpoint Central console.
- Under Configurations, select Windows from the menu that appears when you hover over it.
- Select the Custom Script and then Computer.
- Provide a name to your Configuration.
- For the Execute script from option, choose Command line
- Enter enrollment.bat -s in the Command line text box.
- Click Add to add the dependency files. To find the files, navigate to the Scripts folder in the extracted zip file. The following dependency files need to be uploaded
- enrollment.bat
- logger.conf
- mdmregistrationhandler.exe
- mdmServer.cer (This file will not be available if you are using third-party certificates to secure the server.)
- mdmregistrationhandler_64.exe
- You can also choose the frequency based on your requirement.
The next step would be to select the target computers which need to be enrolled.
- Under Define target, you can choose the remote office or the domain for which you want to apply this configuration.
- Once you have selected your target systems, you can make the other changes as required.
- Click on either Deploy or Deploy Now.
But what happens if your organization purchases new laptops, would you have to run this configuration again for those systems? You don't have to! You can just create a Dynamic Custom group to which systems are added if they meet certain criteria.
Follow the steps given below to create a dynamic custom group:
- Navigate to Admin and under Global Settings select Custom Groups
- Click on Create new group.
- Enter a Group Name and under Category select Dynamic.
- Configure to ensure that any new Win system gets added to this custom group.
- Click on Create Group.
Once the custom group is created, you can choose this group while defining a target for the created configuration. This will ensure that any new system that in managed by Endpoint Central will automatically get enrolled with MDM.
Assigning users to the systems
Once the system is enrolled with MDM, it will be available in the Laptop and SurfacePro Enrollment page along with the rest of the mobile devices. You can complete the user assignment process as explained earlier in this document.