Windows Azure Enrollment
To customize the login screen and/or to ease the process of device activation/initial device setup, you need to configure Windows AutoPilot. For the steps to configure Windows Autopilot, follow the steps given here.
Windows Azure Enrollment, is an enrollment method provided by Microsoft for streamlined and efficient provisioning of MDM management on devices, in bulk.
Advantages of Windows Azure Enrollment
- One-time setup
- Aids large scale enterprise device roll out
- Mandatory MDM management
Pre-requisites
- A third-party certificate
- An Azure administrator account
Steps for configuring Windows Azure Enrollment
Step #1: Provisioning third-party certificates
If you have already added a third-party certificate to MDM, go to Step #2. You require a trusted third-party certificate to be added to MDM, to configure Windows Azure Enrollment. You can refer this for more details regarding provisioning of third-party certificates.
Step #2: Purchase adequate Azure user licenses
If you already purchased licenses you can assign it to user/groups as explained here. If you have also assigned users, you can go to Step #3. You then need to purchase adequate licenses based on the number of users, permitted to enroll devices using Azure. To purchase licenses, follow the steps given below:
- Login to Azure portal with your Azure account credentials or navigate to Entra ID(formerly Azure Active Directory) -> Licenses -> All Products -> Try/Buy.
- Select Entra ID(formerly Azure AD) Premium P2 and click on Free Trial. Click on Activate, on which you are taken to the pricing page, where you can proceed with purchasing the licenses.
- Once purchased, go back to All Products, select Entra ID(formerly Azure Active Directory) Premium P2 and click on Assign.
- Now click on Users and Groups, select the requisite groups/devices and click on Select.
- Now select Assign, to complete assigning the licenses.
Step #3: Configure App Template
- Go to Azure Portal and login, if need be or navigate to Entra ID(formerly Azure Active Directory) -> Mobility (MDM and MAM) -> Add Application. Select On-Premises MDM (in case of MDM On-Premises) or ManageEngine MDM (in case of MDM Cloud) and then click on Add.
- Now, click on Mobility (MDM and MAM) and click on the application added in the previous step.
- Refer the table given below and specify the parameters applicable for MDM On-Premises or MDM Cloud respectively as shown.
- Once done, go to Settings on the machine which is to be enrolled and then click on Access Work or School. Click on Connect and provide your Azure account to complete enrollment.
In case of MDM On-Premises:
In case of MDM Cloud:
In case of MDM On-Premises:
In case of MDM Cloud:
In case of MDM On-Premises:
In case of MDM Cloud:
PARAMETER | DESCRIPTION |
---|---|
MDM user scope | The AD groups to which you want to permit enrollment via Azure. You can choose provision to all your AD groups or specific AD groups. |
MDM terms of use URL | On the MDM Server, Navigate to Enrollment -> Windows Azure Enrollment and use the URL provided for MDM terms of use URL. |
MDM discovery URL | On the MDM Server, Navigate to Enrollment -> Windows Azure Enrollment and use the URL provided for MDM discovery URL. |
App ID URI | On the MDM Server, Navigate to Enrollment -> Windows Azure Enrollment and use the URI provided for App ID URI. |
Assign Users
The devices can either be enrolled by the users themselves or enrolled by the Admin and then assign it to the corresponding user. Now, you need to assign users to these devices, to complete enrollment. To do that, follow the steps given below:
- On the MDM server, click on Enrollment from the top menu and select Windows Azure Enrollment, from the left pane.
- Here all the devices enrolled via Azure enrollment but yet to be assigned users are listed.
- You can assign users on a device-to-device basis, by clicking on the Assign User option present under Action. If the users themselves have enrolled the device, you select Same User for the option Assign to. You can also assign users in bulk, by click on the Assign Users button, present above the table and uploading a CSV file, based on the specifications given below. Additionally, you can also add devices to multiple groups to automate the distribution of apps, profiles and documents to devices.
Sample CSV Format
USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,PLATFORM_TYPE,OWNED_BY,GROUP_NAME,UDID
ANDREW,,andrew@mobiledevicemanagerplus.com,iOS,Personal,IOS_Group,00f0ba8f7a6c41cca9cc5fd6b7ee666b
- The fields Serial Number, User Name, Email Address, and Group Name are mandatory. All the other fields are optional. Ensure the specified group name is already created in the MDM server. If values are not provided, default values are taken.
- The default values for various non-mandatory fields are:
Domain Name -- MDM
Owned By -- Corporate - If multiple groups are specified, the group names must be separated with a slash (/).
- The first line of the CSV is the column header and the columns can be in any order.
- Blank column values should be comma separated.
- If the column value contains comma, it should be specified within quotes.
Click here to know about the ports to be opened for managing mobile devices.