Device enrollment establishes the initial communication with AirWatch to enable Mobile Device Management (MDM). Windows Desktop devices enroll using MDM-functionality built into the Windows OS.
The enrollment methods for Windows Desktop devices vary based on your AirWatch deployment, enterprise integrations, and device operating system. The Windows Desktop platform supports various OS versions and SKUs for Windows devices. For more information, see Supported Windows Desktop Devices.
Before enrolling devices, ensure that you have the required enrollment information. See Windows Desktop Enrollment Requirements for more information.
Simplify end-user enrollment by setting up the Windows Auto-Discovery Services (WADS) in your AirWatch environment. WADS supports an on-premises solution and cloud-based WADS.
The enrollment methods use either the native MDM functionality of the Windows operating system, the AirWatch Agent for Windows, or Azure AD integration.
If you want to use AirWatch to manage Windows devices managed by SCCM, you must download the VMware AirWatch SCCM Integration Client. Use this client to enroll SCCM-managed devices into AirWatch. For more information, see the Knowledge Base article VMware AirWatch SCCM Integration Client: https://support.air-watch.com/articles/115001664948.
AirWatch Agent for Windows Enrollment
The simplest enrollment workflow uses the AirWatch Agent for Windows to enroll devices. End users simply download the AirWatch Agent from the Windows Store and follow the prompts to enroll. For more information on Agent-based enrollment, see AirWatch Agent for Windows Enrollment.
Native MDM Enrollment
AirWatch supports enrolling Windows Desktop devices using the native MDM enrollment workflow. The name of the native MDM solution varies based on the version of Windows. This enrollment flow changes based on the version of Windows and if you use WADS.
For more information, see Native MDM Enrollment for Windows Desktop.
If you want to configure device management on a Windows 10 device before shipping a device to your end user, consider using Windows Desktop device staging. This enrollment workflow allows you to enroll a device through the AirWatch Agent, install device-level profiles, and then ship the device to end users. The two methods of device staging are manual installation and command-line installation. Manual installation requires devices to be domain-joined to an Azure AD integration. Command-line installation works for all Windows 10 devices. See Device Staging Enrollment for more information.
Azure AD Integration Enrollment
Through integration with Microsoft Azure Active Directory, Windows devices can automatically enroll into AirWatch with minimal end-user interaction. Azure AD integration enrollment simplifies enrollment for both end users and admins. Azure AD integration enrollment supports three different enrollment flows: Join Azure AD, Out of Box Experience enrollment, and Office 365 enrollment. All methods require configuring Azure AD integration with AirWatch.
Before you can enroll your devices using Azure AD integration, you must configure AirWatch and Azure AD. For more information, see Configure Azure AD Identity Services for SaaS Deployments.
To enroll through Azure AD integration workflows, see Enrollment Through Azure AD Integration.
Bulk Provisioning and Enrollment
Bulk provisioning creates a pre-configured package that stages Windows 10 devices and enrolls them into AirWatch. Bulk provisioning requires downloading the Microsoft Assessment and Development Kit and installing the Imaging and Configuration Designer tool. This tool creates the provisioning packages used to image devices.
With the bulk provisioning workflow, you can include AirWatch settings in the provisioning package so that provisioned devices automatically enroll during the initial Out of Box Experience. For more information, see Bulk Provisioning and Enrollment.
AirWatch Protection Agent
The AirWatch Protection Agent adds endpoint protection to ensure that your Windows Desktop devices remain secure. By enabling the AirWatch Protection Agent, you allow AirWatch to configure and use native Windows features for device security. The Encryption, Firewall, and Windows Updates profiles require the AirWatch Protection Agent to provision devices. For more information, see AirWatch Protection Agent for Enrollment.