Windows Desktop enrollment methods all use the Work Access native MDM Client. Use the native MDM enrollment to enroll both corporate owned and BYOD devices through the same enrollment flow.

Work Access first processes an Azure AD work flow for domains connected to Office 365 or Azure AD when you select Connect and does not automatically complete the enrollment workflow. If you use Office 365 or Azure AD without a premium license, consider using the Workspace ONE Intelligent Hub to enroll Windows 10 devices instead of native MDM enrollment. To complete the enrollment workflow using native MDM enrollment, select Connect twice. If you have an Azure AD premium license, you can enabled Require Management in your Azure instance to have native MDM enrollment complete the enrollment flow after the Azure work flow. You can use native MDM enrollment without issue if you do not use Office 365 or Azure AD.

Only users who have local admin permissions on the device can enroll a device into Workspace ONE UEM and enable MDM. Domain Admin permissions do not work for enrolling a device. To enroll a device with a standard user, you must use Bulk Provisioning for Windows 10 devices.

By using the Windows Auto-Discovery Service, you simplify enrollment for your end user by reducing the necessary interaction during enrollment. Using the Windows Auto-Discovery Service requires you to follow the steps outlined in the VMware AirWatch Windows Auto-Discovery Service Installation Guide.

Devices joined to a domain can enroll using the native Workplace enrollment. The email address entered in the settings is auto-populated with the Active Directory UPN attribute. If the end user wants to use a different email address, they must download the optional update.