Before reading this guide, gather and prepare the requirements needed to use AirWatch with Windows Phone devices.

Requirements for Internal Application Management

  • Microsoft Developer's Account – The AirWatch Admin must purchase an account, which consists of the following:
    • Windows Account ID – This account (different from the Windows Live ID) costs a fee and enables your company to add applications to the Windows Phone Development Center.
    • Symantec Certificate – You need to acquire an Enterprise Code Signing certificate for Windows Phone from Symantec.

      This certificate is needed to generate an application enrollment token (AET) (.aetx file) that you upload into the AirWatch Console, which lets you distribute approved enterprise internal applications. See Register Applications With the Windows Phone Dev Center for more information.

    • Trusted Code Signing Certificate – Windows 10 supports signing internal apps with a Trusted Code Signing certificate. AirWatch also supports pushing root and intermediate certificates to establish the certificate trust chain.

    If you are considering the deployment of enterprise internal applications, make sure you generate and upload the AET before enrolling MDM devices. Otherwise, all devices enrolled before following the Mobile Application Management Guide will need to be re-enrolled again in order to access enterprise internal applications.

Enrollment Requirements

  • Active Environment – This is your active Workspace ONE UEM environment and access to the Workspace ONE UEM console.
  • Appropriate Admin Permissions – This type of permission allows you to create profiles, policies and manage devices within the UEM console.
  • Enrollment URL – This URL is unique to your organization's enrollment environment and takes you directly to the enrollment screen. For example,
  • Group ID – This associates your device with your corporate role and is defined in the UEM console.

If your enrollment server is behind a proxy, the Windows services need to be configured to be proxy-aware when configuring your network settings.