Register devices in AAD and MDM

The documentation provided below, can be given to your employees with little or no modifications. Once the device user completes the registration process, both the user and the device are registered and you can track compliance.

These steps can change without notice. Contact Microsoft for the most up-to-date instructions.

The registration step to tracking compliance is for the device user to configure Azure Active Directory (AAD) registration on the enterprise-owned device. Use the following scenarios to register the devices in AAD and MDM:

OOBE sign up for AAD enrollment

When a device is registered for the first time, the user will answer a few questions about the device. The AAD registration begins here.

  1. Indicate who owns the device by making one of the following selections:
  2. My organization
    • I own it
    • Select Next.
  3. Select Join Azure AD > Next.
  4. Enter your enterprise user name and password.
  5. Use the same credentials you use to log into your enterprise’s Office 365. Contact your administrator, if you cannot sign in for any reason.
  6. Select Sign In to connect to both Azure and the Ivanti EPMM.
  7. Read the MDM terms and conditions.
  8. Select Accept to complete registration into Azure and MDM.
  9. Microsoft requires pin registration for all AAD devices.
  10. Enter a PIN and select OK.
  11. In addition to the Set up a Pin screen, some users will be asked to verify that they are the correct user. This verification screen does not appear for all users. The User and device is now registered and can be used both by Azure and MDM. Compliance can now be tracked.

Post OOBE sign up for AAD enrollment

Device users can follow this procedure for company-owned devices that are not OOBE devices.

  1. Select Start > Settings > Accounts.
  2. Select Access Work or School.
  3. Select +Connect.
  4. Enter your enterprise email address in the text box.
  5. Select Next.
  6. Enter your enterprise user name and password.
  7. Use the same credentials you use to log into your enterprise’s Office 365. Contact your administrator, if you cannot sign in for any reason.
  8. Select Sign in to register your device and verify that it can be signed up for MDM service.

Workplace sign up for AAD enrollment

Device users can follow this procedure for devices.

  1. Select Start > Settings > Accounts.
  2. Select Access Work or School.
  3. Select +Connect.
  4. Go to the Alternate actions section and select Join this device to Azure Active Directory.
  5. Enter your enterprise user name and password.
  6. Use the same credentials you use to log into your enterprise’s Office 365. Contact your administrator, if you cannot sign in for any reason.
  7. Select Sign in to register your device and verify that it can be signed up for MDM service.

Terms of Service Customization

Administrators can customize their Ivanti EPMM Terms of Service pages for users with new Azure Active Directory registration.

To customize the Terms of Service page:

  1. Log into the Admin Portal.
  2. Select Settings > System Settings > Users & Devices > Registration.
  3. Scroll to the End User Terms of Service section and select Add+.
  4. Select a language.
  5. Go to the Type field and select AAD Enrollment.
  6. Customize the header text.
  7. Add customized text in the Agreement Content box.
  9. Select Save > Save.

    10. Users with new AAD registration will see this new Terms of Service page.