Using Bulk Enrollment for Windows devices

The Bulk Enrollment feature enables you to quickly register multiple Windows devices with Ivanti Neurons for MDM.

Prerequisites:

  • User accounts must be imported on Ivanti Neurons for MDM using Azure AD (AAD) Premium Account.
  • All devices should have Windows Configuration Designer installed.

Procedure:

  1. Link the Ivanti Neurons for MDM and AAD tenants. See Connecting AAD to UEM for Windows 10 Devices.
  2. Open the Windows Configuration Designer app and select Provision desktop devices. A New project window appears on the screen.
  3. Enter the following details:
    • Name - A unique name for your project
    • Project folder - Location on the device where you want to save the project
    • Description - Optional description of the project
  4. Click Finish to close the new project window and perform a sequence of steps.

    5. Set up device

  5. Enter a unique name for your devices. The name can include a serial number (%SERIAL%) or a random set of characters.
  6. Optionally you can enter a product key if you are upgrading the Windows, configuring the device for a shared use, or removing pre-installed software.

    7. Set up network

  7. Optionally you can configure the Wi-Fi network devices to connect to when they first start. If the network devices are not configured, a wired network connection is required when the device is started first.

    8. Account Management

  8. Select Enroll in Azure AD, enter a Bulk Token Expiry date, and then click Get Bulk Token.
  9. Enter your Azure AD credentials to get a bulk token.
  10. In the Stay signed in to all your apps page, click No, sign in to this app only.
    • Click Next when Bulk Token is fetched successfully and Create the Package.
    • A user with provisioning package is created in the Azure portal - User principal name (like package_0ea893a5-1e93-4d21-a6b1-dc788946fd1d@miwinqe.onmicrosoft.com). Copy the file (runtime ppkg tool) to a storage device.

    The AAD user for creating bulk token, and the package user should not have MFA enabled. To verify, you need to perform OOBE + AAD join on that user.

  11. Recreate or synchronize the package user (created in Azure) to Ivanti Neurons for MDM.

Bulk enroll a device with a flash drive contained the provisioning package. You can also double-click on the existing device to perform post-OOBE experience. If the package failed to install in the first attempt, the second attempt also fails. Check if the new device is created in Ivanti Neurons for MDM and AAD belongs to the package user.