Device Enrollment

You must enroll your devices to manage them with MCM and BigFix Mobile. MDM servers interact with the enrolled devices through MDM APIs.

MCM and BigFix Mobile support multiple enrollment methods based on the device’s operating system and the requirements in an organization. You have options to allow device users to self-enroll devices or let admin users configure settings to automatically enroll devices in large numbers.
Apple device (iPhone, iPad, and Mac) enrollment management
If you are managing iOS, iPadOS, and macOS devices, you will come across Apple Business Manager and Apple School Manager that include Device Enrollment (formerly known as DEP) and Volume Purchase Program. Apple Business/School Manager is Apple’s web portal, where IT admins can enroll their Apple devices and manage applications and licenses through VPP.
Android device enrollment
To automate the enrollment of Android smart phones and tablets, you can utilize built-in device management platforms. For managing software licenses and app installations, organizations can use the Managed Google Play Store.
The following table shows the different combinations of enrollment methods and operating systems along with the scenarios.
Enrollment method Operating System Scenario
Enrolling through enrollment URL Windows, macOS, iOS, iPadOS, and Android
  • The devices are already with the employees.
  • The number of devices to be enrolled are relatively less.
  • User can initiate enrollment.
Android

  • The devices are already with the employees.

  • The number of devices to be enrolled are relatively less.

  • Admin authenticates after which user can initiate enrollment with QR code.

Bulk enrollment Windows 10, Windows 11
  • Large number of Windows 10 and Windows 11 devices to be enrolled with MDM Server.
  • The enrollment needs to be automated without user intervention.
  • The devices have BigFix agent installed already.
Autopilot enrollment - Windows Windows 10 and Windows 11
  • Large number of company-owned Windows 10 and Windows 11 devices that need initial OS setup to be enrolled with MDM Server.
  • The enrollment needs to be automated without user intervention.
Autopilot enrollment with Hybrid Domain Join - Windows Windows 10 and Windows 11
  • The organization has an on-premises Active Directory Domain Services (AD DS) environment, and you want to join your Azure AD joined Windows laptops to your AD DS domain.
  • Large number of company-owned Windows 10 and Windows 11 devices that need initial OS setup to be enrolled with MDM Server.
  • The enrollment needs to be automated without user intervention.
Apple Automated Device Enrollment macOS, iOS, iPadOS
  • Large number of company-owned Apple devices (macOS, iOS, iPadOS) that need initial OS setup to be enrolled with MDM Server.
  • The enrollment needs to be automated without user intervention.
Zero-touch enrollment Android
  • Large number of company-owned Android devices that need initial OS setup to be enrolled with MDM Server.
  • The enrollment needs to be automated without user intervention.
Secure certificate deployment and enrollment using SCEP When the SCEP environment is set up, the following methods of enrollment are supported for certificate enrollment using SCEP:
  • OTA enrolment
  • Bulk enrollment
  • Autopilot enrollment
 Windows 10, Windows 11, macOS, iOS, iPadOS IT administrator can automatically enroll every managed device for a client certificates without requiring any end user interaction.
SAML-authenticated enrollment Windows 10, Windows 11, macOS, iOS, iPadOS, Android To authenticate the user via the identity provider before proceeding with the enrollment process.