Bulk enrollment

Bulk enrollment is an efficient way to set up and enroll a huge number of Windows 10 devices to BigFix MDM Server without the need to re-image the devices and without much user intervention.

For more information about bulk enrollment of Windows 10 devices, see Bulk enrollment.

The main advantages of bulk enrollment are:
  • Large scale enrollment – With this method of enrollment, you can enroll huge number of Windows 10 devices efficiently.
  • One-time configuration – As an administrator, you just need to configure the Windows provisioning package (.ppkg) once; after that, end users can enroll their devices to BigFix MDM by simply installing the .ppkg file.
    Note: A provisioning package (.ppkg) is a container for a collection of configuration settings. For more information, see Provisioning packages for Windows 10.

Prerequisites for Windows devices bulk enrollment

A general workflow to bulk enroll Windows 10 devices is as follows:

  1. Assign devices. You can assign devices either on a per-device basis or in bulk.
  2. Configure bulk enrollment.
  3. Create a provisioning package and apply that package per device.

Before running bulk enrollment, ensure that you assign all devices to the correct users. Perform this assignment by adding the devices on a per-device basis or in bulk.

Add devices in bulk

Configure bulk enrollment: As an administrator, configure the WebUI client setting MCM_WIN10_BULK_ENROLL_ENDPOINT = 1 to enable bulk enrollment in a Windows 10 device.

Create a Win10 ppkg bulk enrollment artifact
  1. Windows 10 ppkg artifacts are generated.
  2. The generated ppkg artifacts are moved from archivenow folder to uploads folder.
  3. The generated ppkg artifacts are copied to /var/opt/BESUEM/packages

Pre-staging PPKG for bulk enrollment: When we need to designate a Win10 VM as on which we create the PPKG file and through an action, the generated ppkg file (from a pre designated win10 endpoint) is achieved (using Bigfix Archive Now) onto BES Root server and then moved onto wwwrootbes and then moved to all MDM Servers in the deployment. This will ensure that the PPKG is pre-staged on all MDM Servers and when action to deploy PPKG on all Win10 endpoints having a BES Agent installed on them, as BES Agent runs the PPKG file and installs MDM Profile on the Win10 machines. To pick the 1st Win10 VM as a designated machine on which PPKG file will be created, there is a client setting value set to identify that win10 machine as the PPKG generator machine.

When BULK_ENROLL = true, Download the profile and enroll (using /win/bulkenroll)

2)When BULK_ENROLL = true and PPKG profile not exist for downloading, fallback to existing enroll process (using /win/enroll)

3)When BULK_ENROLL = true and if PPKG profile not exist. And on trying to enroll using cmdline (using BES agent) should result into an error (not required any fallback mechanism)

4)When BULK_ENROLL = false. from UI should fallback to existing enrollment process(using /win/enroll)

5)When BULK_ENROLL = false. from cmdline should return error

6)When BULK_ENROLL and AUTOPILOT_ENROLL both exist at a time(no dependency on each other)

7)Default value for both BULK_ENROLL and AUTOPILOT_ENROLL is true

8)When AUTOPILOT_ENROLL = false "/win/TermsOfUse" and "/win/autopilot_enroll" should result into error

9) In Openresty "/win/bulkenroll" proxy pass to windows MDM i.e "/win/enroll"( No addition of new end point in mdm windows server)

10) In Openresty "/win/autopilotenroll" proxy pass to windows MDM i.e "/win/enroll"( No addition of new end point in mdm windows server)

Configure bulk enrollment: As an administrator, configure the WebUI client setting MCM_WIN10_BULK_ENROLL_ENDPOINT = 1 to enable bulk enrollment in a Windows 10 device.

Deploy MDM agents: Once Win10 PPKG have been uploaded to wwwrootbes/uploads, WebUI needs to be able to deploy MDM agents through BigFix

  1. Select the Windows 10 devices from the list of devices.
  2. Click Deploy.