Bulk enrollment - Windows 10

Read this section to understand the step-by-step procedure of Windows 10 bulk enrollment.

Prerequisites: Ensure the Windows 10 devices that you target for bulk enrollment have BigFix Agents installed.
About this task: The work flow of Windows 10 bulk enrollment is as follows:
  1. Designate Provisioning Package Generation Point: A Master Operator designates a Windows 10 device to generate a Windows provisioning package (.ppkg) file. This configuration task sets a client setting on the designated Windows 10 endpoint to designate it as the device that creates the PPKG file later used to enroll Windows 10 devices to MDM.
  2. Create Windows 10 PPKG artifact: A Master Operator generates Windows provisioning package (.ppkg) file using the endpoint designated in Step-1. After this step, the .ppkg file is available in the MDM Server to facilitate bulk enrollment in the deployment.
  3. Bulk enroll: After triggering the action, the targeted Windows 10 devices that have the BigFix Agent installed are enrolled to MDM automatically with the pre-configured .ppkg artifact without user intervention.

Designate Provisioning Package Generation Point

To designate a Windows 10 device as the Windows provisioning package generation point, do the following:

  1. Log in to BigFix WebUI as a Mater Operator.
  2. On the WebUI main page, click App > MCM
  3. On the Modern Client Management page, click Admin > Enrollments > Designate Provisioning Package Generation Point.
    Bulk enroll - Target by device
  4. On the Designate Provisioning Package Generation Point page, in the Target Device section, click Edit Devices.
  5. On the Target By Device page, select a Windows 10 device in which you want to generate the .ppkg file and click OK.
    Bulk enroll - Target by device
  6. Verify the information in the Target Device and the Review sections and click Deploy.

Result: The selected device becomes the provisioning package generation point where you can create .ppkg file. A client setting MCM_WIN10_BULK_ENROLLMENT_ENDPOINT = 1 is set on the targeted device.

Create Windows 10 Provisioning Package

To create Windows a provisioning package (.ppkg) and make it available for bulk enrollment in the MDM server, do the following:

  1. Login to the WebUI as a Master Operator.
  2. Click App > MCM
  3. On the Modern Client Management page, click Admin.
  4. On the Admin page, click Enrollments > Bulk Enrollment.
    Bulk enroll - Target by device
  5. The Target Device section displays the number of Windows 10 devices as designated in Designate Provisioning Package Generation Point). To make any changes, click Edit Devices.
    Note: Windows 10 device that you select here uses ArchiveNow to upload ppkg content on to the root MDM server. If you have a particular work flow around the selected Windows 10 endpoint and ArchiveNow, that is overwritten after this action.
  6. In the Target MDM Server section, click Edit Devices to select the MDM Server to which you want to transfer the generated .ppkg file and make it available for enrollment.
  7. In the Parameters section, enter the LDAP username, LDAP password.
    Note: This username has to be in the form username@example.com for bulk enrollment to be successful. Also note, even if the deployment does not have LDAP configured with MDM, an LDAP username and password needs to be entered for bulk enrollment to be successful.
  8. Verify the information in the Review section.
  9. Click Deploy.
Results: After this action is completed:
  • Windows 10 ppkg file is created in the targeted Windows 10 device at C://MCMPPKG.
  • The created ppkg file is transferred to the target MDM server at /var/opt/BESUEM/packages to facilitate enrollment.

Bulk enroll

To enroll Windows 10 devices through bulk enrollment using the .ppkg artifacts that was created in the previous steps, do the following:
  1. Log in to BigFix WebUI.
  2. On the Devices page filter Windows 10 devices with native BigFix agent installed. To do that, in the OS column, select Windows and in the Agent column, select Yes.
  3. From the devices list select all or a subset of devices for bulk enrollment.
  4. Click Administration > MDM Enroll.
    Bulk enroll - Target by device
    The Windows 10 Enrollment page appears.

  5. In the Target section, the number of targeted devices is displayed. If you want to change the targeted devices, click Edit Devices.
  6. Action Staggering Settings: Select Enable Action Staggering and enter Stagger Action Over Duration in minutes. Use this setting to spread out the load on the MDM server and network to prevent all the targeted endpoints attempting to enroll at the same time. Staggering enrolling endpoints normalizes the amount of traffic generated by newly enrolled devices over a broader more manageable period of time. When this is set, each endpoint selects a random time within the specified time interval to enroll.
  7. For Select Your Provisioning Package, select the MDM server to which you want to enroll the selected devices.
  8. Click Send Command. A BigFix deployment is generated that initiates MDM enrollment on the selected devices, and users are taken to a deployment document with information on devices targeted and device results. At any point, to stop the deployment, click Stop Deployment.
    Bulk enroll - Status overview
Results: After running the action, all the targeted Windows 10 devices get enrolled to the selected MDM server. The enrolled devices report with MDM icon in The Device List.