diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index b9f88dc916..4fabdbc971 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -1,6 +1,6 @@ --- title: Bulk enrollment -description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10. +description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 and Windows 11. MS-HAID: - 'p\_phdevicemgmt.bulk\_enrollment' - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool' @@ -18,7 +18,7 @@ ms.date: 06/26/2017 # Bulk enrollment -Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 desktop and mobile devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. +Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. ## Typical use cases @@ -37,27 +37,29 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro > - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in Microsoft Endpoint Manager where the ppkg is generated from the Configuration Manager console. > - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**. +> - Bulk Token creation is not supported with federated accounts. ## What you need -- Windows 10 devices -- Windows Imaging and Configuration Designer (ICD) tool - To get the ICD tool, download the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information about the ICD tool, see [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows ICD](/windows/configuration/provisioning-packages/provisioning-install-icd). -- Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.) +- Windows 10 devices. +- Windows Configuration Designer (WCD) tool. + + To get the WCD tool, download from the [Microsoft Store](https://www.microsoft.com/store/productId/9NBLGGH4TX22). For more information about the WCD tool, see [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows WCD](/windows/configuration/provisioning-packages/provisioning-install-icd). +- Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.). - Wi-Fi credentials, computer name scheme, and anything else required by your organization. Some organizations require custom APNs to be provisioned before talking to the enrollment endpoint or custom VPN to join a domain. ## Create and apply a provisioning package for on-premises authentication -Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. +Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. -1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +1. Open the WCD tool. 2. Click **Advanced Provisioning**. ![icd start page](images/bulk-enrollment7.png) 3. Enter a project name and click **Next**. -4. Select **All Windows editions**, since Provisioning CSP is common to all Windows 10 editions, then click **Next**. +4. Select **All Windows editions**, since Provisioning CSP is common to all Windows editions, then click **Next**. 5. Skip **Import a provisioning package (optional)** and click **Finish**. 6. Expand **Runtime settings** > **Workplace**. 7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**. @@ -70,8 +72,9 @@ Using the ICD, create a provisioning package using the enrollment information re - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. - **Secret** - Password For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). - Here is the screenshot of the ICD at this point. - ![bulk enrollment screenshot](images/bulk-enrollment.png) + Here is the screenshot of the WCD at this point. + + ![bulk enrollment screenshot](images/bulk-enrollment.png) 9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). 10. When you are done adding all the settings, on the **File** menu, click **Save**. 11. On the main menu click **Export** > **Provisioning package**. @@ -90,12 +93,12 @@ Using the ICD, create a provisioning package using the enrollment information re ## Create and apply a provisioning package for certificate authentication -Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. +Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. -1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +1. Open the WCD tool. 2. Click **Advanced Provisioning**. 3. Enter a project name and click **Next**. -4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows 10 editions. +4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows editions. 5. Skip **Import a provisioning package (optional)** and click **Finish**. 6. Specify the certificate. 1. Go to **Runtime settings** > **Certificates** > **ClientCertificates**. @@ -129,8 +132,7 @@ Using the ICD, create a provisioning package using the enrollment information re Here's the list of topics about applying a provisioning package: - [Apply a package on the first-run setup screen (out-of-the-box experience)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment#apply-package) - topic in Technet. -- [Apply a package to a Windows 10 desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image) - topic in MSDN -- [Apply a package to a Windows 10 Mobile image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_mobile_image) - topic in MSDN. +- [Apply a package to a Windows desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image) - topic in MSDN - [Apply a package from the Settings menu](#apply-a-package-from-the-settings-menu) - topic below ## Apply a package from the Settings menu