From 948b041f1eb568b1961e715c01e127fb369d5b6a Mon Sep 17 00:00:00 2001 From: gkomatsu Date: Mon, 9 Aug 2021 11:04:48 -0700 Subject: [PATCH 1/4] Update bulk-enrollment-using-windows-provisioning-tool.md Changed terms ICD -> WCD. Changed link from ADK to Microsoft Store Added Windows 11. Added bullet "Bulk Token creation is not supported with federated accounts." to notes --- ...ollment-using-windows-provisioning-tool.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index b9f88dc916..b3466dc27f 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -1,6 +1,6 @@ --- title: Bulk enrollment -description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10. +description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 and 11. MS-HAID: - 'p\_phdevicemgmt.bulk\_enrollment' - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool' @@ -18,7 +18,7 @@ ms.date: 06/26/2017 # Bulk enrollment -Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 desktop and mobile devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. +Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. ## Typical use cases @@ -37,12 +37,13 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro > - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in Microsoft Endpoint Manager where the ppkg is generated from the Configuration Manager console. > - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**. +> - Bulk Token creation is not supported with federated accounts. ## What you need - Windows 10 devices -- Windows Imaging and Configuration Designer (ICD) tool - To get the ICD tool, download the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information about the ICD tool, see [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows ICD](/windows/configuration/provisioning-packages/provisioning-install-icd). +- Windows Configuration Designer (WCD) tool + To get the WCD tool, download from the [Microsoft Store](https://www.microsoft.com/store/productId/9NBLGGH4TX22). For more information about the WCD tool, see [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows WCD](/windows/configuration/provisioning-packages/provisioning-install-icd). - Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.) - Wi-Fi credentials, computer name scheme, and anything else required by your organization. @@ -50,14 +51,14 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro ## Create and apply a provisioning package for on-premises authentication -Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. +Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. -1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +1. Open the WCD tool. 2. Click **Advanced Provisioning**. ![icd start page](images/bulk-enrollment7.png) 3. Enter a project name and click **Next**. -4. Select **All Windows editions**, since Provisioning CSP is common to all Windows 10 editions, then click **Next**. +4. Select **All Windows editions**, since Provisioning CSP is common to all Windows editions, then click **Next**. 5. Skip **Import a provisioning package (optional)** and click **Finish**. 6. Expand **Runtime settings** > **Workplace**. 7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**. @@ -70,7 +71,7 @@ Using the ICD, create a provisioning package using the enrollment information re - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. - **Secret** - Password For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). - Here is the screenshot of the ICD at this point. + Here is the screenshot of the WCD at this point. ![bulk enrollment screenshot](images/bulk-enrollment.png) 9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). 10. When you are done adding all the settings, on the **File** menu, click **Save**. @@ -90,12 +91,12 @@ Using the ICD, create a provisioning package using the enrollment information re ## Create and apply a provisioning package for certificate authentication -Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. +Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. -1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). +1. Open the WCD tool. 2. Click **Advanced Provisioning**. 3. Enter a project name and click **Next**. -4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows 10 editions. +4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows editions. 5. Skip **Import a provisioning package (optional)** and click **Finish**. 6. Specify the certificate. 1. Go to **Runtime settings** > **Certificates** > **ClientCertificates**. @@ -129,8 +130,7 @@ Using the ICD, create a provisioning package using the enrollment information re Here's the list of topics about applying a provisioning package: - [Apply a package on the first-run setup screen (out-of-the-box experience)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment#apply-package) - topic in Technet. -- [Apply a package to a Windows 10 desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image) - topic in MSDN -- [Apply a package to a Windows 10 Mobile image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_mobile_image) - topic in MSDN. +- [Apply a package to a Windows desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image) - topic in MSDN - [Apply a package from the Settings menu](#apply-a-package-from-the-settings-menu) - topic below ## Apply a package from the Settings menu From b901354412a69437adb848bf5df7ba6a1c3c7b50 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 9 Aug 2021 11:26:56 -0700 Subject: [PATCH 2/4] Update bulk-enrollment-using-windows-provisioning-tool.md --- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index b3466dc27f..4df0e51619 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -1,6 +1,6 @@ --- title: Bulk enrollment -description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 and 11. +description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10 and Windows 11. MS-HAID: - 'p\_phdevicemgmt.bulk\_enrollment' - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool' From 5e7ce5d47057923098b21c8474b9b3f8745d1415 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 9 Aug 2021 12:34:41 -0600 Subject: [PATCH 3/4] fix staging Sync PR: https://github.com/MicrosoftDocs/windows-docs-pr/pull/5487 --- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 4df0e51619..1b84316554 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -43,6 +43,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro - Windows 10 devices - Windows Configuration Designer (WCD) tool + To get the WCD tool, download from the [Microsoft Store](https://www.microsoft.com/store/productId/9NBLGGH4TX22). For more information about the WCD tool, see [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows WCD](/windows/configuration/provisioning-packages/provisioning-install-icd). - Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.) - Wi-Fi credentials, computer name scheme, and anything else required by your organization. From ed55b1a5eb132967fd09b50d5c86647a1df73b5e Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 9 Aug 2021 12:46:55 -0600 Subject: [PATCH 4/4] Fix formatting Sync PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/5487 --- .../bulk-enrollment-using-windows-provisioning-tool.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 1b84316554..4fabdbc971 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -41,11 +41,11 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro ## What you need -- Windows 10 devices -- Windows Configuration Designer (WCD) tool +- Windows 10 devices. +- Windows Configuration Designer (WCD) tool. To get the WCD tool, download from the [Microsoft Store](https://www.microsoft.com/store/productId/9NBLGGH4TX22). For more information about the WCD tool, see [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) and [Getting started with Windows WCD](/windows/configuration/provisioning-packages/provisioning-install-icd). -- Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.) +- Enrollment credentials (domain account for enrollment, generic enrollment credentials for MDM, enrollment certificate for MDM.). - Wi-Fi credentials, computer name scheme, and anything else required by your organization. Some organizations require custom APNs to be provisioned before talking to the enrollment endpoint or custom VPN to join a domain. @@ -73,7 +73,8 @@ Using the WCD, create a provisioning package using the enrollment information re - **Secret** - Password For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). Here is the screenshot of the WCD at this point. - ![bulk enrollment screenshot](images/bulk-enrollment.png) + + ![bulk enrollment screenshot](images/bulk-enrollment.png) 9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). 10. When you are done adding all the settings, on the **File** menu, click **Save**. 11. On the main menu click **Export** > **Provisioning package**.