Citrix Endpoint Management

Bulk enrollment of Windows devices

Endpoint Management supports bulk enrollment of Windows 10 desktop and tablet devices. With bulk enrollment, you can set up many devices for Endpoint Management to manage without reimaging devices. You use the provisioning package for bulk enrollment.

A general workflow to bulk enroll Windows 10 devices is as follows:

  1. Assign devices. You can assign devices either on a per-device basis or in bulk.
  2. Configure bulk enrollment.
  3. Create a provisioning package and apply that package per device.

Before running bulk enrollment, ensure that you assign all devices to the correct users. Perform this assignment by adding the devices on a per-device basis or in bulk.

Assign devices on a per-device basis

  1. In the Endpoint Management console, navigate to Manage > Devices > Device Allow List.

    Allowed devices configuration screen

  2. To add each device, click Add.

    Allowed devices configuration screen

  3. Type the following information:

    • Device platform: Select Windows.
    • Device ID Type: Select an ID that identifies the device. Endpoint Management supports Hardware ID and Device Name for Windows devices.
    • Device ID: Type the ID corresponding to the type you selected previously for the device.
    • Associated User: Displays the associated user for this device. This field automatically populates with the user you select.
    • Select domain: Select the domain from which you want to search for an associated user.
    • Search for user Type a full or partial user name in this field and click Search to find a user to associate with this device.
  4. Click Save.

Add devices in bulk

  1. In the Endpoint Management console, navigate to Manage > Devices > Device Allow List.

    Allowed devices configuration screen

  2. Click Import.

    Import allowed devices screen

  3. Click Download to download a template (spreadsheet) for the device allow list. Fill out that spreadsheet and then upload the spreadsheet using Choose File and Import.

Configure bulk enrollment

  1. In the Endpoint Management console, navigate to Settings > Windows Bulk Enrollment.

  2. In the UPN field, type a user name through which to deploy all devices. The UPN must be a valid user in Endpoint Management that has the enrollment permissions. You can provide a UPN that is different from the associated user you selected previously.

    Windows Bulk Enrollment configuration screen

    You need the URLs when creating a provisioning package in the Windows Configuration Designer.

  3. Click Save.

Create and apply a provisioning package

To bulk provision devices, download the Windows Configuration Designer from the Microsoft Store. The Windows Configuration Designer creates provisioning packages used to image devices. As part of these packages, you can include Endpoint Management bulk enrollment configuration settings so that provisioned devices automatically enroll into Endpoint Management.

For information about using a provisioning package, see https://docs.microsoft.com/en-us/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool. Follow the steps described in the Create and apply a provisioning package for on-premises authentication section in that document. You follow those steps to include the following Endpoint Management bulk enrollment configuration settings and to apply the package to each device.

  • Discovery service URL.
  • Enrollment service URL.
  • Policy service URL.
  • Secret. Password of the UPN. You previously typed the user name in the UPN field.

Bulk enroll devices out of the box

Endpoint Management supports bulk enrollment of Windows devices out of the box. Follow these steps to set up and perform bulk enrollment:

  1. Use the Endpoint Management console to add devices (on a per-device basis or in bulk) and to configure bulk enrollment. For more information, see Add devices in bulk and Configure bulk enrollment.

  2. Create a provisioning package, as described in Create and apply a provisioning package.

    Note:

    You need to configure the device name for each device when creating a provisioning package. To do so, in Windows Configuration Designer, navigate to Runtime settings > Accounts > ComputerAccount > ComputerName and specify the name of the device. The device name you specify for each device must align with the name you used when importing allow list devices.

  3. Place that provisioning package into a USB stick.

  4. Insert the USB stick into the target device the first time the user turns on the device.

    Windows device automatically discovers the provisioning package (.ppkg) on the USB stick. For detailed instructions, see the Microsoft documentation at https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package?redirectedfrom=MSDN#during-initial-setup-from-a-usb-drive.

The device automatically enrolls into Endpoint Management.

For devices running Windows 10 version 2004 or later, you can simplify the enrollment process by creating only one provisioning package. The package can then be applied to all devices. As a result, you no longer need to create a provisioning package on a per-device basis.

To simplify the enrollment process, perform these steps when creating a provisioning package:

  1. In Windows Configuration Designer, navigate to Runtime settings > Accounts > ComputerAccount > ComputerName.
  2. In the ComputerName field, include the following string as part of the device name: %SERIAL%. For example: Surface-%SERIAL%. The string expands to the BIOS serial number of each device.

Bulk enrollment of Windows devices