Citrix Endpoint Management

Enroll Windows devices in bulk

Citrix Endpoint Management supports bulk enrollment of Windows 10 and Windows 11 desktop and tablet devices. With bulk enrollment, you can set up many devices for Citrix Endpoint Management to manage without reimaging devices. You use the provisioning package for bulk enrollment.

A general workflow to bulk enroll Windows 10 and Windows 11 devices is as follows:

  1. Assign devices. You can assign devices either on a per-device basis or in bulk.
  2. Configure bulk enrollment.
  3. Create a provisioning package and apply that package per device.

Before running bulk enrollment, make sure that you assign all devices to the correct users. Do this assignment by adding the devices on a per-device basis or in bulk.

Assign devices on a per-device basis

  1. In the Citrix Endpoint Management console, navigate to Manage > Devices > Device Allow List.

    Allowed device configuration screen

  2. To add each device, click Add.

    Allowed device configuration screen

  3. Type the following information:

    • Device platform: Select Windows.
    • Device ID Type: Select an ID that identifies the device. Citrix Endpoint Management supports Hardware ID and Device Name for Windows devices.
    • Device ID: Type the ID corresponding to the type that you selected previously for the device.
    • Associated User: Displays the associated user for this device. This field automatically populates with the user that you select.
    • Select domain: Select the domain from which you want to search for an associated user.
    • Search for user Type a full or partial user name in this field and click Search to find a user to associate with this device.
  4. Click Save.

Add devices in bulk

  1. In the Citrix Endpoint Management console, navigate to Manage > Devices > Device Allow List.

    Allowed device configuration screen

  2. Click Import.

    Import allowed devices screen

  3. Click Download to download a template (spreadsheet) for the device allow list. Fill out that spreadsheet and then upload the spreadsheet using Choose File and Import.

Configure bulk enrollment

  1. In the Citrix Endpoint Management console, navigate to Settings > Windows Bulk Enrollment.

  2. In the UPN field, type a user name through which to deploy all devices. The UPN must be a valid user in Citrix Endpoint Management that has the enrollment permissions. You can provide a UPN that is different from the associated user you selected previously.

    Windows Bulk Enrollment configuration screen

    You need the URLs when creating a provisioning package in the Windows Configuration Designer.

  3. Click Save.

Create and apply a provisioning package

To bulk provision devices, download the Windows Configuration Designer from the Microsoft Store. The Windows Configuration Designer creates provisioning packages used to image devices. As part of these packages, you can include Citrix Endpoint Management bulk enrollment configuration settings so that provisioned devices automatically enroll into Citrix Endpoint Management.

For information about using a provisioning package, see https://docs.microsoft.com/en-us/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool. Follow the steps described in the Create and apply a provisioning package for on-premises authentication section in that document. You follow those steps to include the following Citrix Endpoint Management bulk enrollment configuration settings and to apply the package to each device.

  • Discovery service URL.
  • Enrollment service URL.
  • Policy service URL.
  • Secret. Password of the UPN. You previously typed the user name in the UPN field.

Bulk enroll devices out of the box

Citrix Endpoint Management supports bulk enrollment of Windows devices out of the box. Follow these steps to set up and do bulk enrollment:

  1. Use the Citrix Endpoint Management console to add devices (on a per-device basis or in bulk) and to configure bulk enrollment. For more information, see Add devices in bulk and Configure bulk enrollment.

  2. Create a provisioning package, as described in Create, and apply a provisioning package.

    Note:

    You must configure the device name for each device when creating a provisioning package. To do so, in Windows Configuration Designer, navigate to Runtime settings > Accounts > ComputerAccount > ComputerName and specify the name of the device. The device name that you specify for each device must align with the name you used when importing allow list devices.

  3. Place that provisioning package into a USB stick.

  4. Insert the USB stick into the target device the first time that the user turns on the device.

    Windows device automatically finds the provisioning package (.ppkg) on the USB stick. For detailed instructions, see the Microsoft documentation on how to apply a provisioning package during initial setup.

The device automatically enrolls into Citrix Endpoint Management.

For devices running Windows 10(version 2004 or later) or Windows 11, you can simplify the enrollment process by creating only one provisioning package. The package can then be applied to all devices. As a result, you no longer need to create a provisioning package on a per-device basis.

To simplify the enrollment process, do these steps when creating a provisioning package:

  1. In Windows Configuration Designer, navigate to Runtime settings > Accounts > ComputerAccount > ComputerName.
  2. In the ComputerName field, include the following string as part of the device name: %SERIAL%. For example: Surface-%SERIAL%. The string expands to the BIOS serial number of each device.
Enroll Windows devices in bulk