Windows 10 Work Access Enrollment

Device enrollment establishes the initial communication with AirWatch to enable Mobile Device Management (MDM). The enrollment methods for Windows Desktop focus on adding features and functionality depending on how devices are enrolled.

All Windows Desktop enrollments use the native device management app to complete the enrollment process. Windows Auto-Discovery is an optional method of enrolling devices that only requires the end-user's email address to begin the enrollment process.

Enrollment can also require the enabling (console checkbox) of the AirWatch Protection Agent. This agent adds endpoint security to your Windows Desktop devices to ensure your data and devices remain secure wherever the device may go. The AirWatch Protection Agent for Windows Desktop co-opts the native Windows Desktop functionality such as BitLocker encryption, Windows Firewall, and Windows Automatic Updates to keep devices secure and up-to-date.

1. Finding your Group ID

Finding your Group ID

The first step is to make sure you know what your Organization GroupID is.

  1. To find the Group ID, hover your mouse over the GroupID tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. The GroupID will be displayed under the Organization Group name. The GroupID is required when enrolling your device.

2. Work Access Enrollment

2.1. Launching Settings

Launching Settings
  1. Click on Start logo
  2. Click on Settings icon

2.2. Accessing Accounts

Accessing Accounts
  1. Click on the Accounts icon.

2.3. Access Work or School

  1. Click on Access work or school
  2. Click on Enroll only in device management

2.4. Connecting to Windows Auto Discovery Service

Connecting to Windows Auto Discovery Service

For the workshop we will be using a static email address.   This is NOT your email address that you used to login to the lab environment.   The reason for this is that there is a Windows Auto-Discovery Service (WADS) setup for this email domain which will point your device to the AirWatch Hands-On-Lab environment that was specifically created for this event.    Normally, your user community would enter their corporate email address which would then point their device to your AirWatch environment.    If you choose not to use a WADS server then the user would be forced to enter the enrollment URL manually.

  1. Enter the email address ""
  2. Click on the Next button.

2.5. Group ID

Group ID
  1. Enter the Group ID from the beginning of this section in the Group ID field
  2. Click Next

2.6. Username and Password

Username and Password
  1. Enter the testuser in the "Username" field
  2. Enter the VMware1! in the "Password" field
  3. Click Next

2.7. Remember Sign-In Info

Remember Sign-In Info
  1. Click Skip to not remember sign-in info

2.8. Complete Enrollment

Complete Enrollment
  1. Click Done

2.9. Close Settings

Close Settings
  1. Close the Settings page by clicking on the X in the upper right corner.

2.10. Allowing Application to Make Changes

Allowing Application to Make Changes

You may be prompted by User Account Control (UAC) to allow the app to make changes to your PC.   If so, click Yes.

3. Confirm MDM Enrollment

3.1. Selecting Cortana

Selecting Cortana
  1. Click on Start logo.
  2. Click on Cortana in the apps list.

3.2. Cortana Disabled

Cortana Disabled

You should see the message "Sorry, but your company policy prevents me from working."

3.3. Confirming Cortana is Disabled

Confirming Cortana is Disabled

For further confirmation, click on the Gear icon and you will see that "Cortana is disabled by company policy" and the slider switch to enable Cortana will be grayed out.

3.4. Open Google Chrome

Open Google Chrome

Prior to enrollment, Chrome was not installed on this computer.   After enrollment you should see the Chrome icon on the desktop.

3.5. Open Notifications

Open Notifications

Click on the "Notifications" icon by the clock in the system tray.

3.6. Launch the VPN Application

Launch the VPN Application

Click VPN

3.7. Connect to VPN

Connect to VPN
  1. Click on Windows VPN
  2. Click Connect

3.8. Sign In to the VPN

Sign In to the VPN
  1. Enter testuser in the username field.
  2. Enter "VMware1!" in the password field.
  3. Click OK

3.9. VPN Connection Confirmation

VPN Connection Confirmation

After authentication you will see the message "Connected" for the "Windows VPN".

3.10. Close the Settings Page

Close the Settings Page

Click on the X in the upper right corner to close the Settings Page.

Note: When we created our Per-App VPN profile, we assigned some traffic rules to AirWatch Browser and IE. If you have extra time you can see if these traffic rules work.

3.11. Windows Information Protection

If you have time, you can also open Notepad and save a document. Notice the document is auto encrypted and displays a briefcase. You can also try to copy text from Notepad into another application and this action will be blocked.