Windows 10 Work Access Enrollment
Device enrollment establishes the initial communication with AirWatch to enable Mobile Device Management (MDM). The enrollment methods for Windows Desktop focus on adding features and functionality depending on how devices are enrolled.
All Windows Desktop enrollments use the native device management app to complete the enrollment process. Windows Auto-Discovery is an optional method of enrolling devices that only requires the end-user's email address to begin the enrollment process.
Enrollment can also require the enabling (console checkbox) of the AirWatch Protection Agent. This agent adds endpoint security to your Windows Desktop devices to ensure your data and devices remain secure wherever the device may go. The AirWatch Protection Agent for Windows Desktop co-opts the native Windows Desktop functionality such as BitLocker encryption, Windows Firewall, and Windows Automatic Updates to keep devices secure and up-to-date.
1. Finding your Group ID
The first step is to make sure you know what your Organization GroupID is.
- To find the Group ID, hover your mouse over the GroupID tab at the top of the screen. Look for the email address you used to log in to the lab portal.
- The GroupID will be displayed under the Organization Group name. The GroupID is required when enrolling your device.
2. Work Access Enrollment
2.1. Launching Settings
- Click on Start logo
- Click on Settings icon
2.2. Accessing Accounts
- Click on the Accounts icon.
2.4. Connecting to Windows Auto Discovery Service
For the workshop we will be using a static email address. This is NOT your email address that you used to login to the lab environment. The reason for this is that there is a Windows Auto-Discovery Service (WADS) setup for this email domain which will point your device to the AirWatch Hands-On-Lab environment that was specifically created for this event. Normally, your user community would enter their corporate email address which would then point their device to your AirWatch environment. If you choose not to use a WADS server then the user would be forced to enter the enrollment URL manually.
- Enter the email address "[email protected]"
- Click on the Next button.
2.5. Group ID
- Enter the Group ID from the beginning of this section in the Group ID field
- Click Next
2.6. Username and Password
- Enter the testuser in the "Username" field
- Enter the VMware1! in the "Password" field
- Click Next
2.7. Remember Sign-In Info
- Click Skip to not remember sign-in info
2.8. Complete Enrollment
- Click Done
2.9. Close Settings
- Close the Settings page by clicking on the X in the upper right corner.
2.10. Allowing Application to Make Changes
You may be prompted by User Account Control (UAC) to allow the app to make changes to your PC. If so, click Yes.
3. Confirm MDM Enrollment
3.1. Selecting Cortana
- Click on Start logo.
- Click on Cortana in the apps list.
3.2. Cortana Disabled
You should see the message "Sorry, but your company policy prevents me from working."
3.3. Confirming Cortana is Disabled
For further confirmation, click on the Gear icon and you will see that "Cortana is disabled by company policy" and the slider switch to enable Cortana will be grayed out.
3.4. Open Google Chrome
Prior to enrollment, Chrome was not installed on this computer. After enrollment you should see the Chrome icon on the desktop.
3.5. Open Notifications
Click on the "Notifications" icon by the clock in the system tray.
3.6. Launch the VPN Application
Click VPN
3.7. Connect to VPN
- Click on Windows VPN
- Click Connect
3.8. Sign In to the VPN
- Enter testuser in the username field.
- Enter "VMware1!" in the password field.
- Click OK
3.9. VPN Connection Confirmation
After authentication you will see the message "Connected" for the "Windows VPN".
3.10. Close the Settings Page
Click on the X in the upper right corner to close the Settings Page.
Note: When we created our Per-App VPN profile, we assigned some traffic rules to AirWatch Browser and IE. If you have extra time you can see if these traffic rules work.
3.11. Windows Information Protection
If you have time, you can also open Notepad and save a document. Notice the document is auto encrypted and displays a briefcase. You can also try to copy text from Notepad into another application and this action will be blocked.