Register SCCM Devices in AirWatch
In this exercise, we will explore the SCCM console, create a collection in SCCM for Windows 10 devices and finally run a PowerShell script which will register the devices in Airwatch via API.
1. Launch Configuration Manager Console
1.1. Launching Configuration Manager Console
- Launch the SCCM console from the taskbar.
- If the Configuration Manager dialog box appears, click OK.
1.2. Explore SCCM Console
Take a minute to explore the SCCM console. The main components of SCCM are as follows.
- Assets and Compliance – View all the users and devices managed by SCCM.
- Software Library – Deploy applications at a high-level.
- Monitoring – Check status and log files.
- Administration – Perform updates, migrations, update-readiness, and co-management.
2. Create Windows 10 Collection in SCCM
We will now create an SCCM collection containing the devices we want to register in AirWatch. Perform the following steps within the SCCM Console:
- Click Assets and Compliance.
- Expand Overview if it is collapsed.
- Click Devices.
- Right-click on WIN10-01.
- Select Add Selected Items on the context menu.
- Select Add Selected Items to New Device Collection.
This will start the Create Device Collection Wizard.
2.1. Create Device Collection
Do the following in the Create Device Collection Wizard
- For Name enter Win10
- For Comment enter Windows 10 Devices
- Click the Browse button
2.1.1. Choose Device Collection
- Select All Systems
- Click OK to close the Select Collection window
2.1.2. Continue After Defining the Limiting Collection
2.1.3. Create Device Collection - Continued
- Verify WIN10-01 shows under Membership Rules on the Define membership rule for this collection page.
- Click Next.
2.1.4. Confirm the Settings and Continue
2.1.5. Complete and Close the Device Collection Wizard
Click Close to complete the creation of the collection after the Device Collection Wizard finishes.
We will now review the Device Collection we just created.
2.2. Review Win10 Device Collection
- Click on Device Collections
- Double-click the Win10 collection you just created to open it
2.2.1. Verify the Windows 10 Device Exists Within the Collection
Verify that WIN10-01 shows in the Win10 Collection
3. Import Domain User into AirWatch Console
For an upcoming step, we need to import a domain user that will be associated with the SCCM device when we do the AirWatch pre-registration. This will utilize the VMware Enterprise Systems Connector and Directory Services, which has already been configured for you.
In the AirWatch Console,
- Click Add.
- Click User.
3.1. Import the aduser Directory User
- Select Directory for the Security Type.
- Enter "aduser" for the Username.
- Click Check User.
3.2. Confirm User Import and Save
- Confirm the aduser is found and imported.
- Click Save.
4. Execute the Auto Registration Script
We will now execute the SCCM to AirWatch Auto Registration script to pre-register the SCCM devices in the Win10 collection into AirWatch. This will allow us to deploy the AirWatch agent via SCCM silently to these devices using a staging account. Upon enrollment, the devices will be associated with user specified in the pre-registration process.
The SCCM to AirWatch Auto Registration script has already been downloaded and included for you on the Desktop of your SCCM Server under the SCCM to AirWatch Auto Registration folder. Outside of the lab, this script is available for download at
4.1. Run Script with PowerShell
- Click the PowerShell icon on the taskbar to open the PowerShell Console.
cd '.\Desktop\SCCM to AirWatch Auto Registration'and press enter to switch to the downloads folder.
powershell -executionpolicy bypass -file .\Register-SCCM-Devices.ps1and press enter to run the device registration script.
4.2. Enter script parameters
Enter the following script parameters
- Enter "Win10" for the SCCMCollectionname and press enter.
- Enter "https://v92.airwlab.com" for the AirWatchServer and press enter.
- Enter your email address that you have associated with your VMware Learning Platform (VLP) account and press enter. This was the same email used to login to the AirWatch Console in previous steps.
- Enter "VMware1!" for the AirwatchPW and press enter.
We now need to switch back to the AirWatch console to retrieve the API Key.
4.3. Retrieve the REST API Key
In the AirWatch Console,
- Click Groups & Settings.
- Click All Settings.
4.4. Copy the REST API Key
- Click System.
- Click Advanced.
- Click API.
- Click REST API.
- Click and drag to highlight the API Key text for the AirWatchAPI service.
- Right-click and select Copy.
- Click Close.
4.5. Paste the Copied API Key
- Return to the PowerShell Terminal by clicking the PowerShell icon from the task bar.
- Paste the copied API Key for the AirwatchAPIKey parameter by right-clicking, then press Enter.
Return back to the AirWatch console to retrieve the final required parameter, the OrganizationGroupName.
4.6. Retrieve Group ID from AirWatch and Execute Script
In the AirWatch console,
- Click on the area at the top which shows your email address
- A box will pop down with the Organization Group and Group ID. Note your Group ID. We will now enter this Group ID into the PowerShell script
4.7. Enter the Group ID for the PowerShell Script Parameter
- Switch back to the PowerShell script by clicking the PowerShell icon from the task bar.
- Enter your Group ID, then press enter to run the script.
The script will create a device registration for the device in the Win10 SCCM Collection and associate it with the primary user imauser.
4.8. Review the PowerShell Script Output
- The script returns all devices in the SCCM collection. In this case, we only have one device Win10-01. It will determine if the device is an SCCM client or not and then check the user.
- If defined, it will use the SCCM primary user for the device as part of the association. If one doesn't exists, it will use the last logged on user.
- If no device registration exists, one will be created with the serial number of the device and the user which was identified. If a device registration exists under a different username, it will be updated to the current username.
Let's now review the created device registration in the AirWatch console.
4.9. Review the Device Registration in the AirWatch Console
We will now review the device registration we created using the PowerShell script. It should match the name, serial number and user which we specified in the script. This will allow us to deploy and AirWatch agent and silently enroll the device with a staging account.
Return the the AirWatch console and do the following:
- Click Devices.
- Click Lifecycle.
- Click Enrollment Status.
- You should see the registration listed. Click on the WIN10-01 link for more details
4.10. Confirm the Device and User Information
- Review the Device Info. Confirm that the Friendly Name matches the record from SCCM. Notice that our Serial Number displayed in the PowerShell script is also listed.
- Review the User Info. Confirm that the user details match our imauser record we imported earlier.
We will now create a staging account which we will use later to deploy the AirWatch agent and enroll the device.
5. Register a Staging Account
Next, register a staging account to use in a later exercise. In the AirWatch console,
- Click Add.
- Click User.
5.1. Add Staging Account
- Click the General tab.
- Ensure Basic is selected for the Security Type.
- Enter "StagingWin10" for User name.
- Enter "VMware1!" for Password.
- Enter "VMware1!" to confirm the password.
- Enter "Staging" for First Name.
- Enter "W10" for Last Name.
- Enter "[email protected]" for Email address.
5.2. Select Advanced
Select the Advanced tab.
5.3. Finish Configuration and Save Staging Account
- Scroll down to find the Staging section.
- Expand the Staging section
- For Enable Device Staging, select Enabled.
- For Single User Devices, select Enabled.
- Click Save.