Enroll SCCM Devices in Workspace ONE UEM with AirLift

In this exercise, you will configure a SCCM Enrollment application for your Workspace ONE UEM tenant and then deploy the application to the AirLift Collection that you have enabled for Co-Management.

1. Create Enrollment Application in AirLift

In the AirLift Console in Chrome,

  1. Click Settings.
  2. Click Enrollment.
  3. Select No for Use Exiting Enrollment Application.
  4. Enter Workspace ONE Enrollment.
  5. Select your VLP email address from the Organization Group dropdown.
  6. Enter StagingUser
  7. Enter VMware1!
  8. Enter labs.awmdm.com
  9. Check the Include Workspace ONE App option.  This option will automatically install the Workspace ONE app if it is not present on the device.
  10. Un-check the Include SCCM Integration Client option, this client is only needed when using pre-1709 Windows 10 and pre-1710 SCCM.
  11. Click Show.

1.1. Copy the Agent Install Command Line

  1. Click and drag and highlight the Agent Install Command Line.
  2. Right-click the highlighted text and click Copy.

You will modify and use this copied text in an upcoming step.

1.2. Enter the Enrollment Application Content Location

  1. Enter \\SCCM-01A\SCCMPackages\WS1 for Content Location. The needed files have been pre-staged at this location for your convenience.
  2. Click Create.

1.3. Confirm Application Creation

Click Proceed.

2. Review and Modify Workspace ONE Enrollment Application

The following steps involving modifying the Workspace ONE Enrollment app are not needed in production. However, you will need to update the install command-line for this lab.

2.1. Update Install Command Line

  1. Right-Click the Windows button.
  2. Click Search.
  3. Enter Notepad for the search.
  4. Click the Notepad application.

2.2. Paste the Copied Install Command Line Text

  1. Click Edit.
  2. Click Paste.
  3. Click Format.
  4. Click Word Wrap to enable wrapping.

2.3. Locate the LGName property

You will need to update the LGNAME value in our copied install command line to match your Group ID from the Workspace ONE UEM Console.  Continue to the next step to find the Group ID value to use here.

2.4. Obtain your Group ID from the Workspace ONE UEM Console

Finding your Group ID

In the Workspace ONE UEM Console,

  1. Click on your Organization Group name.
  2. Copy your Group ID value.  In this example, the Group ID is yourid1234.

2.5. Update the LGNAME Value

Update the LGNAME value with your Group ID from the Workspace ONE UEM Console.  DO NOT use yourid1234 as shown, be sure to use your own Group ID.

2.6. Copy the Updated Install Command Line Text

  1. Click Edit.
  2. Click Select All.
  3. Click Edit.
  4. Click Copy.

3. Review and Modify Properties of Workspace ONE Enrollment Application

  1. Click the SCCM Console icon from the task bar.
  2. Click Software Library.
  3. Expand Application Management.
  4. Click Applications.
  5. If you do not see the Workspace ONE Enrollment application in the list, you may need to click the Refresh button.
  6. Right-Click the Workspace ONE Enrollment application.
  7. Click Properties.

3.1. Edit the Workspace ONE Enrollment Windows Installer

  1. Click the Deployment Types tab.
  2. Select the Workspace ONE Enrollment - Windows Installer x64 (*.msi file).
  3. Click the Edit button.

3.2. Replace the Installation Program Command

  1. Click the Programs tab.
  2. In the Installation program text box, remove ALL existing text and paste your copied install command.
  3. Click OK.

3.3. Save the Deployment Types Changes

Click OK again to save your changes.

4. Enroll Members of the Win10 Collection into Workspace ONE UEM

Now that we have create the Workspace ONE Enrollment app using AirLift and mapped our Win10 device collection to the AirLift Smart Group, we will leverage AirLift to automatically onboard our Win10 collection devices into Workspace ONE UEM.

4.1. Enroll the Win10 Collection into Workspace ONE UEM

In the AirLift Console in Chrome,

  1. Click Collections.
  2. Click the checkbox next to the Win10 collection.
  3. Click the Enroll button.

4.2. Confirm Devices Affected

Click the Enroll button to confirm the enrollment - notice 1 Device will be affected.

4.3. Review Enrollment Confirmation

Review enrollment confirmation, the devices in the Win10 collection have begun enrollment.

5. Review Enrollment Application Deployment in SCCM

Back in the SCCM Console, ensure the Workspace ONE Enrollment app is selected.

  1. Click on the SCCM Console icon on the task bar.
  2. Ensure the Workspace ONE Enrollment app is still selected.
  3. Click on the Deployments tab.
  4. Notice there is a deployment which was created by AirLift.  This deployment is mandatory and automatic and targets the Win10 collection.

6. Return to the Main Console

Click the Close (X) button to return to the Main Console.

7. Connect to Windows 10 Device

Double-click the Win10-01a.rdp shortcut on the desktop of the Main Console.

8. Modify Internet Options for Windows Enrollment

Before enrolling the Windows 10 Virtual Machine, we will make a modification to prevent issues with the Hands on Labs firewall causing a delay in the enrollment process.

8.1. Open Settings

  1. Click the Windows button.
  2. Click the Settings (Gear) icon.

8.2. Open Internet Options

  1. Type Internet Options in the search bar.
  2. Click Internet Options from the results list.

8.3. Modify the Certificate Revocation Options

  1. Click the Advanced tab.
  2. Scroll down to find the Security section.
  3. Uncheck the Check for publisher's certification revocation option.
  4. Uncheck the Check for server certificate revocation option.
  5. Click Apply.
  6. Click OK.

9. Launch Configuration Manager

Double-click the Configuration Manager shortcut on the desktop of the Windows 10 device.

9.1. Force policy update on SCCM Client

We will now force a policy retrieval cycle on the SCCM client in order to speed up the process of receiving the deployment and enrolling the device into Workspace ONE UEM.

  1. Click the Actions tab.
  2. Select Machine Policy Retrieval & Evaluation Cycle.
  3. Click the Run Now button.

9.2. Confirm the Cycle Prompt

Click OK to confirm the cycle may take several minutes to complete.

10. Monitor Enrollment into Workspace ONE

Watch for the AirWatch Enrollment icon on the desktop of the Windows 10 system.

The deployment will run automatically and should happen fairly quickly.  If you watch the desktop of the Windows 10 client, you will see the AirWatch Enrollment icon appear on the desktop.  This means the enrollment process is is running.  This process should only take a few minutes at most to complete.

11. Verify via Software Center

Click the icon shortcut on the taskbar of the Windows 10 device to launch the SCCM Software Center.

11.1. Software Center

We can also verify that the deployment has been received on the Windows 10 client by reviewing the SCCM Software Center

  1. Click the Applications tab.
  2. Notice the Workspace ONE Enrollment deployment has been received on the Windows 10 client.

You don't need to run the deployment manually.  It will execute automatically.

12. Enter Agent User Credentials

Since the install command line was setup to use a staging user account (named StagingUser), you will now need to provide your user credentials as part of the enrollment.

  1. Enter aduser for the Username.
  2. Enter VMware1! for the Password.
  3. Click Submit.

NOTE: The user is only prompted for credentials due to the architecture of this lab.  In real deployments where the VMware Enterprise Systems Connector is installed at the Customer organization group and has access to the domain controller, the user would not need to enter credentials.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.