Enroll SCCM Devices in Workspace ONE UEM with AirLift

In this exercise, you will configure a SCCM Enrollment application for your Workspace ONE UEM tenant and then deploy the application to the AirLift Collection that you have enabled for Co-Management.

1. Create Enrollment Application in AirLift

In the AirLift Console in Chrome,

  1. Click Settings.
  2. Click Enrollment.
  3. Select No for Use Exiting Enrollment Application.
  4. Enter Workspace ONE Enrollment.
  5. Select your VLP email address from the Organization Group dropdown.
  6. Enter StagingUser
  7. Enter VMware1!
  8. Enter labs.awmdm.com
  9. Check the Include Workspace ONE App option.  This option will automatically install the Workspace ONE app if it is not present on the device.
  10. Un-check the Include SCCM Integration Client option, this client is only needed when using pre-1709 Windows 10 or pre-1710 SCCM.
  11. Click Show.

1.1. Review Agent Install Command Line

Notice, Workspace ONE AirLift will display the Agent Install Command Line that will be used in the Workspace ONE Enrollment app for your reference.

  1. Click the tooltip for Content Location, notice it says to copy the Workspace ONE Enrollment Application files from the AirLift install directory to the SCCM UNC share.

1.2. Copy Enrollment Application Files into UNC Share

  1. Enter C:\Program Files\VMware\VMware AirLift\Workspace ONE Enrollment Application into the file directory text box, then press Enter.
  2. Select all of the files, then right click.
  3. Click Copy.

1.3. Transfer Workspace ONE Enrollment files to UNC Share

  1. Enter \\SCCM-01A\SCCMPackages\WS1 in the file directory text box, then press Enter.
  2. Right click then select Paste.
  3. Click on the X in the top right corner of the File Explorer window.

1.4. Enter the Enrollment Application Content Location

  1. Enter \\SCCM-01A\SCCMPackages\WS1 for Content Location.
  2. Click Create.

1.5. Confirm Application Creation

Click Proceed.

1.6. Validate Workspace ONE Enrollment Application

  1. Click the SCCM Console icon from the task bar.
  2. Click Software Library.
  3. Expand Application Management.
  4. Click Applications.
  5. If you do not see the Workspace ONE Enrollment application in the list, you may need to click the Refresh button.

Notice we now see the Workspace ONE Enrollment app which was automatically created with all of the correct values to enroll devices.

2. Enroll Members of the Win10 Collection into Workspace ONE UEM

Now that we have create the Workspace ONE Enrollment app using AirLift and mapped our Win10 device collection to the AirLift Smart Group, we will leverage AirLift to automatically onboard our Win10 collection devices into Workspace ONE UEM.

2.1. Enroll the Win10 Collection into Workspace ONE UEM

In the AirLift Console in Chrome,

  1. Click Collections.
  2. Click the checkbox next to the Win10 collection.
  3. Click the Enroll button.

2.2. Confirm Devices Affected

Click the Enroll button to confirm the enrollment - notice 1 Device will be affected.

2.3. Review Enrollment Confirmation

Review enrollment confirmation, the devices in the Win10 collection have begun enrollment.

3. Review Enrollment Application Deployment in SCCM

Back in the SCCM Console, ensure the Workspace ONE Enrollment app is selected.

  1. Click on the SCCM Console icon on the task bar.
  2. Ensure the Workspace ONE Enrollment app is still selected.
  3. Click on the Deployments tab.
  4. Notice there is a deployment which was created by AirLift.  This deployment is mandatory and automatic and targets the Win10 collection.

4. Return to the Main Console

Click the Close (X) button to return to the Main Console.

5. Connect to Windows 10 Device

Double-click the Win10-01a.rdp shortcut on the desktop of the Main Console.

5.1. Launch Configuration Manager

Double-click the Configuration Manager shortcut on the desktop of the Windows 10 device.

5.2. Force policy update on SCCM Client

We will now force a policy retrieval cycle on the SCCM client in order to speed up the process of receiving the deployment and enrolling the device into Workspace ONE UEM.

  1. Click the Actions tab.
  2. Select Machine Policy Retrieval & Evaluation Cycle.
  3. Click the Run Now button.

5.3. Confirm the Cycle Prompt

Click OK to confirm the cycle may take several minutes to complete.

6. Monitor Enrollment into Workspace ONE

Watch for the AirWatch Enrollment icon on the desktop of the Windows 10 system.

The deployment will run automatically and should happen fairly quickly.  If you watch the desktop of the Windows 10 client, you will see the AirWatch Enrollment icon appear on the desktop.  This means the enrollment process is is running.  This process should only take a few minutes at most to complete.

7. Verify via Software Center

Click the icon shortcut on the taskbar of the Windows 10 device to launch the SCCM Software Center.

7.1. Software Center

We can also verify that the deployment has been received on the Windows 10 client by reviewing the SCCM Software Center

  1. Click the Applications tab.
  2. Notice the Workspace ONE Enrollment deployment has been received on the Windows 10 client.

You don't need to run the deployment manually.  It will execute automatically.

8. Enter Agent User Credentials

Since the install command line was setup to use a staging user account (named StagingUser), you will now need to provide your user credentials as part of the enrollment.

  1. Enter aduser for the Username.
  2. Enter VMware1! for the Password.
  3. Click Submit.

NOTE: The user is only prompted for credentials due to the architecture of this lab.  In real deployments where the VMware Enterprise Systems Connector is installed at the Customer organization group and has access to the domain controller, the user would not need to enter credentials.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.