ConfigMgr vNext feature: Windows 10 Bulk enrollment

Provisioning packages in Windows 10 is a really cool new feature which has great potential both for configuring Windows 10 and to assist in the deployment. Configuration Manager vNext has a great new feature as well which is Bulk enrollment of Windows 10 devices, Technical Preview 3 support Windows 10 Desktop edition, but let us all hope it will support Windows 10 Mobile as well when it is released. It is great news that we will get Bulk enrollment of Windows 10 devices!

It can be used to import a Trusted Root certificate, Wi-Fi Profile and enroll the device either in the cloud or On-Prem MDM which is new as well in Configuration Manager vNext. Panu and Kent has written a great blog post on how to get started with On-Prem MDM in Configuration Manager vNext Technical Preview, http://blog.coretech.dk/kea/install-and-configure-on-prem-mobile-device-management-mdm-with-configmgr-vnext-tp3/ I had the same issue as they are explaining as well that my CRL lists where not accessible to non-domain clients and then you cannot enroll a Windows 10 using the MDM agent in Windows 10.

What I will focus on here is the new Bulk Enrollment feature. It is configured in the Configuration Manager vNext Admin Console, before we start note the following:

• Configuration Manager vNext Technical preview must be installed and configured to support On-Prem MDM
• You MUST start the Console with right-click and “Run as Administrator” otherwise creation of the Provisioning Package will fail.
• A Trusted Root Certificate must be imported before starting the wizard under Compliance Settings, Company Resource Acess, Certificate Profiles.

Under All Corporate-owned Devices we have a new option under Windows, Enrollment profile.

We select Create Enrollment Profile in the menu. In the next dialog we can choose either On-Premise or Cloud.

We select which proxy enrollment point the Windows 10 client we run the provisioning package on should use.

We select the Root Certificate that should be imported as part of the enrollment process so that the Windows 10 client trust the certificate that is used for the roles in the Configuration Manager site that uses HTTPS.

Now we have a enrollment profile that we want to export to a provisioning package, that is achieved by selecting the enrollment profile and select export.

Then we have two files in that folder which makes up the provisioning package.

We then copy the files to a USB drive or locally on the Windows 10 computer and launch the provisioning package and we are presented with a dialog with what the package will do to the client.

After launching it we wait a minute before we open Work Access under Settings, Account in the Windows 10 client. There we now can see that the enrollment process is successful. Note that as it is enrolled as a Corporate owned device it has no username associated with it.

The provisioning package created can be opened using the Windows Imaging and Configuration Designer, you will get a warning that not all settings can be read.
After opening it we can see which feature in WICD that is used to do the Bulk enrollment which is shown below.

I am really looking forward to when we can start using this live to enroll Windows 10 devices in Intune and Configuration Manager vNext ON-Prem MDM will be really cool. Then we can have a single provisioning package that can configure the device and enroll it in Intune. 😀