Enroll Windows Devices in Bulk Using Provisioning Package
A provisioning package (.ppkg) is a container for a collection of configuration settings and can be created using the Windows Configuration Designer tool. Once a provisioning package has been created, you can use it to enroll Windows 10 or later devices in bulk to SureMDM.
Create and Import a Provisioning Package using Windows Configuration app
Provisioning packages can be created and customized using tools provided by Microsoft, such as Windows Configuration Designer. These tools allow administrators to specify settings for features such as software installation, network connectivity, security policies, and user accounts. Once a provisioning package is created, it can be deployed to devices in bulk. The devices will then automatically apply the settings and configurations specified in the package.
To create and import a provisioning package (.ppkg), follow these steps:
- Launch the Windows Configuration Designer app.
If the Windows Configuration Designer app is not installed on your system, download the app from Microsoft Store.
- On the Windows Configuration Designer window, select Advanced Provisioning.
- On the New Project dialog box, enter the Project Name, Browse and choose a folder to save the project, enter the project Description, and then click Next.
- Select All Windows desktop editions and click Next.
- Click Finish.
Browse and import the .ppkg file (if available).
The newly created project will be displayed on the Windows Configuration Designer screen, as shown in the screenshot below:
- Click Runtime Settings > Workplace > Enrollments.
- nter UPN and click Add.
To get the UPN value, navigate to the SureMDM Web Console > Settings > Account Settings > Windows Management > Windows Enrollment.
The newly added UPN will appear under Workplace > Enrollments.
- Click the UPN and fill in the following details:
AuthPolicy - Onpremise
DiscoveryServiceFullUrl
EnrollmentServiceFullUrl
PolicyServiceFullUrl
Secret - \<SureMDM Account Password>:\<SureMDM Account ID>
Navigate to Settings on the top right corner in the SureMDM console to get the Account ID
To get the values of DiscoveryServiceFullUrl, EnrollmentServiceFullUrl, and PolicyServiceFullUrl, navigate to the SureMDM Web Console > Settings > Account Settings > Windows Management > Windows Enrollment > Staging and Provisioning, and copy the values.
- Go to File and click Save to save the project.
- Click Export > Provisioning package.
- After the Provisioning Package is selected from the Export menu, the below screen appears. Click Next.
- Select the Encrypt Package and enter the desired Encryption password.
You can skip this step if you don’t want to encrypt the package.
- Browse and select the folder/removable media disk to save the package file, and then click Next > Build > Finish.
The provisioning package (.ppkg) file will be saved in the specified location.
Importing the Provisioning Package for Enrollment
To enroll devices in bulk using a provisioning package, follow these steps:
1. On the Removable Media / External USB device, only the Runtime Provisioning Tool file should be copied from the local drive (path where the package is stored).
- Below is the Local Drive screenshot:
- Below is the USB Drive screenshot:
The SureMDM Test (RunTime Provisioning Tool) file type is copied from the Local drive to the USB Drive as shown in the above screenshot.
- Navigate to the device’s Settings > Accounts > Access work or school.
- Click Add or remove a provisioning package > Add a package, select the package created from the removable media, and then click Add.
A password prompt appears to prompt you to enter the encryption password. Once the user enters the correct encryption password, the package is decrypted.
The prompt appears only when Encrypt Package is enabled and the Encryption Password is set. Refer to step no. 12 under the section Creating a Provisioning Package using Windows Configuration Designer App.*
- Click “Yes, add it” in the prompt popup.
Once this is done, the device will enroll in EMM mode and be added to the grid.
- To verify this, go to the device’s Settings > Accounts > Access work or school. Here you can see the device enrolled in EMM mode:
