Enrolling Windows Modern Desktop Devices

Before you begin

Ensure you have either configured Windows Notification Services (WNS) or opted out entirely. If you've done neither, you will not be able to proceed.

About this task

Important: This article is specifically for Windows desktop devices running Windows 10. For instructions on enrolling devices running other versions of Windows, see Adding Windows Devices.

In this procedure, you'll learn how to:


Define enrollment settings for Windows Modern Desktop devices
  1. In the SOTI MobiControl legacy console, go to Windows Modern > Rules and right-click Add Devices. Select Create Add Devices Rule to launch the Create Add Devices Rule wizard.
    An add devices rule defines enrollment settings for your devices. You can create multiple add devices rules, each with different enrollment settings. However, you cannot use one add devices rule across multiple platforms.
  2. Enter a name for the add devices rule. Make it brief, but descriptive, especially if you plan to create multiple add devices rules. Click Next.
  3. Choose the destination device groups:
    Based on User Group Membership Devices are placed in groups based on the membership of the user account assigned to each device and the mapping settings you'll apply in the next wizard screen.
    Certificate Based Enrollment Devices are authenticated by a certificate you'll choose on the next wizard screen. This certificate will also be used to target device groups for enrollment.

    Select Automate Certificate Enrollment if you wish to automatically create a distributable PPKG file. See Autogenerate an Enrollment Provisioning Package (PPKG) for additional steps.

    Click Next.

  4. Select a certificate authentication authority. Click Next.
  5. Optional: Enable the Terms and Conditions setting and select a terms and conditions document from the dropdown list. If you haven't uploaded a terms and conditions document yet, click Manage to add a new document. Click Next.
    Device users will be prompted to accept the terms and conditions upon enrollment.
  6. Specify a naming convention for your devices. Use a combination of text and macros to automatically and intelligently name your devices.
    For example, Ottawa Sales %AUTONUM% %ENROLLEDUSER_EMAIL% transforms into Ottawa Sales 001 sarah@organization.com, Ottawa Sales 002 saurabh@organization.com, and so on.
  7. Review your enrollment settings. Click Back to return to a previous screen and make changes or click Advanced to adjust the rule further.
  8. Once you're satisfied with your enrollment settings, click Finish to save your new add devices rule.
Enroll Windows Modern Desktop Devices
  1. Optional: Enable Automatic Server Discovery by creating a DNS record that maps to your SOTI MobiControl server.
    During the enrollment process, a Windows Modern device requests the user's email address. Automatic Discovery takes the domain portion of the email address, prepends the subdomain enterpriseenrollment, and then does a lookup to locate that server so it can attempt a connection. Creating a DNS record that maps back to your SOTI MobiControl server allows devices to automatically detect the server and connect.
    1. Create a DNS entry for enterpriseenrollment.MyCompany.com.
      If possible, use a CNAME record when creating the enterprise enrollment record. CNAME allows you to direct traffic to an A record, which would be your server's fully qualified domain name.
      The Windows Modern device will attempt a connection over SSL (HTTPS) on port 443. If the server certificate is not trusted by the device, the request will fail over to a non-SSL (HTTP) connection on port 80.
  2. On the Windows Modern desktop device, open Settings > Accounts > Access work or school.
  3. Click Connect to launch the Set up a work or school account wizard.
  4. Select one of:
  5. Enter your Azure AD username (for Azure) or your domain name (for local AD) to initiate the enrollment wizard.
  6. Follow the instructions of the wizard, clicking Next as necessary until you are connected to your organization's domain.


Your Windows Modern Desktop devices are now enrolled in SOTI MobiControl.