Creating an Enrollment Policy for a Directory Enrollment Type
Before you begin
Important: This article is for Windows
desktop devices running Supported Windows Versions for Windows Modern Desktop.
For instructions on enrolling devices running other versions of Windows, see Adding Windows Devices.
About this task
Use this procedure to create a policy to enroll Windows Modern Desktop devices using
a directory enrollment type that maps LDAP user groups to SOTI MobiControl device groups.
Note: The persons
enrolling their devices must be members of the LDAP user group. Users are part
of every enrollment policy involving an LDAP group of which they are a member.
Only the oldest active policy applies to the user.
Procedure
- From the main menu, select Enrollment Policies view displays. . The
- Select New Enrollment Policy. The Enrollment Policy wizard launches.
- Select the General tab displays. platform. The
- On the General tab, enter a Name and Description for the policy. Make the name brief and informative to distinguish it from others, especially if you plan to create many enrollment policies.
- Select Next. The Enrollment Type tab displays.
- From Enrollment Type, select Directory.
- Select Next. The Groups view displays.
-
From the Groups view, select to add LDAP user groups.
-
For each group, select a Device Group destination for
enrollment or select Block Access to prevent a user group
from membership in a device group under this policy.
Note: LDAP user groups included in other enrollment policies are not selectable.
-
Select Next. The Settings view
displays.
-
Update the settings as required.
Enrolled Device Name Select an identifier for the device. Select the gear icon to insert macros to autofill portions of the device name.
Example: The following example shows device naming using the Enrolled User Username (
%ENROLLEDUSER_USERNAME%
) macro to generate device names like Ottawa Sales - sarah.Cache Password Caches the LDAP password entered by the device user during enrollment for 10 minutes. During this time, profiles targeting the device with configurations requiring account credentials (Email, VPN, WiFi, etc.) includes the cached password in the configuration. This avoids repeat prompting for the same credentials. Preserve Device Location on Re-enrollment SOTI MobiControl remembers the group membership of the device when it is re-enrolled. Preserve Device Name on Re-Enrollment SOTI MobiControl remembers the previously assigned device name when a deleted device is re-enrolled. Activation Date Specify the date that activates the policy. Activation Time Specify the time that activates the policy. Set Deactivation Date Specify the date and time that deactivate the policy. Device Enrollment Limit Set the maximum number of devices you can enroll using this enrollment policy. -
Select a certificate authentication authority. Select
Next.
Note: To add or update a certificate authority, select Manage Certificate Authorities. See Certificate Authority Page.
- Select Finish. The Enrollment Policy Info window opens.
-
Copy the MDM server URL required for distribution to users.
Note: Give the MDM server URL to the user to complete the full enrollment URL. The final format of the URL is
https://<MDM server URL>/mc/enroll/
. You may also find the enrollment URL in the enrollment policy details. - Select Ok.
Results
Your Windows Modern Desktop enrollment policy is complete.