Creating an Enrollment Policy for a Provisioning Package (PPKG) Enrollment Type

About this task

Use this procedure to create a Windows Modern Desktop policy to authenticate and enroll Windows Modern Desktop devices using a provisioning package (PPKG) enrollment type. You may opt to have SOTI MobiControl create a certificate or add your own certificate to the provisioning package.

Procedure

  1. From the main menu, select Policies > Enrollment. The Enrollment Policies view displays.
  2. Select New Enrollment Policy. The Enrollment Policy wizard launches.
  3. Select the Windows > Modern Desktop platform. The General tab displays.
  4. On the General tab, enter a Name and Description for the policy. Make the name brief and informative to distinguish it from others, especially if you plan to create many enrollment policies.
  5. Select Next. The Enrollment Type tab displays.
  6. From Enrollment Type, select Provisioning package.
  7. Set Automate Provisioning Package Enrollment as required:
    • On—The device downloads a provisioning package directly and includes an autogenerated certificate. Complete the Provisioning Package Expiry Date to specify when the package is unusable.
    • Off—Provide an enrollment certificate. Select Browse File to locate the applicable .cer or .cert file.
  8. Select Next. The Groups view displays.
  9. From the Groups view, select a Device Group Destination for enrollment.
    Group selection
  10. Select Next. The Settings view displays.
    Settings options
  11. Update the settings as required.
    Enrolled Device Name Select an identifier for the device.

    Select the gear icon to insert macros to autofill portions of the device name.

    Example: The following example shows device naming using the Enrolled User Username (%ENROLLEDUSER_USERNAME%) macro to generate device names like Ottawa Sales - sarah.

    Sample name with a macro
    Preserve Device Location on Re-enrollment SOTI MobiControl remembers the group membership of the device when it is re-enrolled.
    Preserve Device Name on Re-Enrollment SOTI MobiControl remembers the previously assigned device name when a deleted device is re-enrolled.
    Activation Date Specify the date that activates the policy.
    Activation Time Specify the time that activates the policy.
    Set Deactivation Date Specify the date and time that deactivate the policy.
    Device Enrollment Limit Set the maximum number of devices you can enroll using this enrollment policy.
  12. Select a certificate authentication authority. Select Next.
    Certficate authority selection
    Note: To add or update a certificate authority, select Manage Certificate Authorities. See Certificate Authority Page.
  13. Select Finish. The Enrollment Policy Info window opens.
  14. Set Include MobiControl Root Certificate as required:
    • On—Includes the root certificate in the PPKG.
    • Off—Excludes the root certificate from the PPKG. Use this option if SOTI MobiControl is not using a self-signed certificate.
    Download the provisioning package
  15. Select Download Package to download the PPKG for distribution.
  16. Select Ok.

Results

Your Windows Modern Desktop enrollment policy is complete.

What to do next

Provide the PPKG to the end users and instruct them to complete the steps in Performing a Provisioning Package Enrollment by the User to enroll their devices.