Enrolling Windows devices
KACE Cloud allows you to manage Microsoft Windows devices, to ensure they are secure and compliant with your policies, and also to prevent their data from being exposed to unauthorized users. This topic provides high-level instructions that allow you to start managing your MS Windows devices.
Windows device administrators can choose from a number of different enrollment flows largely depending on their domain type:
- Azure AD domains: Cloud-based Azure Active Directory (AD) domains for provisioning users, apps and devices.
- On-prem AD domains: In an on-prem AD domain, user account data is available to internal network users and administrators.
- Hybrid Azure AD domains: A collection of cloud-based Azure AD and on-prem AD domains.
There are several areas of focus as you configure the enrollment of your Windows devices in KACE Cloud: Understanding how different ways to join a domain affect device enrollment, setting your company and personal device enrollment types, setting up Autopilot enrollment (for company devices), and enrolling devices in KACE Cloud.
The following procedures summarize the steps for enrolling your target Windows devices. The path you choose depends on your domain type:
Azure AD domains
- Automatically connect KACE Cloud and Azure AD.
With KACE Cloud listed as a cloud-based MDM solution in the Azure AD app gallery, connect KACE Cloud to your Azure AD subscription. See detailed instructions here.
- New devices: Use Windows Autopilot to join devices.
Use Windows Autopilot to set up all set up all configurations on a company-owned device so that the end user only has to open their new device and log in. See this topic for more details.
- Existing devices:
- Configure manual enrollment to join devices.
Use the KACE Cloud Windows Manual Enrollment page to elect the method that both company and personal devices will use for manual enrollment. See detailed instructions here.
- Enroll Windows devices.
Provide the end user with enrollment instructions. You can find them in KACE Cloud, in the Enroll Devices view when you select Windows. See detailed instructions here.
- Configure manual enrollment to join devices.
On-prem domains
- Create a Windows provisioning package.
You can use the Windows Configuration Designer to create an encrypted Windows provisioning package (.ppkg).
- Deploy newly created provisioning package to managed Windows devices.
Run the generated .ppkg file on target devices, or use an automated deployment tool such as KACE SMA or KACE SDA.
See detailed instructions here.
- Enroll Windows devices.
Provide the end user with enrollment instructions. You can find them in KACE Cloud, in the Enroll Devices view when you select Windows. See detailed instructions here.
Hybrid Azure AD domains
- Automatically connect KACE Cloud and Azure AD.
With KACE Cloud listed as a cloud-based MDM solution in the Azure AD app gallery, connect KACE Cloud to your Azure AD subscription.
- New devices:
Azure AD domains: Use Windows Autopilot to join devices.
On-prem domains: Deploy provisioning packages and enroll Windows devices.
- Existing devices: Add target devices to hybrid Azure AD domains.
When you link Azure AD with an existing on-prem AD domain, you can then integrate KACE Cloud with Azure AD to allow users to sign in to KACE Cloud using their managed Azure AD accounts through the SAML protocol. Next, create an Active Directory group policy and set it up to join existing on-prem devices to KACE Cloud and Azure. Finally, sign in to the device with the Azure AD account. See detailed instructions here.