Enrollment Processes
In addition to your provided company requirements for device management, our operations team may require additional information from your company to complete the full enrollment process.
We have documented the general processes of the most common device management softwares to share what to expect. These processes may deviate depending on your company and device requirements. If any additional information is needed, your Customer Success Manager will be in contact with you.
Apple Business Manager
Apple Business Manager (ABM) is a web-based platform designed for businesses and organizations to manage and deploy Apple devices. ABM allows administrators to:
- Enroll new devices in Mobile Device Management (MDM) systems for remote control and configuration.
- Manage devices from deployment to retirement.
Automatic Enrollment
Our team will follow this process to complete automatic enrollment of your devices:
- GroWrk will ask you to provide your DEP ID/Organization ID.
- If you are unsure where to find your Organization ID, sign up for Apple Business Manager and start the process here.
- GroWrk will share the Reseller ID of our warehouse to you.
- GroWrk will receive serial number of the newly purchased device and will share it with you to confirm that the device is enrolled.
Apple Business Registration
Enrolling your company in the Apple Business Manager program will create an Apple ID for your company. To get started with registration, sign up using this link here. Signing up requires the following information:
- Company name
- D-U-N-S number
- If you do not have a D-U-N-S number, you can register and obtain it through Dun & Bradstreet. Read the following information here.
- Phone number
- Website
Please ensure that you are creating the Apple Business account with a company affiliated email, not a personal Gmail or Yahoo address.
Manual Enrollment
For existing devices or those purchased outside authorized channels, manual enrollment is required, which involves additional steps. Manual ABM enrollment can be requested if and when you purchase devices before issuing your ABM, purchase devices through a non-authorized Apple reseller, or if automatic enrollment is not available for your region.
This service is available in the following regions:
- Canada
- Chile
- Colombia
- Costa Rica
- Japan
- Kenya
- Mexico
- Nigeria
- Pakistan
- Poland
- Rwanda
- Uganda
- Ukraine
- United Arab Emirates
- United States
- European Union
To get started with manual enrollment:
- Access Apple Business through https://business.apple.com/.
- Enroll your company in the Apple Business Manager program and activate an Apple ID and password for your company. The user registered under the company Apple ID will be given the Administrator role will have access to self-manage all of the devices registered under your company.
- Additional users can be added by creating profiles granting limited privileges, such as the Enrollment Administrator role, who is able to perform enrollment tasks for new devices. These additional users will have limited access in contrast to Administrator role due to security policies. It is recommended in good practice to create these additional roles.
In contrast to automatic enrollment, manual enrollment requires third-party access to your company’s ABM portal. Third parties are able to perform necessary tasks for device registration on behalf of companies, which is why GroWrk will ask for access to your ABM portal, either with administrator or enrollment administrator permissions. After access is received with the correct permissions, GroWrk will proceed with enrolling new devices to your ABM inventory.
JumpCloud
For our team to complete the enrollment process of your devices, please provide the following information:
- Your MDM link or Agent
- Your Connect Key
- The username and password to start the device. It is recommended to use generic credentials to be used for all devices for this process.
GroWrk will pass this information to our warehouses to access your devices. The process should be completed in three to five business days. You’ll be notified after confirming with our warehouse that enrollment has been completed, and your devices will be visible in Device Management.
Windows Autopilot
Automatic Enrollment
After a device is purchased:
- Windows Autopilot will be pre-registered by our team.
- The device will be shipped to the assigned user.
- Finishing the process requires the user to connect to a network and verify their credentials, then device will be ready to use.
Manual Enrollment
After you purchase a device and indicate that it needs to be enrolled in Autopilot:
- GroWrk will confirm whether this service is available within the region.
- The hash will be shared to you as a link or in a CSV file.
- Register the hash in your console using the following steps:
- In the Microsoft Intune admin center, select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program) > Import.
- Under Add Windows Autopilot devices, browse to the CSV file that lists the devices that you want to add.
- Select Import to start importing the device information. Importing can take several minutes.
- After import is complete, select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program) > Sync.
A message says that the synchronization is in progress. The process might take a few minutes to complete, depending on how many devices are being synchronized. - Refresh the view to see the new devices.
Azure
To enroll your devices with Azure, our team will follow the following steps:
- GroWrk will gather information about the device that is being enrolled, such as device type, make, model, and serial numbers (if available).
- Provide your company’s Azure AD domain name or tenant ID. This will help GroWrk ensure that the correct device is enrolled with your organization.
- Confirm your preferred enrollment method with us (e.g., Azure AD Join, Apple DEP, Android Enterprise).
Kandji
Automated device enrollment (all device types)
An Apple Business Manager account is required for automated enrollment. Please be sure to provide your account credentials to GroWrk and the team will follow this process:
- Assign Mac or iOS Devices to the Kandji MDM server inside of Apple Business Manager.
- Navigate to Devices > Automated Device Enrollment to confirm that the desired devices are listed in Kandji.
- Turn on the device, connect to the internet, and begin the Setup Assistant. A Remote Management screen during the setup process will confirm enrollment has been successful.
Jamf
For enrollment you will need:
- Managed Apple IDs in Apple School Manager.
- A push certificate in Jamf School (mobile devices only)
The GroWrk team will be able to install and enroll your devices in Jamf School with the following information provided by you:
- Your Jamf School credentials
- Network ID (listed in On-device enrollment (iOS & macOS) in Jamf School).
- Your users’ Managed Apple IDs.
- Device passcodes (for iOS devices only)
Addigy
Prerequisites for enrollment:
- An Apple Push Certificate, which needs to be assigned at a Global or Policy level.
- An Addigy account, with access to the dashboard.
- Add your organization in Addigy. (This is the first step for enrollment.)
Note that there are three installation methods available. Please consider which would be best for your organization, and we will confirm whether the service is available before we start the enrollment process.
- Automated Device Enrollment
- This method allows devices that have been added to Apple Business Manager to automatically enroll into Addigy. Devices properly configured to enroll via ADE will enroll automatically when they go through Setup Assistant. Configuring Automated Device Enrollment
- Device Enrollment (Manual enrollment)
- Allows you to either download the MDM directly, copy the download link and provide it to your users, or use a QR Code. ****Once the MDM enrollment profile is on the device, it will need to be manually approved by a user with admin credentials. More information can be found here: How To: Manually Enroll macOS into Addigy's MDM
- User Enrollment (BYOD)
- This method is for personal devices. It will push an MDM with limited control over the device. User Enrollment (BYOD)
Scalefusion
To enroll your devices, GroWrk will need the following:
- Your Scalefusion account credentials
- Organization-specific requirements to apply and define configuration policies
The following process will be performed:
- Configure Organization:
- Set up your organization within Scalefusion.
- Enroll Devices:
- Enroll devices into the Scalefusion MDM solution using the appropriate enrollment method for your devices.
- Configure Policies:
- Define and apply configuration policies to devices based on your organization's requirements.
- Manage Apps and Content:
- Utilize the app management and content distribution features to deploy and manage applications and content on enrolled devices.
- Monitor and Troubleshoot:
- Use the monitoring and troubleshooting tools to track device status and address any issues that may arise.
For more information, view Scalefusion’s documentation for Macs and Windows.
Kolide
GroWrk may require your Kolide credentials to perform the following processes according to your device operating system:
For iOS devices:
- First, obtain the macOS Kolide agent installer for your Kolide account.
- Open the
kolide-launcher.pkg
file to begin the installation process. - When the installation wizard opens, select Continue.
- Select Install.
- If prompted for Touch ID or administrative permissions, enter them and select Install Software.
- Once the installation is complete, select Close.
Granting full disk access
Mac devices utilize a granular permissions system to limit applications’ access to important system or user files. Without additional access, Kolide may be unable to check plain-text credentials in Downloads, Documents, and Desktop folders. If full disk access is something you wish to enable, GroWrk will follow this process:
- Click the Apple icon in the top left corner of your screen and then select System Settings from the pull-down menu.
- In the left menu pane of the System Settings window, select the menu item labeled Privacy & Security.
- In the right pane, select Full Disk Access.
- Find the line item for Kolide and select the toggle to enable full disk access. Once selected, you may need to provide a password or a biometric confirmation to confirm the change.
For Windows devices:
- First, obtain the Windows Kolide agent installer for your Kolide account.
- Double-click the
kolide-launcher.msi
file to begin the installation wizard. - Follow the on-screen instructions to complete the installation.
- If prompted, reboot the computer.
For more details, view Kolide’s documentation.