Enrolling Windows Modern Phone Devices

Before you begin

Ensure you have either configured Windows Notification Services (WNS) or opted out entirely. If you've done neither, you will not be able to proceed.

About this task

Important: This article is specifically for Windows phone devices running Windows 8.0 or later. For instructions on enrolling other devices running other versions of Windows, see Adding Windows Devices.

Windows Phone 8.1 requires the SOTI MobiControl server to have a fully qualified SSL certificate. Wildcard certificates are not supported by Microsoft for managing Windows Modern devices. The use of an untrusted SSL certificate on the SOTI MobiControl server will result in a warning on the device during the enrollment. The Windows Modern device attempts to validate the source to ensure that the certificate has not been revoked, and this is not possible with untrusted certificates. It is recommended that a third party trusted certificate is used.

In this procedure, you'll learn how to:

Procedure

Define enrollment settings for Windows Modern Phone devices
  1. In the SOTI MobiControl legacy console, go to Windows Modern > Rules and right-click Add Devices. Select Create Add Devices Rule to launch the Create Add Devices Rule wizard.
    An add devices rule defines enrollment settings for your devices. You can create multiple add devices rules, each with different enrollment settings. However, you cannot use one add devices rule across multiple platforms.
  2. Enter a name for the add devices rule. Make it brief, but descriptive, especially if you plan to create multiple add devices rules. Click Next.
  3. Choose the destination device groups:
    Based on User Group Membership Devices are placed in groups based on the membership of the user account assigned to each device and the mapping settings you'll apply in the next wizard screen.
    Certificate Based Enrollment Devices are authenticated by a certificate you'll choose on the next wizard screen. This certificate will also be used to target device groups for enrollment.

    Select Automate Certificate Enrollment if you wish to automatically create a distributable PPKG file. See Autogenerate an Enrollment Provisioning Package (PPKG) for additional steps.

    Click Next.

  4. Select a certificate authentication authority. Click Next.
  5. Optional: Enable the Terms and Conditions setting and select a terms and conditions document from the dropdown list. If you haven't uploaded a terms and conditions document yet, click Manage to add a new document. Click Next.
    Device users will be prompted to accept the terms and conditions upon enrollment.
  6. Specify a naming convention for your devices. Use a combination of text and macros to automatically and intelligently name your devices.
    For example, Ottawa Sales %AUTONUM% %ENROLLEDUSER_EMAIL% transforms into Ottawa Sales 001 sarah@organization.com, Ottawa Sales 002 saurabh@organization.com, and so on.
  7. Review your enrollment settings. Click Back to return to a previous screen and make changes or click Advanced to adjust the rule further.
  8. Once you're satisfied with your enrollment settings, click Finish to save your new add devices rule.
Enroll Windows Modern Phone Devices
  1. Optional: Enable Automatic Server Discovery by creating a DNS record that maps to your SOTI MobiControl server.
    During the enrollment process, a Windows Modern device requests the user's email address. Automatic Discovery takes the domain portion of the email address, prepends the subdomain enterpriseenrollment, and then does a lookup to locate that server so it can attempt a connection. Creating a DNS record that maps back to your SOTI MobiControl server allows devices to automatically detect the server and connect.
    1. Create a DNS entry for enterpriseenrollment.MyCompany.com.
      If possible, use a CNAME record when creating the enterprise enrollment record. CNAME allows you to direct traffic to an A record, which would be your server's fully qualified domain name.
      The Windows Modern device will attempt a connection over SSL (HTTPS) on port 443. If the server certificate is not trusted by the device, the request will fail over to a non-SSL (HTTP) connection on port 80.
  2. On the device, open the Settings application and scroll down to Workplace.
    On Windows Phone 8.0 devices this is called Company Apps.
  3. On the Workplace screen, select Add Account to begin the enrollment process.
  4. Enter the email address of your Active Directory credentials. If the device is successful in automatically discovering the SOTI MobiControl Server, you will be asked to enter the password that matches the email address and the fields are automatically populated upon successful authentication.
  5. If the device did not automatically find the SOTI MobiControl server, it will prompt you for the SOTI MobiControl server address. Enter the server address as the fully qualified domain name (FQDN) or as a publicly reachable IP address.
    Using the FQDN is recommended whenever possible.
  6. Enter your AD password, username and domain and click sign in. Then click Done when the sign in is successful.

Results

Your Windows Modern Phone devices are now enrolled in SOTI MobiControl.