Skip to main content
This guide applies to Windows devices

About Windows Enrollment

Windows enrollment allows you to add Windows 11 devices to Iru Endpoint for centralized management. This process enables you to deploy applications, enforce policies, and maintain security across your Windows device fleet.

How It Works

Admins retrieve an enrollment URL and a Blueprint enrollment code, then share both with users. During enrollment, users authenticate (SSO recommended) and the device is automatically assigned to the specified Blueprint so it receives the correct apps and policies.

Windows Enrollment Requirements

Before enrolling Windows devices, ensure you have:
  • Windows 11 (24H2 and later)
  • Windows Pro, Enterprise, or Education editions
  • Microsoft Edge browser (you’ll need this for enrollment - see Microsoft’s MDM enrollment documentation)
  • Network connectivity to Iru Endpoint services
  • User account with appropriate permissions
  • Blueprint configured for Windows devices

Manual Enrollment Setup

1

Configure Enrollment Portal

  1. Go to EndpointEnrollmentManual Enrollment in Iru Endpoint
  2. Ensure the Enrollment Portal is active
  3. Determine which Blueprint you want Windows devices to be added to after enrollment
2

Configure Authentication

  1. Click Require authentication on the Blueprint (strongly recommended for security)
  2. This integrates with your SSO configuration for secure enrollment
3

Share Enrollment Information

  1. Copy the Enrollment Portal Link
  2. Share the link and the appropriate Blueprint code with your end users
  3. Provide instructions for the Windows enrollment process (including the requirement to use Microsoft Edge browser)

Windows Enrollment Process

User Enrollment Steps

When users access the Enrollment Portal on their Windows device, they’ll enter the Blueprint code you provided and authenticate using SSO if you’ve enabled that option. Once authenticated, the device enrolls to Iru Endpoint for MDM management and gets configured according to your Blueprint settings.

MDM Enrollment Process

The device enrolls to Iru Endpoint for MDM management. Once enrolled, MDM automatically pushes the Kandji Agent and Self Service apps to the device. The Kandji Agent handles app inventory and app lifecycle management, while policies and configurations are delivered through the MDM channel.

Windows Management Features

Once enrolled, you can deploy applications, enforce security policies, and monitor compliance across your Windows devices. Iru Endpoint provides centralized management for user and device inventory, along with remote troubleshooting capabilities.

Best Practices

Test your Blueprints on designated devices before enrolling production hardware. Enable SSO authentication for secure enrollment and provide clear instructions to users about the Windows enrollment process. You can monitor enrollment success and troubleshoot issues using the Activity page.

Troubleshooting

Common Issues

If enrollment fails, check your Blueprint configuration and network connectivity. For authentication issues, ensure SSO is properly configured and users have the necessary access. Verify that the Kandji Agent installs correctly and that Blueprint policies are applied after enrollment.

Support Resources

Check the Activity page for enrollment logs and errors, and review Device records for enrollment status. Contact Support if you need additional assistance.

Next Steps

After setting up Windows enrollment, test the process with a few Windows devices and monitor device compliance and policy enforcement. You can then deploy applications to enrolled Windows devices. For detailed information about Windows enrollment, see Configuring Windows Enrollment.