This guide applies to Windows devices
How It Works
In Iru Endpoint you get an enrollment URL and a Blueprint enrollment code; share both with users. When users open the link, they sign in (if you require authentication) and complete the on-screen steps. The device enrolls and is assigned to the chosen Blueprint automatically.Windows Enrollment Requirements
Before enrolling Windows devices, ensure you have:- Windows 11 (24H2 or 25H2 only): Pro, Pro Education, Enterprise, or Education
- Microsoft Edge browser (required for enrollment; see Microsoft’s MDM enrollment documentation)
- Network connectivity to Iru Endpoint services (for details, see Using Iru on Enterprise Networks)
- Iru Endpoint role with permission to view Enrollment and Blueprints (see Team Member Role Permissions)
- Blueprint configured for Windows devices
- For virtual machines: the VM must expose a stable device serial number (required for enrollment). For details, see the Windows enrollment configuration guide.
Manual Enrollment Setup
Configure Enrollment Portal
a. Go to Endpoint → Enrollment → Manual Enrollment in Iru Endpoint.b. Ensure the Enrollment Portal is active.c. Determine which Blueprint you want Windows devices to be added to after enrollment.
Configure authentication
a. Under Select Blueprint to enroll the device into, copy the code of the Blueprint you want devices to enroll into. Click the Blueprint and select Require authentication (strongly recommended for security).b. This integrates with your SSO configuration for secure enrollment. If you see a banner that No single sign-on connections are configured, go to Access (Account Menu Button → Access) and configure Single sign-on, then return and select Require authentication. See SSO Setup for setup steps.
Share enrollment information
a. Copy the Enrollment Portal link from Enrollment → Manual Enrollment.b. Share the link and the Enrollment code for the correct Blueprint with your end users.c. Provide a short note that they’ll authenticate (if required), then follow on-screen prompts to complete enrollment. Include the requirement to use Microsoft Edge browser.
Windows Enrollment Process
User Enrollment Steps
When users access the Enrollment Portal on their Windows device, they’ll enter the Blueprint code you provided and authenticate using SSO if you’ve enabled that option. Once authenticated, the device enrolls to Iru Endpoint for MDM management and gets configured according to your Blueprint settings.MDM Enrollment Process
The device enrolls to Iru Endpoint for MDM management. Once enrolled, MDM automatically pushes the Kandji Agent and Self Service apps to the device. The Kandji Agent handles app inventory and app lifecycle management, while policies and configurations are delivered through the MDM channel.Windows Management Features
Once enrolled, you can deploy applications, enforce security policies, and monitor compliance across your Windows devices. Iru Endpoint provides centralized management for user and device inventory, along with remote troubleshooting capabilities.Best Practices
Test your Blueprints on designated devices before enrolling production hardware. Enable SSO authentication for secure enrollment and provide clear instructions to users about the Windows enrollment process. You can monitor enrollment success and troubleshoot issues using the Activity page.Troubleshooting
Trial tenant device limit
Trial tenants are limited to a total of 10 devices. Once this limit is reached, a banner will be displayed until the device count becomes less than 10 again.Common Issues
If enrollment fails, check your Blueprint configuration and network connectivity. For authentication issues, ensure SSO is properly configured and users have the necessary access. Verify that the Kandji Agent installs correctly and that Blueprint policies are applied after enrollment.Support Resources
Check the Activity page for enrollment logs and errors, and review Device records for enrollment status. Contact Support if you need additional assistance. For detailed information about Windows enrollment, see Configuring Windows Enrollment and User Experience with Windows Enrollment.Next Steps
After setting up Windows enrollment:Test enrollment
Test the process with a few Windows devices and monitor compliance and policy enforcement on the Activity page.
Set up enrollment for other platforms (optional)
To enroll Apple or Android devices as well, see Apple Enrollment or Android Enrollment.