MDM on prem AD device enrolment workaround.
Hi all,
This could be a possible solution to enroll Windows devices for those in an on-prem AD. Below you have the instruction to add one device as a test then to create a GPO task to run the Powershell script:
First:
- Create the provisioning package in Resolve MDM.
- Download the .icdproj file from the “Windows (Beta) enrollment section in Resolve MDM.
- Open this file in Windows configuration designer.
- Next, export the file, building it into a .ppkg package and giving it your preferred file name.
Second:
- The test was done using powershell to activate this package and enroll devices.
- The -install-provisioning package command was used as admin in powershell (info here: https://learn.microsoft.com/en-us/powershell/module/provisioning/install-provisioningpackage?view=windowsserver2022-ps)
- This test completed successfully, enrolling the device.
Next steps:
- Move the .ppkg file somewhere that is network accessible to your users, so that when they run the above powershell script, their machine is able to access the .ppkg file.
- The script will then have to be modified to point to wherever the team opts to store the file.
- Create a scheduled task via GPO to run the powershell script.
- It is vital that this task be run as an account that has admin permissions on the machine being enrolled.
- More info is available here. The “Run As” section is especially relevant to your team. (info here)
