Help Center
14 DAY FREE TRIAL
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. Windows

Category filter

Create Enrollment Profiles for Windows devices

Jump To

What are enrollment profiles?

Enrollment Profiles for Windows PCs and tablets facilitate the process of enrolling them into Hexnode UEM. They enable IT administrators to define general enrollment settings, apply device configurations and set authentication modes, prior to device enrollment. These enrollment settings configured in the profile are applied on the device during its enrollment.

What enrollment settings can be configured using enrollment profiles?

With Enrollment Profiles, admins can configure the following settings to dictate what happens during enrollment:

  • General settings – Configure whether a device already enrolled in another UEM solution should enter co-management upon enrollment. The installation of the Hexnode Service app and Hexnode Remote Assist app can also be configured under general settings.
  • Authentication modes – Configure how users authenticate to verify their identity when downloading the enrollment profile from the Hexnode server during the enrollment process.
  • Device configurations – Set parameters to help identify and manage devices within the Hexnode portal after enrollment.

Read on to explore the different configuration options available within Enrollment Profiles.

How to configure Windows enrollment profiles?

For configuring enrollment profile,

  1. Log in to Hexnode UEM.
  2. Navigate to Enroll > Platform-Specific > Windows > Windows PCs and Tablets.
  3. Click on Enrollment Profiles.
  4. Click on Create or select an existing enrollment profile to make edits to it.

The following settings are available to configure in an enrollment profile,

General Settings

  • Profile name: Enter the name for the enrollment profile.
  • Profile Description: Enter a description for the profile.
  • Co-management: This setting determines whether a device which is already enrolled in another MDM is to be co-managed upon enrollment. Select Enabled to enable co-management for the device. Else, select Disabled.
  • Install Hexnode Service app: When this setting is checked, the Hexnode Service app will be installed upon enrollment. If unchecked, the app will not be installed on the device.
  • Install Hexnode Remote Assist app: Checking this option installs the Hexnode Remote Assist app on the device upon its enrollment.
Note:

The Hexnode Service app will be installed on the device if the enrollment is done via the Hexnode Installer, even if this option is unchecked.

Configuring General Settings in Windows enrollment profile.

Device Configurations

  • Enrolled device name: Select the attribute that will be displayed as the device name on the portal, upon its enrollment. The following attributes are available:
    • Device model
    • Phone number
    • Device MAC address
    • Device serial number
    • Device manufacturer
    • Enrolled user username
    • Enrolled user domain name
    • Enrolled user principal name
    • Enrolled user email
    • Personalized device name
  • Add to device groups: Select the device groups to which the device will be added.
  • Department: Specify the department name to which the device will belong to.
  • Asset tag: Specify the asset tag for the device.
  • Device notes: Include any device-specific notes. You may modify the device notes in such a way it helps the device to be recognized easily.

Device Configurations available in an enrollment profile for Windows.

User Authentication

Configure the authentication modes prior to enrolling the devices.

  • Enforce Authentication: Select this option to enforce user authentication during enrollment. When this option is enabled, users must sign in with their credentials to download the enrollment profile. The device will then be automatically assigned to the authenticated user. You can configure authentication via Enrollment Request or Self Enrollment.
    • Select the types of users (AD/ Microsoft Entra ID/ Local/ Google/ Okta) to be enrolled through Enrollment Request or Self-Enrollment. This ensures that only those users integrated with the Hexnode console can authenticate with their respective credentials and successfully enroll their devices.
    • Change the Ownership to Personal, Corporate, or Let the user choose.
  • No Authentication: Select this option to enable users of a selected domain configured in the Hexnode portal to enroll themselves without any authentication.
    • Choose the Domain to which the user belongs to. The domain can be the local domain or the domain of an identity provider (Google Workspace, Microsoft EntraID, etc.) configured in the Hexnode portal.
    • Select a user to assign the device to and enter the password.
    • Change the Ownership based on the device to either Personal or Corporate.
  • Use Global Authentication: Select this option to apply the global authentication settings configured under Admin > Enrollment > Authentication Modes. The options configured under Enrollment > Authentication Modes will apply on the device at the time of enrollment.

    • Configuring authentication modes in an enrollment profile.

Note:


Configure AD, Microsoft Entra ID, Google, or Okta directory in the Hexnode portal to enroll the device via directory authentication.

After configuring all the information in the enrollment profile, hit Save or Save And Invite. Selecting Save And Invite redirects you to a window where you can send the enrollment URL, along with the username and password of the assigned user, via email or SMS. Users can then use these details to complete the enrollment. The enrollment profile can be downloaded on the device by entering the enrollment URL in a browser and authenticating if required.

Send enrollment details to users via Invite Users.

Enrollment Profiles Overview

All the newly created and existing enrollment profiles can be viewed under Enroll > Platform-Specific > Windows > Enrollment Profiles.

  • A toggle button exists for each enrollment profile. The enrollment profile will be active only if the toggle button is turned on. If an enrollment profile is disabled, then all enrollments using the enrollment URL corresponding to that profile will be blocked and the user will no longer be able to download the enrollment profile and enroll their device.
  • By clicking on the ellipsis icon corresponding to each enrollment profile, you can find the following option,
    • Clone: Click on this to create a copy of the enrollment profile.
    • Invite Users: Send the enrollment details to users via email or SMS.

Overview of Enrollment Profiles sub-tab.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Enrolling Devices