Preparing for the future with Windows 10 MDM enrollment


As many of you may be aware, Windows 10 comes with a built-in management agent. This agent provides many capabilities such as installation of applications, enforcement of some group policy settings, configuration of Bit Locker, managing Windows updates amongst some. It is even possible for a Windows 10 device to become managed during Windows setup itself, without end user needing to do anything (other than typing in their Azure AD credentials). To add to it, with every new Windows 10 update, the list of things you can manage or enforce on a Windows 10 device using this MDM agent is continuously growing. There is a consensus in industry that soon this would become one of prominent ways of managing Windows 10 devices. I’m happy to say that with #ZENworks2020, we are beginning our journey to support this new way of managing Windows 10 devices. Given the extent of work involved, you would see this capability un-folding over multiple ZENworks releases.

Win 10 MDM features in ZENworks 2020

Before a device can be managed, it needs to be enrolled. In ZENworks 2020, we have built in a capability where it can be enrolled into ZENworks using MDM protocol. We also wanted to bring you more management features, but we ran out of time. However, we have ensured that managing a device using Win 10 MDM protocol should be no different than managing another ZENworks device. This has been our guiding mantra while we have built in these capabilities.

Support for Bulk Enrollment

Windows 10 MDM provides many different ways in which a device can be enrolled. At our last count this number was in double digits! It was a really tough call to pick which one to start with. In the end, we decided to start by  supporting bulk enrollments, which we felt can be most useful to our customers and provide them an easy way to leverage capabilities offered by Win 10 management agent.

How to Enroll?

To start with, one needs to create a provisioning package using Windows Configuration Designer tool. As part of this provisioning package, you would need to embed the root certificate (to establish the trust between the server and device), ZENworks Registration Key (to indicate to ZENworks which folder to put the device in along with memberships) along with some other details, which are readily available in ZENworks.


 Once this provisioning package is ready, it can be deployed to devices in many ways depending upon your choice.

  • You can choose to embed it as part of Windows 10 image itself
  • You can choose to deploy it using ZENworks on to devices just like any other application.


Once the package is executed, the device would get enrolled into ZENworks. On device, under Access Work or School setting, it would indicate that device is connected to ZENworks MDM.

With-in ZCC, it would indicate against the device, if it is enrolled into MDM or not. You can choose to manage using only Windows 10 MDM capability (essentially agent less experience) or can also have ZENworks agent installed on it. Whichever way you choose, there would still be only one device instance in ZCC for you to manage.

Win-10-1.pngLooking forward

At this time with ZENworks 2020, you can only enroll your devices using Win 10 MDM, and hence we have termed the capability as experimental, so you can play with it and provide us with some feedback. Going forward, in ZENworks 2020 Update 2, you would see many more capabilities being surfaced, including support for Windows Auto Pilot, ability to deploy applications and enforce policies and settings amongst other things. While we are hard at work developing this capability, we are also looking for your thoughts and feedback. So, please do share it with us either by leaving a comment or by dropping us an email at

We are greatly excited by this and hopefully so are you!


New Release-Feature
Comment List