Endpoint Services, Workspace ONE, Enrolling Devices into Workspace ONE

How to enroll devices into the Workspace ONE service.

Systems

Workspace ONE Unified Endpoint Management (UEM)

Affected Customers

University of Illinois IT Pros leveraging Technology Services Endpoint Service Workspace ONE UEM

General Information

Once your unit has been provisioned in Workspace ONE, you may begin enrolling devices using one of the following methods and managing them in the Workspace ONE console.

Automated Device Enrollment / Device Enrollment Program / DEP (iOS, macOS, and tvOS)

Automated Device Enrollment (aka DEP), is the preferred method for enrolling eligible devices into Workspace ONE. To request that a DEP-eligible device be registered for automated enrollment, please submit an EPS support request, selecting Workspace ONE from the 'Service' dropdown, DEP Enrollment from the 'Request Type' dropdown, and completing all fields.

Learn more about Apple's Device Enrollment Program.

Ensure that your device purchases are DEP-eligible.

Manual Enrollment

**Please note that when enforcing SD card encryption, the Android security profile will ERASE unencrypted SD cards prior to encryption. For this reason, the EPS team strongly recommends that Android devices and SD cards be backed up prior to Workspace ONE enrollment in order to prevent accidental data loss.**

Non-DEP eligible devices may be manually enrolled into the service with the Workspace ONE Agent, the enrollment server URL, or with a specially-generated QR code. Endpoint Services recommends using either the Workspace ONE Agent or the enrollment server URL.

Manual Enrollment via the Workspace ONE Agent (Android, iOS, macOS, tvOS, and Windows)

Sign in to the device you wish to enroll and do the following:

  • Ensure that the device has a network connection (wired or wireless).
  • For Android, iOS, tvOS, and Windows 10, go to the app store for your device (Apple App Store, Google Play Store, or Microsoft Store); for macOS, go to https://www.getwsone.com/.
  • Search for and install the Workspace ONE agent.
  • Launch the agent and follow the prompts, providing either the server or email address.
    • For server address, enter http://mdm.cites.illinois.edu/devicemanagement/enrollment. When prompted for Group ID, enter the Group ID you provided in your Workspace ONE provisioning request.
      • Your Group ID can be determined by hovering over your unit instance in the Workspace ONE console.
    • For email address, provide the address of an enrollment user; if you are not sure, contact EPS.
      • Provide the enrollment user's credentials when prompted.
    • Select the appropriate level of device ownership.
      • Corporate Owned (Dedicated) devices are classified as University of Illinois property, and are used for University-only functions.
      • Corporate Shared devices are also classified as University of Illinois property, but may be loaned out for non-University functions.
      • Employee Owned devices are personally owned by a University of Illinois faculty, staff, or student.

Manual Enrollment via Enrollment Server URL (macOS and Windows

Sign in to the device you wish to enroll and do the following:

  • Ensure that the device has a network connection (wired or wireless).
  • Go to the Workspace ONE enrollment site, http://mdm.cites.illinois.edu/devicemanagement/enrollment.
  • Enter the Group ID you provided in your Workspace ONE provisioning request.
    • Your Group ID can be determined by hovering over your unit instance in the Workspace ONE console.
  • When prompted for credentials, enter the user name and password for a member of your Enroll Users group; if you are not sure, contact EPS.
  • Select the appropriate level of device ownership.
    • Corporate Owned (Dedicated) devices are classified as University of Illinois property, and are used for University-only functions.
    • Corporate Shared devices are also classified as University of Illinois property, but may be loaned out for non-University functions.
    • Employee Owned devices are personally owned by a University of Illinois faculty, staff, or student.
  • The installation will want to enable device management; select "Redirect and Enable", which will redirect and download the "Device Manager" mobileconfig file.
  • Open the "Device Manager" mobileconfig file and follow the installation prompts, installing Workspace Services and providing the profile password when asked to do so.



Multi-Tenant-Munki (macOS 10.15 and below)

For older, non-DEP eligible Macs, Workspace ONE enrollment profiles may be exported and packaged for deployment by the EPS Multi-Tenant-Munki service, but only on macOS 10.15 and below, as macOS 11 has removed the ability to install any profiles using command-line tools such as Munki.

After a Workspace ONE enrollment profile has been installed by Munki, it must be manually approved on the device in order to complete enrollment. This only needs to be done once, and can be done by any user on the Mac, including a standard (non-admin) user.

To approve a Munki-installed enrollment profile:

  • From the Apple Menu, select System Preferences, and locate the Profiles pane.
  • sys_prefs_profiles_pane
  • Open the Profiles pane and select the Device Manager profile. Note the 'Approve' button. (There may already be other Munki-installed profiles in place.)
    device_manager_profile
  • Click 'Approve', and if prompted for confirmation, click 'Approve' again.
    profile_approval
  • The Device Manager profile is now approved, and the device is fully enrolled in Workspace ONE.
    profile_approved

Contact the EPS team




Keywords:eps mdm airwatch workspace one endpoint macos ios "workspace one" enroll TechS-EPS-WS1 uem   Doc ID:87329
Owner:EPS Distribution List .Group:University of Illinois Technology Services
Created:2018-10-30 08:41 CSTUpdated:2021-10-22 14:56 CST
Sites:University of Illinois Technology Services
Feedback:  0   0