This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JumpCloud Launches Streamlined Windows MDM Integration for Unrivaled Device Management Possibilities

scott_reed
JumpCloud Employee
JumpCloud Employee

‎05-04-2023 06:52 PM - last edited on ‎07-28-2023 11:06 AM by Community Manager Community Manager

MDM_gif.gif

The Short Story

JumpCloud is investing in its core device management foundation by integrating Windows Mobile Device Management (MDM) with the JumpCloud agent, unlocking unrivaled management possibilities for IT organizations.

At launch (4/4/2023)  Windows MDM capabilities include a new streamlined user portal device enrollment method and JumpCloud agent tamper protection.

Coming soon admins will have the ability to enroll all existing Windows 10 & 11 devices into Windows MDM with a single toggle and can have peace of mind in knowing that devices enrolled in JumpCloud Windows MDM will not be able to be tampered with by nefarious end users attempting to remove JumpCloud agent or MDM management

Over time this integration will grant JumpCloud customers access to the latest device enrollment and management capabilities offered by Microsoft, and allow JumpCloud to develop cutting-edge solutions for managing Windows devices using both the JumpCloud Agent and the Windows MDM protocol.

The Admin Experience

On the new “Windows tab” of the MDM page admins will find a checkbox to “Allow users to enroll devices into Windows MDM through the User Portal” and see a visual of their devices Windows MDM enrollment status.

admin_exp.png

By default this checkbox will be disabled for all orgs.

End users will see a new method to enroll Windows devices from within the JumpCloud User Portal when the following features are enabled

  1. Settings → Organization Profile → User Portal Settings “Allow all users to enroll devices through the User Portal” = Checked

  2. MDM → Windows → “Allow users to enroll devices into Windows MDM through the User Portal” = Checked

Admins can enable both features with a single click by enabling the checkbox for “Allow users to enroll devices into Windows MDM through the User Portal” on the Windows MDM page.

enroll_up.png

Disabling “Allow all users to enroll devices through the User Portal” from the Settings → Organization Profile page also disables the checkbox for allowing users to enroll devices into Windows MDM.

Admins will be able to identify the Windows devices that are enrolled in Windows MDM from the API, the main device list, and the device aside.

MDM_lable.png

MDM_tab.png

MDM_attribute.png

The End User Experience

When the checkbox “Allow users to enroll devices into Windows MDM through the User Portal” is enabled end users see a new Windows Device Enrollment option from within their user portal on the security tab.

Find screenshots for the two possible enrollment methods available to end users from within the user portal.

MSI_enroll.png

MDM_enrollment.png

  

By clicking “Start MDM Enrollment” and clicking through on device prompts end users can enroll their devices into JumpCloud. The below GIF highlights this experience.

 

MDM_enrollment_GIF.gif

End users on devices enrolled in JumpCloud MDM will be able to clearly see their devices are managed by JumpCloud in the “Access work or school” Windows preference pane and the JumpCloud account that enrolled them. 

Enrolled_IMG.pngnon_removable.png

Once a device is enrolled into Windows MDM if end users attempt to use the “Disconnect” button to unenroll the device they will see a prompt that highlights that the device cannot be removed due to an enforced system policy.

Knowledge Base Articles

  1. Get Started: Windows MDM

  2. FAQ: Windows MDM

 
 
Labels:
4 REPLIES 4

ramiromalamud
Novitiate I

‎05-22-2023 08:52 AM

Is it possible to deploy Windows MDM from the Admin console?

scott_reed
JumpCloud Employee
JumpCloud Employee
In response to ramiromalamud

‎05-26-2023 11:23 AM

It will be soon! When we enable the checkbox to enroll all existing capable devices all devices enrolled via the agent will auto enroll into Windows MDM. Expect another community post when this comes out. 

We're also actively working on a feature to allow admins to download the required configuration files to use the Windows Configuration Designer to create a PPKG to enroll devices in JumpCloud MDM. This will be a very efficient method to bulk enroll devices. 

ncarmichael
Rising Star II

‎07-25-2023 04:40 AM

Given its MDM enrolment is a one-way process, what are people experiences with the enroll and the users experience afterwards?

I need to understand this fully before "pressing the button" as not having a rollback is an uncomfortable position for a support technician!

0 Kudos

scott_reed
JumpCloud Employee
JumpCloud Employee
In response to ncarmichael

‎07-25-2023 10:43 AM

There is no end user facing experience for enabling this. Turing the toggle on silently enrolls existing agent managed devices into JumpCloud MDM. The net result is if an end user attempted to uninstall the JumpCloud agent via add/remove programs on an MDM enrolled devices the agent would be reinstalled automatically within 15 minutes by MDM.

0 Kudos
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.