Showing results for 
Search instead for 
Did you mean: 

Windows LITE-Touch Deployment via Provisioning Package (PPKG)

JumpCloud Employee
JumpCloud Employee

I am extremely pleased to announce the general availability (GA) of Windows Lite-Touch Deployment via Provisioning Package (PPKG) in JumpCloud.

Imagine IT administrators provisioning multiple Windows devices instantly without complex imaging. Provisioning packages do just that! They're like a pre-packed configuration file with all the settings and enrollment info needed, letting IT admins configure devices at a lightning speed. The provisioning package will enroll the device in JumpCloud MDM, which installs the JumpCloud Agent on the device. This method, along with Self-Service Account Provisioning, will enable faster distribution of devices to the end user, with less hands-on time required. After provisioning, users can simply Sign in with JumpCloud and add their JumpCloud managed user accounts on the device by themselves.

Benefits of provisioning package

  • Simplified and efficient deployment method - Create the package once with needed settings, policies and use it to deploy on all Windows 10 and 11 devices.
  • Scalable and highly secure - Supports variety of security settings at the runtime (Security updates, WiFi, User accounts and many more).
  • Improved IT experience - Reduce human intervention with Lite-Touch deployment. Eliminate manual configuration for each device.
  • Improved ROI - Bulk deployments are no more a nightmare as the provisioning can be completed in a few minutes.

How to create a provisioning package



  1. From the Device Management section select Devices > green plus sign button > Create Provisioning Package > Download Configuration File.
  2. Once the zip file is downloaded, extract the files.
  3. Now open the Windows Imaging and Configuration Designer (WICD) tool and import jumpcloud.icdproj.xml file to a new project.
  4. Under Available customizations on the left, expand Runtime settings and configure settings like User accounts, WLAN settings, Certificates, Policies and many more.
  5. By default, Out of the box experience (OOBE) is hidden, and Workplace settings are configured. If needed can be modified as per the requirement.
  6. When finished configuring any desired settings, select the Export button, and then the Provisioning package.
  7. Add an additional layer of security by encrypting and signing the certificate. These are not mandatory though.
  8. Once the provisioning package is created, it can be stored in a USB drive or network folder and be used for provisioning Windows 10/11 devices.

IT Administrator flow

Download configuration file


Configure runtime settings


Default runtime settings - OOBE and Workplace


Configure user account


Configure policies


Export the provisioning package


Secure the provisioning package (optional)


Save the provisioning package


Build the provisioning package


Find the provisioning package and setup the devices


Windows device provisioning

  1. Make sure the device being configured is either connected to ethernet, or will be able to connect to the wireless network as configured in the provisioning package.
  2. When the device is on the location selection screen, insert the USB drive.
  3. On some devices, the provisioning process will start automatically. If it does not, press the Windows key five times.
  4. The local admin account will be created, and the device will be enrolled in Windows MDM.
  5. Now on the login screen notice the local admin account as configured in the provisioning package. During this time, the device is installing the JumpCloud agent and the device is being added to the JumpCloud account. This process can take up to five minutes.
  6. Once the configuration is complete, notice Sign in with JumpCloud button at the left bottom of the screen. This completes the provisioning flow at IT administrator level and the device can be handed over to an end user.

Sign in with JumpCloud

  1. Once the end user has the device, they can select the Sign in with JumpCloud option.
  2. Provide users’ JumpCloud account credentials and create local device password and PIN with minimum 6 digits.
  3. Once done, the user will have to go through the rest of the local account setup, and will be able to use the device with their JumpCloud managed user account.
  4. In the Admin Portal, the user will be shown as bound to the device.



Learn more about Windows enrollment via Provisioning Package


Novitiate I

Hi! it seems the option to create a provisioning package is not displayed anymore. do you have any info about that ?

JumpCloud Employee
JumpCloud Employee

hey there, this feature was pulled from production for bug reasons 🙂 we are working to resolve & waiting for microsoft to give us the thumbs up for re-release. hopefully this will happen by end of march! either way, coming back soon 

Hi, we have made the feature live now. You can now see an option in the console to create a provisioning package and enroll devices.