The first step is to decide how you are going to enroll your Windows devices into MEM. There are a few different enrollment options. The easiest enrollment solution I have found for enrolling company-owned devices is to configure an Azure Active Directory security group that contains the devices you wish to be managed by MEM. Once that security group is configured and devices are added, you can add the newly made security group to the Automatic Enrollment option in MEM. To do so, in the MEM admin center click Devices in the left pane, click Enroll Devices, then click Automatic Enrollment. From here, you can add the newly made security group under Groups so that devices in the group are enrolled into MEM automatically. Note that you will want to change your Scope to Some if you want to control which devices are enrolled. In our case, we are by using a security group containing devices.
You can view a list of enrolled devices under Devices > All Devices. For organizations supporting BYO devices that are still required to meet certain compliance and configuration standards to access company data, MEM extends its management capabilities to BYO devices as well. BYO devices can be enrolled in the same method described above but note that management features are limited for BYOD as they are with company-owned devices. Once you have a device or a few devices enrolled in MEM I suggest creating a map of compliance standards that fits your company’s security needs. For example, what are the requirements your devices must meet in order to access company data? What requirements do your devices need to have to stay within your organization’s security model? Once defined, compliance standards can be configured.
Built on Azure. Built for Azure.
Book some time with a Remotely team member to char about the industry's only Azure native RMM.