We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.
Customize Consent Preferences
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ...
Always Active
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
No cookies to display.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
No cookies to display.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
No cookies to display.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
No cookies to display.
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.
How to enroll Windows IoT devices in Microsoft Intune | TechTarget
October 3, 2024
Device management within enterprises has undergone significant transformation, encompassing an ever-expanding array of devices under a unified platform, including the burgeoning realm of IoT devices. Organizations can now seamlessly enroll devices running Windows IoT using Microsoft Intune, managing them alongside traditional Windows desktop operating systems, smartphones, tablets, macOS desktops, and select Linux distributions. However, the enrollment and management processes for IoT devices present unique challenges that IT administrators must navigate.
For those overseeing Windows IoT endpoints—utilized for applications such as digital signage, thin clients, kiosks, sensors, and medical devices—understanding the various management and enrollment options is essential for optimizing their IoT fleet.
Different editions of Windows for IoT
As organizations strategize on managing Windows IoT devices, it is beneficial to familiarize themselves with the available Windows editions, each offering distinct management capabilities:
Windows IoT Enterprise. This comprehensive version of Windows Enterprise includes specialized features designed for creating dedicated devices tailored to specific scenarios.
Windows Server IoT 2022. A full version of Windows Server 2022, this edition provides enterprise-level management and security features for IoT systems, with notable differences in licensing and distribution.
Windows 10 IoT Core. The most compact edition of Windows 10, this version operates a single application while still incorporating the familiar management and security features associated with Windows 10.
Among these, Windows IoT Enterprise emerges as the most prevalent choice for fixed-purpose devices, aligning seamlessly with common Microsoft-centric unified endpoint management strategies. Windows 10 IoT Core also fits into this framework, though its reliance on Windows 10 rather than Windows 11 may raise concerns regarding its support timeline.
The management capabilities for Windows IoT Enterprise devices are similar to other Windows Enterprise licensed devices — mainly because they’re based on the same binaries so the management is similar as well.
Options for managing Windows IoT Enterprise
The management capabilities for Windows IoT Enterprise devices closely mirror those of other Windows Enterprise licensed devices, primarily due to their shared binary foundation. Administrators have several management options at their disposal:
Microsoft Intune. This cloud-based device management service is the most widely used platform for managing Windows IoT Enterprise devices, offering management capabilities akin to those of other Windows Enterprise devices.
Microsoft Configuration Manager. This platform serves as the management solution for Windows IoT Enterprise devices when cloud-based options are unavailable or unsuitable, providing similar management functionalities.
Azure Arc-enabled servers. Administrators can leverage Azure Arc-enabled servers to connect with Windows IoT Enterprise devices, facilitating performance monitoring, application discovery, log data collection, and settings auditing.
How to enroll Windows IoT Enterprise devices into Microsoft Intune
Utilizing Microsoft Intune is the most prevalent method for managing Windows IoT devices. While it may seem logical to use Windows Autopilot for enrolling these devices due to their similar binaries with Windows Enterprise, it is important to note that, as of now, Windows Autopilot does not officially support Windows IoT Enterprise. This limitation does not preclude the possibility of using Autopilot for enrollment; however, any issues arising from this SKU would not be addressed by Microsoft. Consequently, bulk enrollment via a provisioning package becomes the most viable alternative.
How to create an Intune provisioning package
Creating a provisioning package is a straightforward endeavor when utilizing Windows Configuration Designer, which can be downloaded from the Microsoft Store. After installation, administrators can follow these eight steps to create a provisioning package for enrolling Windows IoT Enterprise devices into Microsoft Intune:
Open the Windows Configuration Designer app and select Provision desktop devices.
In the New project dialog box, provide the following information and click Finish:
Name. Assign a name to the project.
Project folder. Designate a location for saving the project.
Description. Optionally, provide a description for the project.
On the Set up device page, input the following information and click Next:
Device name. Establish a naming standard for the devices, which may include the serial number (%SERIAL%) or a random character set (%RAND:x%).
Enter product key. Optionally specify a product key for upgrading Windows.
Configure devices for shared use. Indicate if the devices will be shared (optional).
Remove preinstalled software. Choose whether to remove preinstalled software (optional).
On the Set up network page, specify the Wi-Fi network (optional) and click Next.
On the Account Management page, provide the following information and click Next:
Manage Organization/School Accounts. Select Enroll in Microsoft Entra ID.
Refresh Microsoft Entra ID credentials. Select Yes.
Bulk token expiry. Specify when the bulk enrollment token will expire.
Get bulk token. This step authenticates the admin to retrieve the bulk enrollment token.
The admin can specify credentials using the Create a local administrator button if desired.
On the Add an Application page, include any applications that need provisioning, then click Next (optional).
On the Add a certificate page, include any necessary certificates, then click Next (optional).
On the Finish page, review the specified configuration and click Create.
How to apply a provisioning package for Intune
For new devices, administrators can apply the provisioning package during the Out of Box Experience (OOBE). A similar process can be executed using Windows Autopilot preprovisioning. During OOBE, instead of entering a work or school account, pressing the Windows key five times will present the option to install a provisioning package. Ensure the provisioning package is accessible, then select Install provisioning package. This action initiates the setup process, confirming the provided provisioning package, allowing the device to join Microsoft Entra and automatically enroll in Microsoft Intune.
Alternatively, on existing devices, administrators can apply the provisioning package by double-clicking the package, initiating its execution while trusting the source.
Peter van der Woude works as a mobility consultant and possesses extensive knowledge of ConfigMgr and Microsoft Intune tools. He is recognized as a Microsoft MVP and is an expert in Windows technologies.
