IBM MaaS360

IBM MaaS360

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Getting Started with Windows 10+ Devices using Manual Enrollments

By Kiara Foxworth posted 13 days ago

  

This checklist outlines straightforward deployment steps for managing Windows 10 and newer devices (Professional, Enterprise, Education, and Home editions) using manual enrollment in MaaS360. It includes references to key training materials and documentation to support each step.

Use This Setup When:

This guide is ideal for scenarios where Windows 10+ devices an out-of-the-box state or already deployed within your organization. Enrollment will be completed manually by either an administrator or end user, using a MaaS360 self-service enrollment URL or a one-time enrollment request link.

In this scenario, you are not leveraging streamlined enrollment methods such as Windows Out of Box Experience (OOBE), Windows Autopilot, or Windows 10+ Bulk Provisioning tools. Instead, this use case focuses on manual device enrollment and management through Windows policies, without creating a containerized separation between work and personal data. While MaaS360 does support Windows Information Protection (WIP) via the Windows Security Policy, this method provides a more unified experience on the device. These devices are typically organization-owned, though bring-your-own-device (BYOD) setups are also supported.

Before You Begin :

  1. Complete the MaaS360 Getting Started checklist.
  2. Microsoft Windows requires that the user account enrolling in MDM has local admin rights on the Windows machine.
  3. Review the following video to get started: • Introduction to Windows 10 Management 

**When possible, use the Guided Walkthroughs in the portal. They provide step-by-step instructions to complete tasks. 

Task: Path: Best Practices 
Enable Windows/Laptop Service In MaaS360, Setup> Services, enable Laptop and Desktop Management, and select Windows Desktop and Laptop Management. This service must be enabled through your Account Manager or Customer Success team.
Configure User Settings

In MaaS360, navigate to Setup > Settings > User Settings > Basic > User Password Settings  

- By default, MaaS360 doesn’t generate passwords for local users. Manually set them for admin-driven setup, or auto-generate them for user enrollment.

- Corporate users authenticate through your directory using Cloud Extender or Entra ID.

Configure Directory and User Authentication Setup

In MaaS360, navigate to Setup > Settings > Directory and Enrollments > User Authentication Setup > Select Default Authentication

 By default, user authentication for enrollment is based on the authentication type specified in the user record (Local or Corporate). If you're using SAML, the default is configured in the User Authentication Setup settings.
Configure a Windows Security policy

In MaaS360, navigate to Security > Policies >Add Policy> Policy Type: Windows MDM

Within the Windows MDM policy, you can configure the following settings:

  • Enable BitLocker for device encryption

  • Enforce passcode requirements

  • Set up Wi-Fi and VPN configurations

  • Enable antivirus and firewall protections (Windows Defender only)

  • Configure Windows Update management

Note: MaaS360 also supports Kiosk Mode for Windows 10+ devices, available under Advanced Settings.
Send Enrollment Request (if applicable) In MaaS360, Under Users> Directory> Find a User>Add Device

You can choose to either send the enrollment request directly to the end user or publish a self-service URL, as configured in the Directory and Enrollment Settings.

  • If you select Self Service using Corporate Directory, you can still enable one-time passcode (OTP) authentication by navigating to Basic Enrollment Settings > Override Authentication and enabling the Passcode option.

  • For bulk enrollment, consider uploading a CSV file by going to Setup > Settings > Enrollment Programs > Others > Bulk Add. This is ideal for sending enrollment requests to a large group of users.
Build App Catalog

In MaaS360, Navigate to Apps > Catalog > Add > Windows > Windows Store App

- Distribute apps to devices across your organization directly from MaaS360.

- Find the app within the Windows Store and copy the Product ID — it's the part after https://apps.microsoft.com/detail/and before the ?.  That will be the store product ID to add the app to the MaaS360 app catalog.
Enroll Windows 10+ device in MaaS360

From the Windows PC, go to Start > Settings Accounts > Connect to work or school > Connect.

From Browser > Open Microsoft Edge and navigate to the MaaS360 enrollment request URL 

  • To enroll a Windows 10+ device in MaaS360, the user or admin must be logged in as a local Windows administrator.

  • For browser-based enrollment, Microsoft Edge is required.
Manage devices in the portal

In MaaS360, navigate to Devices > Inventory > Locate the device > View to open the device summary > Select More to access all available actions

  • Navigate to Device Inventory > Summary > Endpoint Security to view the status of antivirus, anti-spyware, firewall, encryption, and backup/recovery.

  • Ensure antivirus and firewall are active by setting a homepage alert or creating a group-based compliance rule.

0 comments
8 views

Permalink

https://community.ibm.com/community/user/blogs/kiara-foxworth/2025/07/18/deploying-windows-10-devices-using-manual-enrollme