This may seem like a dumb question but we've been testing our rollout of Airwatch the last 6 months or so. One thing I have not been able to figure out is why we have so many Windows PCs enrolling in Airwatch. We are using Airwatch for smart phone MDM only and not sure how the Windows boxes are enrolling as we do not send enrollment information to them. We do notice a pop up sign on when a new user is logging into Office 365 for the first time. Can someone point me in the right direction as to where I can find this part of the configuration so I can turn it off? Appreciate it.
Thanks
Ken-
Hi,
Configure Windows 10 Provisioning
you have to disable that option I highlighted
ARomeo
Thank you. So I don't have this path in my Airwatch console: Group & Settings > All Settings > Device & Users > Windows > Windows Desktop > Auto Enrollment
When I goto: Group & Settings > All Settings > Device & Users > Windows > Windows Desktop
I see the following:
What version do you have?
19.12.0.6 (1912)
Alright, so the previous suggestions are unrelated. The key piece of information you provided was seeing a popup related to signing into O365 on the Windows 10 devices. Not knowing your deployment details, I would assume the configuration which is causing this automatic enrollment is within Azure AD. When Azure AD is integrated into Workspace ONE UEM (you probably have this set up for O365 DLP or revoking tokens) under Directory Services (you will see Enable Azure AD Services). If this is the case, and you still want this integration for the previous reasons stated, you can make some configuration changes in Azure AD. 1) limiting the scope of who is assigned to the AW by VMware enterprise (MDM) app in the Azure portal. Currently, its likely set to ALL meaning all users who sign into Azure services (O365, Windows Sign-in, or OOBE) will automatically be enrolled in Workspace ONE. 2) Not sure where the settings are since the UI has recently changed but you can prevent devices from joining Azure AD, so they do not enroll in Workspace ONE or Azure AD when signing into O365.
Overall, these changes should not be made lightly and without consideration especially in a production environment. I suggest reaching out to support or your VMware rep to ensure there will not be any impact to your environment.
If you are interested in learning more about Windows 10 management (especially if you have user-based licensing) (and because it's awesome what you can do :smileygrin:) I highly suggest taking a look at the Understanding Windows 10 Management path on the Digital Workspace Tech Zone site! You can also check out Enrolling your Windows devices into Azure AD tutorial for more on this configuration, such as using Autopilot.
Thanks. Yes part of it is wrapping your head around which device is using what enrollment method. If an iOS or Android device enrolls they usually do it via downloading the Intelligent hub. I am unsure if this requires Azure/SSO. I do see Airwatch as an app listed in Azure so it looks as if it has been setup at some point so maybe removing this will solve the issue. Most likely open a ticket for this. Appreciate the help in understanding though I'll try to follow up and let you know how things went.
Ken-