Enrollment by non-admin device users
BigFix MCM facilitates non-admin device users to enroll the domain-joined devices to MDM and manage them.
Following are some of the options to enable non-admin device users to perform enrollment
to MDM server and manage the domain-joined devices after the enrollment.
- User-initiated enrollment with one-time admin password: In this method, the
non-admin device user logs in via enrollment URL through which a .ppkg is
downloaded. The device users need to be provided with one-time admin password to
run the .ppkg file to initiate enrolment. After enrollment, the Admin can reset
the password.
- Grant and Revoke admin rights through Domain Controller: In this method, the domain users are granted with admin rights through Domain Controller, the users get admin rights and perform user-initiated enrollment by downloading .ppkg file, after which the Admin rights can be revoked from the Domain Controller.
- Automatic enrollment of Hybrid Azure AD joined devices using Group Policy Object: In this method, a group policy is configured so that the Hybrid AD joined devices get enrolled to MDM server automatically without admin rights.
- Autopilot non-admin enrollment: In this method, the only interaction required from the device user is to connect to a network and to verify credentials. Everything beyond that is automated.