The JumpCloud platform has officially integrated Windows Mobile Device Management (MDM) with the JumpCloud agent. This new integration provides a wealth of management possibilities for IT organizations seeking a Unified Endpoint Management (UEM) experience, offering a stable, robust, and competitive Windows device management solution utilizing standard enrollment and management protocols.
IT Admins can enable streamlined user-led device enrollment experiences for end users on Windows MDM. Tamper-proof security features ensure that users can’t remove the JumpCloud agent or MDM.
- Admins will have a new, streamlined method for provisioning Windows 10 and 11 devices using a provisioning package.
Use Windows MDM (Admin)
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > MDM.
- Click the Windows tab.
- To enable MDM for your users, select Allow users to enroll devices into Windows MDM through the User Portal.
- This checkbox is disabled by default for all orgs.
- Enabling this checkbox will also enable the Allow all users to enroll devices through the User Portal option in Settings > Organization Profile > User Portal Settings.
- Enabling this checkbox will allow end users to enroll their Windows device from the JumpCloud User Portal via Windows MDM.
- User Portal device enrollment for Windows MDM is supported on all Windows 10 and 11 devices, with the exception of Windows Home versions.
- To automatically enroll all users with Windows 10 & 11 devices into Windows MDM, select Automatically enroll all Windows 10 & 11 devices into Windows MDM.
- This is a free feature with no additional fees required.
- This feature is not turned on by default; organizations must enable this manually.
- After enabling auto-enrollment, all of the user devices will be automatically enrolled.
- To confirm your selection, click Continue.
- To view the list of devices currently enrolled in Windows MDM, go to DEVICE MANAGEMENT > Devices.
Devices enrolled in MDM will be marked with an MDM label in the device list.
- To view the MDM enrollment info on a device, select the MDM-enrolled device from the devices list, and click the MDM tab.
Use Windows MDM (End User)
Admin permissions are required to enroll a device into JumpCloud MDM via the user portal. This is a Windows MDM requirement.
- Log in to your JumpCloud User Portal.
- Click the Security tab.
- In JumpCloud Device Enrollment, select the Windows operating system and click Start MDM Enrollment.
- Make sure your Admin previously enabled the Allow users to enroll devices into Windows MDM through the User Portal checkbox. If the checkbox is not enabled on the Admin side, you won’t see the option to enroll your device in Windows MDM from the User Portal. For more information, see Use Windows MDM (Admin).
- Users can’t manually unenroll devices. If a user uninstalls the JumpCloud agent, MDM will automatically reinstall it on their device, and the device will be re-enrolled as a new device.
- Click through to finish setting up your device.
- To check that your device is successfully enrolled in JumpCloud MDM, open Access work or school in the Windows Preferences pane.
After a device is enrolled in Windows MDM, end users can’t unenroll. If end users click Disconnect to unenroll their device, they will be notified that the device can’t be removed due to an enforced system policy.
Remove Devices from Windows MDM
To remove a device from Windows MDM, you need to delete the device from the JumpCloud Admin Portal.
To delete a device from JumpCloud:
- Go to DEVICE MANAGEMENT > Devices, then select the Devices tab.
- Click the checkbox to select the device(s) you wish to remove from Windows MDM.
- Click Delete, and confirm the number of devices. This will delete the device entry and remove the device from Windows MDM.
Deleting a device in JumpCloud will uninstall the JumpCloud agent from the device. The user, the user’s password, local files, profile data, and device policies will remain on the device after the JumpCloud Agent is uninstalled.