JumpCloud has officially integrated Windows Mobile Device Management (MDM) with the JumpCloud agent. This integration provides a wealth of management possibilities for IT organizations seeking a Unified Endpoint Management (UEM) experience by offering a stable, robust, and competitive Windows device management solution with standard enrollment and management protocols.
IT Admins can streamline user-led device enrollment for end users on Windows MDM, and tamper-proof security features ensure that users can’t remove the JumpCloud agent or MDM.
To provision Windows 10 and 11 devices using a provisioning package, see Enroll Windows MDM Using a Provisioning Package.
Use Windows MDM (Admin)
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > MDM.
- Click the Windows tab.
- To enable MDM for your users, select Allow users to enroll devices into Windows MDM through the User Portal.
- This checkbox is disabled by default for all orgs.
- Enabling this checkbox will also enable the Allow all users to enroll devices through the User Portal option in Settings > Organization Profile > User Portal Settings.
- Enabling this checkbox will allow end users to enroll their Windows device from the JumpCloud User Portal via Windows MDM.
- User Portal device enrollment for Windows MDM is supported on all Windows 10 and 11 devices, with the exception of Windows Home versions.
- To automatically enroll all users with Windows 10 and 11 devices into Windows MDM, select Automatically enroll all Windows 10 & 11 devices into Windows MDM.
- This is a free feature with no additional fees required.
- This feature is not turned on by default; organizations must enable this manually.
- After enabling auto-enrollment, all of the user devices will be automatically enrolled.
- To confirm your selection, click Continue.
- To view the list of devices currently enrolled in Windows MDM, go to DEVICE MANAGEMENT > Devices, and click the Devices tab.
Devices enrolled in MDM will be marked with an MDM label in the device list.
- To view a device's enrollment status, select the device from the devices list, and click the MDM tab.
Use Windows MDM (End User)
Admin permissions are required to enroll a device in JumpCloud MDM via the User Portal.
- Log in to the JumpCloud User Portal.
- Click the Security tab.
- In JumpCloud Device Enrollment, select the Windows operating system and click Start MDM Enrollment.
- Make sure your Admin enabled the option to Allow users to enroll devices into Windows MDM through the User Portal. If this checkbox is not enabled, you won’t see the option to enroll your device in Windows MDM from the User Portal. For more information, see Use Windows MDM (Admin).
- Users can’t manually unenroll devices. If a user uninstalls the JumpCloud agent, MDM will automatically reinstall it on their device, and the device will be re-enrolled as a new device.
- Follow the wizard to finish setting up your device enrollment.
- To verify your device is enrolled in JumpCloud MDM, open Access work or school in the Windows Preferences pane.
End users can't unenroll a device after it is enrolled in Windows MDM. If end users click Disconnect, they will be notified that the device can’t be removed due to an enforced system policy.
Remove Devices from Windows MDM
To remove a device from Windows MDM, you need to delete the device from the JumpCloud Admin Portal.
To delete a device from JumpCloud:
- Go to DEVICE MANAGEMENT > Devices, then select the Devices tab.
- Click the checkbox to select the device(s) you wish to remove from Windows MDM.
- Click Delete, and confirm the number of devices. This will delete the device entry and remove the device from Windows MDM.
Deleting a device in JumpCloud will uninstall the JumpCloud agent from the device. The user, the user’s password, local files, profile data, and device policies will remain on the device after the JumpCloud Agent is uninstalled.