Bring devices under management
Once a user completes their first sign in, the device should immediately appear in your management system. This is a critical transition point: the device moves from being "new hardware" to being a managed organizational asset, enabling IT to apply policy, maintain visibility, and enforce organizational standards at scale.
At this stage, it's important to distinguish between a device that appears usable and one that's truly managed. A user might be able to sign in and access basic functionality even if their device isn't fully enrolled. However, without successful management, policies might not apply, apps might never install, and compliance status remains unknown. This distinction becomes especially important later when IT needs to troubleshoot devices that "mostly work" but don't meet organizational standards.
Distinction points between enrollment and management
Consult the following table when distinguishing the impacts of device enrollment versus management.
| Signal | Enrolled only | Fully managed |
|---|---|---|
| User can sign in | ✅ | ✅ |
| Policies applied | ❌ | ✅ |
| Apps installed | ❌ | ✅ |
| Compliance status | Unknown | Compliant / Noncompliant |
For example, a device might appear usable after sign-in, but required applications never install because management hasn't fully applied.
The first thing to confirm is that enrollment succeeded. You should be able to see the device associated with the correct user and marked as managed in your organizational platform. If enrollment fails at this stage, none of the downstream configuration—apps, updates, or security—will apply correctly.
After enrollment, configuration profiles take effect. These profiles define how the device behaves, from sign in settings to user experience preferences. For example, you might enforce certain security related settings or standardize aspects of the desktop environment to give users a consistent experience across devices.
Application deployment follows a similar model. In this scenario, users need access to core productivity tools on day one. Instead of relying on users to install software themselves, required applications are assigned automatically. As the device checks in, apps begin installing in the background, reducing users' wait time to full productivity and helping ensure a consistent day-one experience across devices.
Now the device is no longer just enrolled—it's fully managed, configured, and ready for use.
Exercise: Verify enrollment and management
A user has signed in to their new device for the first time.
Your task
Explain how you would:
- Confirm the device enrolled successfully using available management signals (for example, portal views or device reports)
- Verify it's associated with the correct user
- Check that configuration profiles and apps are assigned
What success looks like
You can clearly describe how to tell the difference between a fully managed device and one that only partially enrolled.