Bagikan melalui


Device registration overview

Microsoft Managed Desktop must register either existing or new devices into its service so it can fully manage devices on your behalf.

When you register your devices, the Microsoft Managed Desktop service will fully manage updates for those devices. Today Microsoft Managed Desktop supports two device registration methods:

Whether you choose to use auto or manual registration, the overall device registration process is:

Overview of the device registration process

  1. Register devices by:
    1. Auto-registration:
      1. When using auto-registration, a partner uploads devices into the Windows Autopilot service on your behalf via either Partner Center or OEM APIs.
      2. You can also upload a .CSV file in the Windows Autopilot devices blade yourself, which is also considered an auto-registration method for Microsoft Managed Desktop as it’s outside its devices blade.
    2. Manual registration:
      1. When using manual registration, register devices into the Microsoft Managed Desktop Devices blade.
  2. Assign devices into Microsoft Managed Desktop’s Windows Autopilot deployment profiles using the OrderID/Intune group tag.
  3. Register devices to Microsoft Managed Desktop’s deployment group distribution.
  4. Assign devices to the Microsoft Managed Desktop’s deployment groups.
  5. Assign devices to the Microsoft Managed Desktop’s device configuration profiles.
  6. Ship devices to end-users.
  7. End-user logs in and starts their workday.

See the Device registration workflow diagram section for more detail on what happens behind the scenes of the device registration process.

Device registration prerequisites

See device requirements to review both hardware and software-based requirements when registering devices with Microsoft Managed Desktop.

Device name convention

Microsoft Managed Desktop applies a standardized naming convention format, MMD-%RAND11, when devices are registered into the service.

Important

If you must keep your own device naming convention, you can submit an exception request through the admin center to disable both the Microsoft Managed Desktop device naming convention, and Microsoft Managed Desktop’s device rename function. The device rename function automatically renames devices when they don’t match the naming convention every four hours.

Auto-registration

Any device registration that occurs outside the Microsoft Managed Desktop’s devices blade is considered an auto-registration method. There are also different ways to register devices with Microsoft Managed Desktop within the auto-registration method:

Manual registration

Any device registration that originated from the Microsoft Managed Desktop's Devices blade is considered to be a manual registration method. This process is very similar to the Windows Autopilot’s manual registration process where you utilize a .CSV file containing the devices you want to register with the Microsoft Managed Desktop service.

The manual registration methods are:

Device registration workflow diagrams

Detailed auto-registration workflow diagram

See the following high-level overview workflow diagram. The diagram covers the auto-registration process in Microsoft Managed Desktop:

Detailed auto-registration workflow diagram

Auto-registration workflow diagram steps

Step Description
Step 1: Gather hardware hashes Partner, OEM, or IT admin gather hardware hashes for devices that need to be registered.
Step 2: Build .CSV file Partner, OEM, or IT admin builds the .CSV file containing the following information:
  1. All hardware hashes for devices that need to be registered.
  2. A Microsoft Managed Desktop-specific Intune group tag per device. The group tags are:
    1. Microsoft365Managed_Standard
    2. Microsoft365Managed_SensitiveData
    3. Microsoft365Managed_PowerUser
    4. Microsoft365Managed_Kiosk
  3. The breakdown of the Intune group tag string in Microsoft Managed Desktop:
    1. The "Microsoft365Managed" section of the group tag string means the devices must be managed by the Microsoft Managed Desktop service.
    2. The "_Standard/SensitiveData/PowerUser" section of the group tag string means the device must registered into Microsoft Managed Desktop using one of its default device configuration profiles (either Standard, SensitiveData, or Power User).
      1. Each registered device must be assigned to one of the Microsoft Managed Desktop's default device configuration profiles. Adding multiple device configuration profiles as par of the Intune group tag string isn't supported.
    3. Optional. You can also append -Shared to the end of the Intune group tag string when you want to register a shared device with Microsoft Managed Desktop. For example, Microsoft365Managed_Standard-Shared, or Microsoft365Managed_SensitiveData-Shared). The Power User device configuration profile isn't supported.
      1. Two things happen when "-Shared" is appended to the end of the Intune group tag string:
        1. Microsoft Managed Desktop adds these devices into a Microsoft Entra group that has the Windows Autopilot deployment profile with Shared devices assigned. Microsoft Managed Desktop applies the Windows Autopilot self-deploying mode settings when these devices go through the Windows Out-of-the-Box-Experience.
        2. Microsoft Managed Desktop adds these devices into the Microsoft Entra group. The group receives the Shared device mode configuration profile with the Shared device mode settings in Microsoft Intune once users go through the Windows Out-of-the-Box-Experience.
Step 3: Upload the .CSV file Partner, OEM, or IT admin uploads the .CSV file into either via Partner center, using OEM APIs or through the Windows Autopilot Devices blade in the Microsoft Intune admin center.
Step 4: Check for assigned devices Microsoft Managed Desktop has a function that checks for assigned devices in all four Microsoft Managed Desktop Windows Autopilot profiles every hour.
  1. The four Windows Autopilot Deployment profiles supported in Microsoft Managed Desktop are:
    1. Modern Workplace Autopilot Profile
    2. Modern Workplace Autopilot Profile Power User
    3. Modern Workplace Autopilot Profile Shared
    4. Modern Workplace Autopilot Profile Kiosk
  2. If there are newly added devices, these devices are added into the Microsoft Managed Desktop shipped device record database.
  3. Microsoft Managed Desktop flags the device(s) with the status Registration pending in the Devices blade.
Step 5: Compare device registration request records Another Microsoft Managed Desktop function compares device registration request records originating from its device blade against both its shipped, and managed device records in the Microsoft Managed Desktop database. This function runs every hour.

If there are devices that are part of the shipped device records but don’t have a device registration request record originating from its Devices blade, Microsoft Managed Desktop proceeds with registering this device in its service.

Step 6: Run device deployment group assignment algorithm Microsoft Managed Desktop runs its device deployment group assignment calculation algorithm to determine which deployment group to assign the devices to. For more information, see Device deployment groups.
Step 7: Assign devices to deployment groups and other Microsoft Entra groups to devices Microsoft Managed Desktop assigns the deployment group to devices and assigns other Microsoft Entra groups to devices.
  1. Microsoft Managed Desktop deployment groups are made of three Microsoft Entra groups that devices get assigned to during the device registration process:
    1. Modern Workplace Devices-First
    2. Modern Workplace Devices-Fast
    3. Modern Workplace Devices-Broad
  2. Other Microsoft Entra groups that are assigned to devices in this step are:
    1. Modern Workplace Devices-All
    2. Modern Workplace Devices - Shared Device Mode (this is in case the device was registered by Partner, OEM or, IT admin with -Shared appended one of the Intune group tags used by Microsoft Managed Desktop.
Step 8: Assign device configuration profiles to devices Microsoft Managed Desktop assigns the device configuration profiles to devices. For more information, see Device profiles. The device configuration profiles are defined as:
  1. Standard
  2. Sensitive data
  3. Power User
  4. Kiosk
Step 9: Validate devices Microsoft Managed Desktop validates whether devices are part of the assigned devices in one of the Windows Autopilot Deployment profiles described in step #4.

If a device is part of one of the Windows Autopilot Deployment profiles created by Microsoft Managed Desktop in your tenant, Microsoft Managed Desktop flags the device as Ready for User in the Devices blade for the IT admin. Partners and OEM don’t have access to the Microsoft Managed Devices blade.

Step 10: Ship the device to the end-user Partners, OEM, or IT admin ship the device to the end-user.
Step 11: End-user receives device The end-user receives the device and turns the device on and runs through the Windows Out-Of-Box-Experience.
Step 12: End-user logs in Once the device runs through the Out-Of-Box-Experience steps, the end-user logs in with their corporate credentials.
Step 13: Create Microsoft Intune device record The Microsoft Intune device record is created.
Step 14: Deliver apps, configuration profiles and other settings Microsoft Intune starts delivering apps, device configuration profiles and other settings Microsoft Managed Desktop applies to your devices.

The number of apps assigned is listed in the Windows Autopilot Enrollment Status Page. End-users can start using their devices because Intune installs apps and applies settings in the background. This is the end of the workflow for the end-user.

Step 15: Flag devices Microsoft Managed Desktop flags devices with the Active status in the Devices blade.
Step 16: Confirm Active devices IT admin confirms that the devices now show up as Active in Microsoft Managed Desktop’s Device blade.
Step 17: End of registration workflow This is the end of the auto-registration process.

Detailed manual registration workflow diagram

The following is the high-level overview workflow diagram that covers the manual device registration process in Microsoft Managed Desktop:

Detailed manual registration workflow diagram

Manual registration workflow diagram steps

Step Description
Step 1: Build .CSV file IT admin builds the .CSV file containing the following information. All hardware hashes for devices that need to be registered.
Step 2: Go to the Microsoft Intune admin center IT admins log into the Microsoft Intune admin center.
  1. In the left pane, select Devices.
  2. Navigate to Microsoft Managed Desktop section, then select Devices.
  3. In the Devices blade, select Register Devices to upload the .CSV file containing hardware hashes for devices to be registered.
  4. IT admins select the Microsoft Managed Desktop’s device configuration profiles:
    1. Standard
    2. Sensitive
    3. Power user
    4. Kiosk
  5. Optional. You can use the toggle to switch to Shared device mode. Then, select Register devices when you want to register a Shared device with Microsoft Managed Desktop. The Power User device configuration profile isn't supported.
    1. Two things happen when you turn on Shared device mode:
      1. Microsoft Managed Desktop adds these devices into a Microsoft Entra group that has the Windows Autopilot deployment profile with Shared assigned. Microsoft Managed Desktop applies the Windows Autopilot self-deploying mode settings when these devices go through the Windows Out-of-the-Box-Experience.
      2. Microsoft Managed Desktop adds these devices into the Microsoft Entra group that receives the Shared device mode configuration profile with the Shared device mode settings in Microsoft Intune once users go through the Windows Out-of-the-Box-Experience.
Step 3: Microsoft Managed Desktop API does the following:
  1. Reads all hardware hashes from the .CSV file.
  2. Creates an Intune group tag based on the IT admin’s Microsoft Managed Desktop’s device configuration profile’s selection.
  3. Sends a device registration request to the Microsoft Managed Desktop function app responsible for performing all the steps to register devices in the service.
  4. Flags devices with Registration pending status in the Devices blade.
Step 4: Function app makes Graph API call Microsoft Managed Desktop’s function app is responsible for the device registration process. The app makes an Intune Graph API call to register devices with the Windows Autopilot service.
Step 5: Windows Autopilot creates device records The Windows Autopilot service creates device records in its database based on the .CSV list imported by IT admin in Microsoft Managed Desktop’s Devices blade.
Step 6: Intune service makes Azure AD Graph API call The Intune service makes an Azure AD Graph API call to create Microsoft Entra device records for devices being registered in Microsoft Managed Desktop.
Step 7: Microsoft Entra service creates Microsoft Entra device records The Microsoft Entra service creates the necessary Microsoft Entra device records.
Step 8: Microsoft Entra service links device record The Microsoft Entra service links its device record to the Windows Autopilot device records using its OrderID with the Intune group tag mapping.
Step 9: Microsoft Entra service returns device ID records The Microsoft Entra service returns its respective device ID records to Intune.
Step 10: Microsoft Entra service assigns devices to Windows Autopilot deployment profile The Microsoft Entra service also assigns devices to Windows Autopilot deployment profile based on the initial selection made by the IT admin when uploading devices into the Microsoft Managed Desktop’s Devices blade.
Step 11: Intune service saves Microsoft Entra device ID records The Intune service saves the Microsoft Entra device ID records associated with its Windows Autopilot device records in its database.
Step 12: Intune service sends device records The Intune service sends out both Windows Autopilot and Microsoft Entra device records back to the Microsoft Managed Desktop service.
Step 13: Run device deployment group assignment algorithm Microsoft Managed Desktop runs its device deployment group calculation algorithm to determine which deployment group to assign to devices to. For more information, see Device deployment groups.
Step 14: Assign devices to deployment groups and other Microsoft Entra groups to devices Assigns Microsoft Managed Desktop groups to devices and assigns other groups Microsoft Entra groups to devices.
  1. Microsoft Managed Desktop deployment groups are made of three Microsoft Entra groups which devices get assigned to during the device registration process:
    1. Modern Workplace Devices-First
    2. Modern Workplace Devices-Fast
    3. Modern Workplace Devices-Broad
  2. Other Microsoft Entra groups that are assigned to devices in this step are:
    1. Modern Workplace Devices-All
    2. Modern Workplace Devices - Shared Device Mode (this is in case the device was registered by Partner, OEM or, IT admin with -Shared appended one of the Intune group tags used by Microsoft Managed Desktop).
Step 15: Assign device configuration profiles to devices Microsoft Managed desktop assigns device configuration profiles to devices. For more information, see Device profiles for more details. The device configuration profiles are:
  1. Standard
  2. Sensitive data
  3. Power User
  4. Kiosk
Step 16: Validate devices Microsoft Managed Desktop validates whether devices are part of the assigned devices in one of the Windows Autopilot Deployment profiles.
  1. Microsoft Managed Desktop checks for assigned devices in all three Microsoft Managed Desktop Windows Autopilot profiles every hour.
  2. The four Windows Autopilot Deployment profiles supported in Microsoft Managed Desktop are:
    1. Modern Workplace Autopilot Profile
    2. Modern Workplace Autopilot Profile Power User
    3. Modern Workplace Autopilot Profile Shared
    4. Modern Workplace Autopilot Profile Kiosk
  3. If there are newly added devices, these devices are added into the Microsoft Managed Desktop shipped device record database.
Step 17: Flag device as Ready for User If a device is part of one of the Windows Autopilot Deployment profiles created by Microsoft Managed Desktop in your tenant, flags the device as Ready for User in the Devices blade for the IT admin. Partners and OEM don’t have access to the Microsoft Managed Devices blade.
Step 18: Ship the device to the end-user IT admin ships the device to the end-user.
Step 19: End-user receives device The end-user receives the device and turns the device on and runs through the Windows Out-Of-Box-Experience.
Step 20: End-user logs in Once the device runs through the Out-Of-Box-Experience steps, the end-user logs in with their corporate credentials.
Step 21: Create Microsoft Intune device record The Microsoft Intune device record is created.
Step 22: Deliver apps, configuration profiles and other settings Microsoft Intune starts delivering apps, device configuration profiles and other settings Microsoft Managed Desktop applies to your devices.

The number of apps assigned is listed in the Windows Autopilot Enrollment Status Page. End-users can start using their devices because Intune installs apps and applies settings in the background. This is the end of the workflow for the end-user.

Step 23: Flag devices Microsoft Managed Desktop flags devices with the Active status in the Devices blade.
Step 24: Confirm Active devices IT admin confirms that the devices now show up as Active in Microsoft Managed Desktop’s Device blade.
Step 25: End of registration workflow This is the end of the manual device registration process.