Setting up Windows Enrollment in the IBM MaaS360 Portal and Microsoft Entra

Configure Windows Enrollment by integrating IBM® MaaS360® Portal with Microsoft Entra so that Windows devices automatically enroll into IBM MaaS360 during initial device setup.

Before you begin

The Microsoft Entra Active Directory tenant uses an Microsoft Entra Active Directory Premium P2 license. See the Microsoft site to obtain this license.

About this task

Configure Windows enrollment across the IBM MaaS360 Portal and Microsoft Entra.

Procedure

  1. Log in to your Microsoft Entra account at https://entra.microsoft.com/ with your Microsoft Entra Active Directory credentials.
  2. From Microsoft Entra Active Directory > Properties, go to Directory ID, which is the identifier for Microsoft Entra Active Directory. For more information, see the topic Find your Office 365 tenant ID on the Microsoft site at https://support.office.com/en-us/article/Find-your-Office-365-tenant-ID-6891b561-a52d-4ade-9f39-b492285e2c9b.
  3. Log in to the IBM MaaS360 Portal, go to Devices > Enrollments > Other Enrollment Options.
  4. Select Windows and click Windows OOBE & Autopilot.
  5. Type Entra Tenant IDs, and then click Save.
    Make sure that you copy the URL links to the MDM Discovery site and the MDM Terms of Use site. Enter the URLS in the Microsoft Entra Portal.
  6. In the Microsoft Entra Portal, go to the Active Directory that you want to manage.
  7. Click the Mobility (MDM and WIP) tab and click Add application.
  8. Select IBM MaaS360 and click Add.
  9. Enter the MDM Terms of Use URL and the MDM Discovery URL that you wrote down from step 1.
    Use the following URLs as examples.
    • MDM Terms of Use URL: https://<mX>.m.dm/<BillingID>/eula
    • MDM Discovery URL: https://<mX>.m.dm/<BillingID>/enrol
  10. Select All groups for Windows OOBE enrollments in the MDM user scope and Save the configuration.
  11. Return to the Mobility (MDM and WIP) tab, locate and select Microsoft Intune.
  12. In the MDM user scope, review the users who are expected to enroll devices by using Microsoft Intune. Ensure that these users are not included in the MaaS360 MDM user scope to prevent overlapping enrollment configurations. If All Users are expected to enroll by using MaaS360, set the MDM user scope to None.
  13. Save the configuration.
    Note: You cannot remove the Microsoft Intune application from this Mobility (MDM and WIP) page.

Results

The Windows OOBE is now set up in both the IBM MaaS360 Portal and the Microsoft Entra Portal.