MDM - How to enroll Windows Devices with Zero Touch Deployment with Entra ID?

Learn how Fleet streamlines Windows device enrollment with Entra OOBE, manual setup, and automated management—ensuring secure, compliant devices with minimal IT effort.

Guy Houot

VP Product

Summary

What is a MDM?
What options are there to roll out the MDM for Windows?
How can I manually enroll Windows Laptops with Entra Out of the Box Experience?
What is Entra ID?
What can companies do with an MDM?
How Fleet supports companies?

You too, can equip your employees simply with Fleet

Focus on your growth by choosing our all-in-one solution.

Start now Book a demo

What is a MDM?

Mobile Device Management (MDM) is software that helps companies securely manage and control their devices such as laptops and phones. It enables IT teams to remotely deploy apps, enforce security policies, monitor device health, and protect company data — all without needing physical access to each device.

What options are there to roll out the MDM for Windows?

There are generally two ways to enroll Windows devices into an MDM system:

Entra Out of the Box Experience (OOBE): This method is recommended by Windows and it probably the simplest as users enroll their devices during the Windows setup process by signing in with corporate credentials and connecting to the company’s cloud domain.
Zero Touch Deployment (Windows Autopilot): Devices purchased from participating OEMs (Original Equipment Manufacturers) are pre-registered and automatically configured when powered on. This setup includes company branding, security policies, and apps. Here is a guide how to do it with Microsoft Autopilot.
Manually Enroll Devices: For devices that can’t use Autopilot or OOBE—like older or third-party devices—users or IT staff install the MDM agent manually by downloading the installer and signing in with corporate credentials. Fleet provides easy step-by-step instructions to help with this process. Here you can also find the guide to manually install the MDM.

How can I manually enroll Windows Laptops with Entra Out of the Box Experience?

Prerequisites:

A Microsoft Entra ID (formerly Azure AD) P1 or P2 license
The device must be compatible with Windows OOBE and Fleet MDM.
Fleet MDM must be pre-configured and integrated with your Entra ID tenant.
Users must have valid corporate credentials and internet access during setup.
Initial setup assistance and configuration should be done with a Fleet expert to ensure proper integration.

Enrollment using Entra OOBE is straightforward and guided:

Power on the device: The laptop boots into the Windows Out of Box Experience (OOBE) setup.
Connect to the internet: The user connects to Wi-Fi or Ethernet.
Sign in with corporate credentials: The user enters their Entra ID (formerly Azure AD) username and password.
Multi-factor authentication (if enabled): The user completes any required MFA steps.
Automatic Fleet MDM installation: Once authenticated, the device begins installing the Fleet MDM agent automatically in the background without additional user action.
Policy and app deployment: Fleet MDM applies security policies, installs required applications, configures device settings (like BitLocker encryption and firewall rules), and enrolls the device under centralized management.
Setup completes: The device is fully managed, secure, and ready for use.

This manual method ensures devices can be securely enrolled even when Zero Touch Autopilot isn’t an option, providing consistent security and compliance.

What is Entra ID?

Entra ID, formerly known as Azure Active Directory (Azure AD), is Microsoft’s cloud-based identity and access management service. It enables users to sign in and access resources securely across devices and applications. When devices join Entra ID, they become part of your organization’s trusted environment and can be managed remotely with MDM solutions.

What can companies do with an MDM?

With MDM, companies can:

Deploy apps and updates remotely without user intervention.
Enforce security policies like password requirements and encryption.
Lock, or wipe lost or stolen devices to protect data.
Monitor device compliance and health from a central dashboard.
Streamline onboarding and offboarding of employees’ devices.

MDM reduces IT workload and helps maintain security across a growing device fleet.

How Fleet supports companies?

Fleet provides a fully automated Windows device deployment solution integrated with Microsoft Entra ID, making device management smooth and secure:

Expert onboarding: A Fleet specialist helps you set up everything—from assessing your needs and configuring integrations to testing deployments and training your team—at no extra cost.
MDM-Entra ID integration: Fleet sets up the connection between Microsoft Entra ID and Fleet MDM, including Single Sign-On (SAML) and security policy configuration.
Automated device registration and enrollment: When an employee powers on a new Windows PC, they connect to the internet and sign in with their Entra ID. Fleet MDM installs automatically, applies security settings, deploys apps, and enforces compliance—no IT needed.
Security and compliance: Fleet immediately applies key security measures like BitLocker encryption, firewall configuration, security updates, and certificate deployment.
Centralized management: Manage all devices in one place with the Fleet Cockpit dashboard, giving IT full control and visibility over device health and compliance.

With Fleet, companies can securely deploy and manage Windows laptops anywhere, automating enrollment and ongoing protection while easing IT workload.

Check out Fleet´s MDM here.

In order to optimise your experience, we use cookies 🍪, which you accept by continuing to browse.

Find out more