Windows 10 IoT Core devices can be managed using a traditional OMA DM MDM server that supports certificate based enrollment or using Azure IoT Hub’s Device Management.
Learn more about MDM and Windows 10 here.
Learn more about Azure IoT Hub Device Management here.
For devices that are managed using a OMA DM server the MDM policies for Windows 10 IoT Core align with the policies supported in other editions of Windows 10. To learn more about policies, see Configuration service provider reference for Windows 10 at aka.ms/CSPList. The MDM support in Windows 10 is based on Open Mobile Alliance (OMA) Device Management (DM) protocol 1.2.1 specification.
MDM enrollment of an IoT Core device is accomplished using a Provisioning package. Provisioning packages can be created using Windows Image Configuration and Designer (WICD). Let’s try enrolling a device into a MDM.
Open the Configuration Manager Management Console (ConfigMgr Console)
Navigate to Assets and Compliance > Compliance Settings > Company Resource Access > Certificate Profiles
Click Create Certificate Profile
Import the certificate file
Select Computer certificate store - Root for the Destination Store
Choose Select all for Supported Platforms
Click Summary, Next, and Close to exit the wizard
Right-click on the profile just created and click Export
Click Browse, find a location where the .ppkg file should be exported, and then click Save
Download and install the Windows Assessment and Deployment Kit (Windows ADK) - Get it here
Open Windows Imaging and Configuration Designer (WICD)
Choose Advanced Provisioning
Set a name for your package
Choose settings common to Windows 10 IoT Core
Skip the Import Package step
Navigate to Workplace -> Enrollments
In the UPN field enter the account you wish to enroll your device under (i.e. email@example.com) and click Add
For AuthPolicy choose between Username Password based authentication (OnPremises) or Certificate based authentication
Enter the Discovery Service URL for your MDM server (Note: Enrollment Service URL and Policy Service URL are optional)
At the top of WICD window click Export > Provisioning package
Provide a name and version for your package and click Next. (Note: Be sure to increment the version number to ensure an updated package is executed)
Click Next on the security details page
Choose the location where the package is to be exported on the local machine and click Next
There are a few ways in which a Provisioning package can be deployed to an IoT device. It is possible to deploy a package by copying the package to the device or adding the package to the image during the imaging process.
Take the Provisioning package that was exported from SCCM or WICD and copy the .ppkg file to C:\Windows\Provisioning\Packages directory on the IoT device. Upon reboot of the device the package will be executed and the device will start the enrollment process.
See Add a provisioning package to an image. Upon first boot the device will execute the package and start the enrollment process.
There are over a hundred of items that can be managed on a Windows 10 IoT Core device. For a full list of items please visit the Windows 10 Configuration Service Provider reference located at aka.ms/CSPList