These are the steps and screenshots that will show the method to install AirWatch which will register a device with MDM, install/initialize BitLocker, and get the recovery key stored in MDM.
Before beginning this process, verify that Windows is activated (System Properties). If it is not, then attempt to activate it. If activation has difficulties, run the following command from an elevated command prompt:
If device is a reimage or not a brand new computer you will need to have the device deleted from the AirWatch Console (only the AirWatch Admins, DTS – Enterprise Product Support – can remove device from console).
Note: These instructions are ONLY for Users who have Administrator rights (ability to install programs) on their computer. If you do not have Administrator rights to install programs, or have any questions about the enrollment process or experience issues registering, please contact your DTS Help Desk. Technicians: log into the machine as DTS Admin using LAPS UI password for machine.
Important: This entire process needs to be completed with Ethernet disconnected, and the computer using wireless over CapNet (NOT uwdn). Do not connect to Ethernet or uwdn until after you confirm AirWatch (MDM) enrollment in the last step. This is important as the first installation of the AirWatch software over CapNet will capture the MAC address of the network card and authorize it to work on UWDN later.
- Unplug your Ethernet cable & connect to the Internet via WiFi, – use “CapNet” connection only.
- Then on Windows 10, please follow this link and download the MDM Client version 126.96.36.199 – do not use any other version: https://drive.google.com/a/utah.gov/file/d/0B6iN4OLeSTyZcTVwTFhvbW1DaVU/view?usp=sharing
- Click Download on this screen:
- Once the Agent has downloaded, run the AirWatchAgent.msi.
- If you see the following message about installing Microsoft Visual C++ 2013 select “OK”.
Note: you will also need to reply “Yes” to the User Account Control dialog that follows this screen to allow “VC_redist.x86.exe” (the file to install Visual C++) to complete.
- Select Next at this prompt:
- Select “I accept the terms in the license agreement”, then select Next:
- Select Install at this prompt:
Note: you will also need to reply “Yes” to the User Account Control dialog that follows this screen to allow “AirWatchAgent” to complete.
- Select Finish at this prompt:
Note: you will also need to reply “Yes” to the User Account Control dialog that follows this screen to allow “NativeEnrollment” to complete.
- An AirWatch Enrollment screen will open, choose Server Detail:
- Enter Group ID screen opens – put mdm.utah.gov for the server and sou for Group ID then click Next.
- Enter your credentials screen opens. For the credentials, use dtsadmin and the appropriate password (the LAPS UI password recommended) then click Next:
- Enter the User Name for the End User (EU) you are registering the device for, then click Next (note: if you don’t know who End User will be, you can enter your network username):
- Enter the EU’s full state email in the Email Username field, then click Next:
- Select the Device Ownership “Corporate – Dedicated”, then select Next:
- Enrollment Complete screen opens, select Finish:
- MDM Enrollment is now complete. You can close all windows that were opened in relation to MDM enrollment.
- Now that AirWatch is installed, you should be prompted to begin BitLocker encryption (note the “WARNING” to remove all external drives during encryption):
- A command prompt will open (do nothing). This is MDM calling the install/start of BitLocker:
- The command prompt will close, then you will see TPM (Trusted Platform Module) notifications (Note: if “TPM Activation” and “TPM Initialization” display X’s instead of checkmarks, you will be prompted to Restart, accept enabling TPM, log back into Windows, and start again on this Step 17):
- Keep the computer disconnected from Ethernet and reboot machine. Connect over wireless to “CapNet”. You can confirm enrollment by logging into the Self Service Portal (see “Managing Your Device” below). You may need to wait 15 minutes for device enrollment to complete, though it usually occurs sooner.
Troubleshooting Steps if the above instructions do not work, or you cannot get the BitLocker Window to popup.
- First is to remove AirWatch. This must be done from the computer and from the console. Only the AirWatch admins can remove devices from the console.
- Next reboot the machine.
- Log in as a local admin like DTSAdmin. (Very important)
- Manually start BitLocker. You do have to save the recovery key, or it won’t let you move on. But AirWatch will capture it after enrollment so don’t worry about saving it.
- After encryption is completed (15 to 30 minutes depending on disk size). Reboot Machine.
- Log in as local admin again. (Very important)
- Connect to CAPNET. You must un-dock and remove all LAN cables. Otherwise AirWatch will not pick up the wireless MAC first.
- You will need to run the correct AirWatch agent. You may want to download the agent again from link at beginning of instructions to make sure your agent on a flash drive you may be using is not corrupted.
- After the AirWatch enrollment you must be patient. Give the device 15 minutes to just sit. Do not start installing or changing anything on the machine.
- After 15 minutes if no BitLocker Popup. Reboot and login as local admin again. Wait another 15 minutes.
Managing your Device
Please log into the Device Self Service Portal to manage your own device. When you contact DTS for device support, DTS will assist you in accessing the Device Self Service Portal to manage your device. The Self Service Portal can be found at https://mdm.utah.gov/mydevice.
To gain access to the Self Service Portal, enter the Group ID (SOU) & your username and password (Utah ID). Now select Login
If you have trouble with the registration process, or issues with MDM on your device, please contact Help Desk Support.