title | author | ms.author | ms.date | ms.topic | description | keywords |
---|---|---|---|---|---|---|
Managing Windows IoT Core Devices |
parameshbabu |
pabab |
08/28/2017 |
article |
Learn about the different ways to manage Windows 10 IoT Core devices. |
windows iot, device management, windows iot, Azure DM, Azure Hub, Azure IoT |
Windows 10 IoT Core devices can be managed using a traditional OMA DM MDM server that supports certificate based enrollment or using Azure IoT Hub's Device Management.
Learn more about MDM and Windows 10 here.
For devices that are managed using a OMA DM server the MDM policies for Windows 10 IoT Core align with the policies supported in other editions of Windows 10. To learn more about policies as well as what can be managed on IoT Core devices, see Configuration service provider reference for Windows 10 here. The MDM support in Windows 10 is based on Open Mobile Alliance (OMA) Device Management (DM) protocol 1.2.1 specification.
MDM enrollment of an IoT Core device is accomplished using a Provisioning package. Provisioning packages can be created using Windows Image Configuration and Designer (WICD). Let's try enrolling a device into a MDM.
-
Open the Configuration Manager Management Console (ConfigMgr Console)
-
Navigate to Assets and Compliance > Compliance Settings > Company Resource Access > Certificate Profiles
-
Click Create Certificate Profile
-
Provide a name and description for the profile
-
Click Next.
-
Import the certificate file.
-
Select Computer certificate store - Root for the Destination Store.
-
Click Next.
-
Click Summary, Next, and Close to exit the wizard.
-
Right-click on the profile just created and click Export.
-
Click Browse, find a location where the .ppkg file should be exported, and then click Save.
-
Click Export and click OK to exit the wizard.
-
Download and install the Windows Assessment and Deployment Kit (Windows ADK).
-
Choose Advanced Provisioning
-
Set a name for your package.
-
Choose settings common to Windows 10 IoT Core.
-
Navigate to Workplace -> Enrollments.
-
In the UPN field enter the account you wish to enroll your device under (i.e. [email protected]) and click Add.
-
For AuthPolicy choose between Username Password based authentication (OnPremises) or Certificate based authentication.
-
Enter the Discovery Service URL for your MDM server.
Note
Enrollment Service URL and Policy Service URL are optional.
-
For the Secret enter
- OnPremises: The password for the account you're enrolling with
- Certificate: The thumbprint of the certificate
-
At the top of WICD window click Export > Provisioning package.
-
Provide a name and version for your package and click Next.
Note
Be sure to increment the version number to ensure an updated package is executed.
-
Click Next on the security details page.
-
Choose the location where the package is to be exported on the local machine and click Next.
-
Click Build and then Finish to exit the wizard.
There are a few ways in which a Provisioning package can be deployed to an IoT device. It is possible to deploy a package by copying the package to the device or adding the package to the image during the imaging process.
Take the Provisioning package that was exported from SCCM or WICD and copy the .ppkg file to C:\Windows\Provisioning\Packages
directory on the IoT device. Upon reboot of the device the package will be executed and the device will start the enrollment process.
See Add a provisioning package to an image. Upon first boot the device will execute the package and start the enrollment process.