🧑‍💻 Windows Device Setup: MG Mobile Device Management (MDM)

These instructions will guide you through preparing and enrolling your Windows 10 or 11 Pro/Education device into the Mobile Guardian system for management.

1. 🛡️ Prepare Your Device (Certificate Trust)

Why this step? Before your device can securely communicate with our management system, it needs to recognise our system's digital identity.

Action: You need to add our trusted root certificates to your Windows device.

1. Download the Certificates:
   • Go to this Google Drive folder: https://drive.google.com/drive/u/0/folders/11Teet8WN7GOPUisjRKxjRXrakWs8UVLp
   • Download the necessary certificate files.
2. Install the Certificates:
   • You must import these certificates into the Local Computer store, specifically under Trusted Root Certification Authorities.

2. ⚙️ Enrollment Steps (Windows 10/11)

Follow these steps to enrol your device using a specific email address.

Pre-Requisite:

• Install Chrome: Please ensure you have the Google Chrome browser installed on your device. (This is a temporary step; we are working on automating this.)

Enrollment Process:

1. Open Settings: Go to Settings on your Windows device.
2. Find Accounts: Navigate to Accounts > Access work or school.
3. Start Connection: Click the Connect button next to "Add a work or school account."
4. Enter Email: Type the provided email address and click Next.
5. Enter MDM Server: When prompted, enter the following specific test URL into the MDM Server URL field:
   https://mdm-windows-enroll-dev.mobileguardian.com
   • Note: This specific URL is for testing purposes only. For actual customers, this step is automated via a DNS entry.
6. Authenticate:
   • Username: Enter the email address you used in step 4.
   • Password: Enter the school registration code (This is a temporary, anonymous authentication method).
7. Complete: If the details are correct, your device will now be enrolled.

4. ✨ Post-Enrollment & Policy Sync

Once enrolled, the device will communicate with the Mobile Guardian server:

• Initial Sync: Your device will sync with the MDM server approximately every 3 minutes. The very first sync will download the core policies required for management.
• Second Sync (Configuration Applied): The second sync will apply the specific settings configured for the "edMesh School."

What to expect after the second sync:

• Browser Control: Microsoft Edge will be blocked, and Google Chrome will be enforced.
• Extension Installation: The essential Mobile Guardian Chrome extension will be installed automatically.
• Forced Sign-In: Chrome will be configured to require a sign-in using the specified domain (grumbledook.info in our test case).

Final Step (Crucial!):

1. Open Chrome: After the second sync, open Google Chrome.
2. Sign In: You should see a Chrome profile screen. You must sign in here.
3. Why? This sign-in links the Chrome extension to your enrolled device record, which is necessary for the next step.
4. Ready: You should now be able to successfully run classes, as the Chrome extension handles this functionality.