# Endpoint Enrollment and Management ## Table of contents - [Endpoint Enrollment](https://www.manageengine.com/products/desktop-central/help/private-access/endpoint-enrollment.html#enroll) - [End User Access](https://www.manageengine.com/products/desktop-central/help/private-access/endpoint-enrollment.html#access) Endpoint enrollment and management helps you keep track of all devices that are enrolled and ready to use Private Access. This section gives you a centralized view of device details, ensuring only trusted applications can access internal applications. Navigate to **Endpoints**, you will see a complete list of devices associated with your environment. [![List of devices](https://www.manageengine.com/products/desktop-central/help/images/endpoint-enrollment.png)](https://www.manageengine.com/products/desktop-central/help/images/endpoint-enrollment.png) All devices that have the Endpoint Central agent installed will automatically appear in this list and will have Private Access enabled. ## Endpoint Enrollment - [Windows devices](https://www.manageengine.com/products/desktop-central/help/private-access/endpoint-enrollment.html#windows) - [Android devices](https://www.manageengine.com/products/desktop-central/help/private-access/endpoint-enrollment.html#android) - [iOS devices](https://www.manageengine.com/products/desktop-central/help/private-access/endpoint-enrollment.html#ios) ### Windows devices You can enroll new endpoints using **Agent** → **Computers** → **Add Computers** option, which remotely installs the agent on the discovered devices. For detailed steps on installing the agent, refer to the [Windows agent installation guide](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/installing-windows-agents.html). [![Endpoint enrollment](https://www.manageengine.com/products/desktop-central/help/images/endpoint-enrollment2.png)](https://www.manageengine.com/products/desktop-central/help/images/endpoint-enrollment2.png) ### Android devices - Navigate to **Endpoints** → **Add Endpoint** → **Android**. Copy the **Registration Token** displayed. [![Android token](https://cdn.manageengine.com/sites/meweb/images/desktop-central/help/private-access/android-token.png)](https://www.manageengine.com/sites/meweb/images/desktop-central/help/private-access/android-token.png) - Add ME MDM App in **MDM App Repository**. - Enable Private Access and paste the **Authentication Token**. [![Android enrollment](https://www.manageengine.com/products/desktop-central/help/images/android-enrollment.png)](https://www.manageengine.com/products/desktop-central/help/images/android-enrollment.png) - Distribute the app to the required devices via MDM. The devices will complete registration automatically after installation. ### iOS devices - Create a **Built-in PKI Server** in your MDM. [![Create Built-in PKI Server](https://www.manageengine.com/products/desktop-central/help/images/built-in-pki.png)](https://www.manageengine.com/products/desktop-central/help/images/built-in-pki.png) - Download and upload the **CA certificate** used for device authentication. [![Download CA Certificate](https://www.manageengine.com/products/desktop-central/help/images/ca-dwld.png)](https://www.manageengine.com/products/desktop-central/help/images/ca-dwld.png) - Download the **relay configuration file**. - Create a new Apple configuration profile by navigating to **MDM** → **Create Profile** → **iOS/iPadOS**. - Enter a Profile Name, then go to **Custom Configuration** and upload the downloaded relay configuration file. [![Custom Configuration](https://www.manageengine.com/products/desktop-central/help/images/custom-configuration.png)](https://www.manageengine.com/products/desktop-central/help/images/custom-configuration.png) - Navigate to **SCEP** and choose the required template. [![SCEP Template](https://www.manageengine.com/products/desktop-central/help/images/scep-template.png)](https://www.manageengine.com/products/desktop-central/help/images/scep-template.png) - Deploy the profile to your targeted Apple devices. For more details on configuring built-in PKI, refer [Managing Certificates with Internal PKI](https://www.manageengine.com/mobile-device-management/help/certificate_management/mdm-internalpki.html). Device enrollment ensures that only verified endpoints with a valid agent are allowed to connect. This allows you to enforce security policies and enable Private Access securely across your environment. ## End User Access Once a device is enrolled, end users can manually launch Private Access from their respective app on each platform. Users are required to authenticate with their username and password before access is granted. **Note:** All **TCP-based protocols**, including **HTTP, HTTPS, SSH, RDP, WebSockets, and SMTP**, are supported and can be accessed securely from any browser, third-party desktop application, or terminal. ### Windows devices [![Windows User Access](https://cdn.manageengine.com/sites/meweb/images/desktop-central/help/private-access/windows-user-access.gif)](https://www.manageengine.com/sites/meweb/images/desktop-central/help/private-access/windows-user-access.gif) - Open **ME Private Access App** on the endpoint. - Enter your username and password when prompted. - Once authenticated, Private Access is active and internal applications are accessible. ### Android devices [![Android User Access](https://cdn.manageengine.com/sites/meweb/images/desktop-central/help/private-access/android-user-access.gif)](https://www.manageengine.com/sites/meweb/images/desktop-central/help/private-access/android-user-access.gif) - Open the **ME MDM App** on the device. - Navigate to the Private Access section. - Enter your username and password when prompted. - Once authenticated, Private Access is active and internal applications are accessible. ### iOS devices [![iOS User Access](https://cdn.manageengine.com/sites/meweb/images/desktop-central/help/private-access/ios-user-access.gif)](https://www.manageengine.com/sites/meweb/images/desktop-central/help/private-access/ios-user-access.gif) - Open the **ME MDM App** on the device. - Navigate to the Private Access section. - Enter your username and password when prompted. - Once authenticated, Private Access is active and internal applications are accessible.