# Endpoint Enrollment and Management

Endpoint enrollment and management helps you keep track of all devices that are enrolled and ready to use Private Access. This section gives you a centralized view of device details, ensuring only trusted applications can access internal applications.

Navigate to **Endpoints**, you will see a complete list of devices associated with your environment.

![List of devices](https://www.manageengine.com/products/desktop-central/help/images/endpoint-enrollment.png)

All devices that have the Endpoint Central agent installed will automatically appear in this list and will have Private Access enabled.

## Endpoint Enrollment

- [Windows devices](#windows-devices)
- [Android devices](#android-devices)
- [iOS devices](#ios-devices)

### Windows devices

You can enroll new endpoints using **Agent** → **Computers** → **Add Computers** option, which remotely installs the agent on the discovered devices.

For detailed steps on installing the agent, refer to the [Windows agent installation guide](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/installing-windows-agents.html).

![Endpoint enrollment](https://www.manageengine.com/products/desktop-central/help/images/endpoint-enrollment2.png)

### Android devices

- Add ME MDM App in **MDM App Repository**.
- Enable Private Access and paste the **Authentication Token**.

![Android enrollment](https://www.manageengine.com/products/desktop-central/help/images/android-enrollment.png)

- Distribute the app to the required devices via MDM. The devices will complete registration automatically after installation.

### iOS devices

- Create a **Built-in PKI Server** in your MDM.

![Create Built-in PKI Server](https://www.manageengine.com/products/desktop-central/help/images/built-in-pki.png)

- Download and upload the **CA certificate** used for device authentication.

![Download CA Certificate](https://www.manageengine.com/products/desktop-central/help/images/ca-dwld.png)

- Download the **relay configuration file**.
- Create a new Apple configuration profile by navigating to **MDM** → **Create Profile** → **iOS/iPadOS**.
- Enter a Profile Name, then go to **Custom Configuration** and upload the downloaded relay configuration file.

![Custom Configuration](https://www.manageengine.com/products/desktop-central/help/images/custom-configuration.png)

- Navigate to **SCEP** and choose the required template.

![SCEP Template](https://www.manageengine.com/products/desktop-central/help/images/scep-template.png)

- Deploy the profile to your targeted Apple devices.

For more details on configuring built-in PKI, refer [Managing Certificates with Internal PKI](https://www.manageengine.com/mobile-device-management/help/certificate_management/mdm-internalpki.html).

Device enrollment ensures that only verified endpoints with a valid agent are allowed to connect. This allows you to enforce security policies and enable Private Access securely across your environment.