# Windows Azure Enrollment > To customize the login screen and/or to ease the process of device activation/initial device setup, you need to configure Windows AutoPilot. For the steps to configure Windows Autopilot, follow the steps given [here](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_autopilot.html). Windows Azure Enrollment is an enrollment method provided by Microsoft for streamlined and efficient provisioning of MDM management on devices, in bulk. ## Advantages of Windows Azure Enrollment - One-time setup - Aids large scale enterprise device roll out - Mandatory MDM management ## Pre-requisites - A third-party certificate - An Azure administrator account ## Steps for Configuring Windows Azure Enrollment - [Provisioning third-party certificates](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_azure_enrollment.html#step_1) - [Purchase adequate Azure user licenses](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_azure_enrollment.html#step_2) - [Configure App Template](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_azure_enrollment.html#step_3) ## Step #1: Provisioning Third-Party Certificates **If you have already added a third-party certificate to MDM, go to [Step #2](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_azure_enrollment.html#step_2).** You require a trusted third-party certificate to be added to MDM to configure Windows Azure Enrollment. ## Step #2: Purchase Adequate Azure User Licenses **If you already purchased licenses you can assign it to user/groups as explained [here](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_azure_enrollment.html#user_assign). If you have also assigned users, you can go to [Step #3](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_azure_enrollment.html#step_3).** You need to purchase adequate licenses based on the number of users permitted to enroll devices using Azure. To purchase licenses, follow the steps given below: 1. Login to the [Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products) with your Azure account credentials or navigate to **Azure Active Directory -> Licenses -> All Products -> Try/Buy**. ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_1.png) ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_2.png) 2. Select **Azure AD Premium P2** and click on **Free Trial**. Click on **Activate**, after which you are taken to the pricing page, where you can proceed with purchasing the licenses. ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_3.png) ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_4.png) 3. Once purchased, go back to **All Products**, select **Azure Active Directory Premium P2** and click on **Assign**. ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_5.png) 4. Click on **Users and Groups**, select the requisite groups/devices and click on **Select**. ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_6.png) 5. Select **Assign** to complete assigning the licenses. ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_7.png) ## Step #3: Configure App Template 1. Go to the [Azure Portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and login if required, or navigate to **Azure Active Directory -> Mobility (MDM and MAM) -> Add Application**. Select **On-Premises MDM (in case of MDM On-Premises)** or **ManageEngine MDM (in case of MDM Cloud)** and then click on **Add**. ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_8.png) In case of MDM On-Premises: ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_9.png) In case of MDM Cloud: ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_10.png) 2. Click on **Mobility (MDM and MAM)** and click on the application added in the previous step. In case of MDM On-Premises: ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_11.png) In case of MDM Cloud: ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_12.png) 3. Refer to the table given below and specify the parameters applicable for MDM On-Premises or MDM Cloud respectively as shown. In case of MDM On-Premises: ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_13.png) ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_15.png) ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_16.png) In case of MDM Cloud: ![ ](https://www.manageengine.com/mobile-device-management/help/images/azure_14.png) | PARAMETER | DESCRIPTION | |---|---| | MDM user scope | The AD groups to which you want to permit enrollment via Azure. You can choose provision to all your AD groups or specific AD groups. | | MDM terms of use URL | On the MDM Server, navigate to **Enrollment -> Windows Azure Enrollment** and use the URL provided for MDM terms of use URL. | | MDM discovery URL | On the MDM Server, navigate to **Enrollment -> Windows Azure Enrollment** and use the URL provided for MDM discovery URL. | | App ID URI | On the MDM Server, navigate to **Enrollment -> Windows Azure Enrollment** and use the URI provided for App ID URI. | 4. Once done, go to **Settings** on the machine which is to be enrolled and then click on **Access Work or School**. Click on **Connect** and provide your Azure account to complete enrollment. ## Assign Users Devices can either be enrolled by the users themselves or enrolled by the Admin and then assigned to the corresponding user. You need to assign users to these devices to complete enrollment. Follow the steps given below: 1. On the MDM server, click on **Enrollment** from the top menu and select **Windows Azure Enrollment** from the left pane. 2. All devices enrolled via Azure enrollment but yet to be assigned users are listed here. 3. You can assign users on a device-to-device basis by clicking on the **Assign User** option present under **Action**. If users themselves have enrolled the device, select **Same User** for the option **Assign to**. You can also assign users in bulk by clicking on the **Assign Users** button present above the table and uploading a CSV file based on the specifications given [below](https://www.manageengine.com/products/desktop-central/mdm/mdm_windows_azure_enrollment.html#sample_csv). Additionally, you can add devices to multiple groups to automate the distribution of apps, profiles, and documents to devices. ## Sample CSV Format > USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,PLATFORM_TYPE,OWNED_BY,GROUP_NAME,UDID > ANDREW,,andrew@mobiledevicemanagerplus.com,Windows,Personal,Azure_Group,00f0ba8f7a6c41cca9cc5fd6b7ee666b 1. The fields Serial Number, User Name, Email Address, and Group Name are mandatory. All other fields are optional. Ensure the specified group name is already created in the MDM server. If values are not provided, default values are taken. 2. The default values for various non-mandatory fields are: Domain Name -- MDM Owned By -- Corporate 3. If multiple groups are specified, the group names must be separated with a slash (/). 4. The first line of the CSV is the column header and the columns can be in any order. 5. Blank column values should be comma separated. 6. If the column value contains a comma, it should be specified within quotes.