Device Enrollment

Device Enrollment is the mandatory process to register your company device so it can be managed securely. In this case, we use Microsoft Endpoint Manager (MEM) — also known as Intune — to manage and protect your device.

[!Note] New Agilers must wait for their corporate account credentials (provided on their first working day) and must not use personal accounts for device enrollment.

macOS

When you first turn on your Mac, macOS will guide you through the automated setup wizard. The device has been pre-configured for corporate enrollment via Apple's Automated Device Enrollment (ADE), which streamlines the onboarding process.

1. Initial Personalization
   Configure your preferred language, region, voice-over preferences, accessibility options, and other system preferences as needed.
2. Network Connection
   Connect your Mac to a Wi-Fi network to enable automatic enrollment and policy deployment.
3. Sign in with Your Corporate Account
   When prompted, log in using your company credentials (email and password). This will initiate the automated enrollment process.
4. Set Your Mac Password
   Create a secure local password for your Mac account. You'll use this password to unlock your device.
5. Additional Personalization
   Complete the setup by selecting your time zone, configuring Touch ID (if available), and choosing your preferred system theme (Light/Dark/Auto).
6. Automated Software Installation
   A welcome screen will appear showing the Welcome to Agile Lab! enrollment status and the progress of automatic software installations.
   ➤ Wait for all installations to complete, then click "Proceed to Desktop" to continue.
7. Microsoft Company Portal Sign-In
   The Company Portal // Portale Aziendale app will open automatically. Sign in using your company credentials to complete device registration.
8. Device Category Selection
   When prompted to select a device category, choose: "Agilelab"
9. System Restart
   After a few minutes, an Agile Lab notification will appear prompting you to restart your Mac.
   ➤ Click "Restart Now" to apply the corporate security policies.
10. Enable FileVault Disk Encryption
    After restarting and logging in with your Mac password, you'll be prompted to enable FileVault encryption.
    ➤ Click "Enable Now" to secure your device.
11. Complete Company Portal Enrollment
    Open the Company Portal // Portale Aziendale app again and sign in if needed.
12. Verify Compliance Status
    Wait a few minutes for all policies to apply. If the device status remains "Not Compliant":
    ➤ Click the three dots (•••) menu in Company Portal
    ➤ Select "Check Status" to refresh the compliance state

Once the device shows as "Compliant", your Mac is fully enrolled and ready to use.

[!NOTE] When prompted by Keychain Access, select "Always Allow" instead of just "Allow". Otherwise, the prompt may reappear repeatedly.

Final Step

Please reach out to InternalIT/DeviceManager to:

• Confirm that your device has been correctly enrolled
• Request support in case of issues during setup or enrollment

--

Note: If Internal IT explicitly informs you that your device is not eligible for the automatic enrollment procedure, click here to access the legacy manual enrollment guide.

Windows

Important:
To avoid compliance issues during setup, we recommend disconnecting all USB devices (such as mouse, keyboard, docking stations, etc.) until the process is complete.

Initial Setup

Make sure your device is connected to the internet and has access to the Microsoft Store.

1. Open the Start Menu
2. Search for Microsoft Store, then open it
3. In the store, search for Company Portal // Portale Aziendale
4. Download and install the Company Portal // Portale Aziendale app

MEM Enrollment

1. Launch the Company Portal // Portale Aziendale application
2. Sign in using your company credentials
3. Follow the on-screen instructions, making sure to accept all required permissions
4. Once the process is complete, restart your laptop to allow corporate policies to apply properly
5. Download and install the desktop version of Teams from this link

Final Step

Please reach out to InternalIT/DeviceManager to:

• Confirm that your device has been correctly enrolled
• Request support in case of issues during setup or enrollment

Android

Note: Even personal (BYOD) devices must be enrolled to access company data and apps.

Initial Setup

1. Open your device’s default app store (Google Play Store).
2. Search for and install Company Portal // Portale Aziendale.

MEM Enrollment

1. Launch the Company Portal // Portale Aziendale app.
2. Log in with your company credentials.
3. Follow the on-screen instructions to enroll your device.
4. After enrollment, you will have access to a company-managed Play Store, where you can install approved apps like Microsoft Teams, Outlook, etc.
5. All apps in this store, including the Play Store itself, will be marked with a lock icon.
6. If you need an app that is not available in the company store, please contact InternalIT / DeviceManager for assistance.

Please reach out to InternalIT/DeviceManager if you encounter any issues during enrollment or need further support.

iOS

Note: Even personal (BYOD) devices must be enrolled to access company data and apps.

Initial Setup

1. Open the App Store on your iPhone.
2. Search for and install Company Portal // Portale Aziendale.

MEM Enrollment

1. Launch the Company Portal // Portale Aziendale app.
2. Log in with your company credentials.
3. Follow the on-screen instructions to complete enrollment.
4. When prompted by the Select device and enrollment type screen, choose:
   • Agile Lab owns this device if the device was provided by the company.
   • Secure entire device if you are enrolling a personal iPhone.
5. Once enrolled, Office 365 apps and other company apps will be protected and managed by Microsoft Endpoint Manager.

Please reach out to InternalIT / DeviceManager if you encounter any issues during enrollment or need further support.