Device Enrollment

Device Enrollment is the mandatory process to register your company device so it can be managed securely. In this case, we use Microsoft Endpoint Manager (MEM) — also known as Intune — to manage and protect your device.

macOS

macOS Setup (Out-of-the-box)

When you first turn on your Mac, macOS will guide you through the standard setup wizard. During this phase:

1. Apple ID: You can skip signing in with an Apple ID. It is not required for device registration.
2. Disk encryption (FileVault): When prompted, do not enable FileVault encryption at this stage — it will be automatically enforced by MEM after enrollment.
3. Personalization: Feel free to configure language, region, and other preferences as you like.

Once the setup is complete and you have access to the desktop environment, proceed to the next section.

MEM Enrollment & Configuration

1. Install Microsoft Endpoint Manager (Company Portal // Portale Aziendale)
   Download and install MEM from this link, and log in using your company credentials.

2. Open the Company Portal (Portale Aziendale) app
   Follow the on-screen instructions carefully. During the process, you’ll be asked to approve a configuration profile.
   ➤ Make sure to approve it, otherwise enrollment will not complete successfully.

3. Restart your Mac
   Once the Company Portal (Portale Aziendale) setup is complete, reboot your device to ensure that all corporate policies are applied correctly.

4. Install Microsoft Teams
   Download and install the desktop version of Teams from this link.

[!NOTE] When prompted by Keychain Access, select "Always Allow" instead of just "Allow". Otherwise, the prompt may reappear repeatedly.

Final Step

Please reach out to InternalIT/DeviceManager to:

• Confirm that your device has been correctly enrolled
• Request support in case of issues during setup or enrollment

Windows

Important:
To avoid compliance issues during setup, we recommend disconnecting all USB devices (such as mouse, keyboard, docking stations, etc.) until the process is complete.

Initial Setup

Make sure your device is connected to the internet and has access to the Microsoft Store.

1. Open the Start Menu
2. Search for Microsoft Store, then open it
3. In the store, search for Company Portal // Portale Aziendale
4. Download and install the Company Portal // Portale Aziendale app

MEM Enrollment

1. Launch the Company Portal // Portale Aziendale application
2. Sign in using your company credentials
3. Follow the on-screen instructions, making sure to accept all required permissions
4. Once the process is complete, restart your laptop to allow corporate policies to apply properly
5. Download and install the desktop version of Teams from this link

Final Step

Please reach out to InternalIT/DeviceManager to:

• Confirm that your device has been correctly enrolled
• Request support in case of issues during setup or enrollment

Android

Note: Even personal (BYOD) devices must be enrolled to access company data and apps.

Initial Setup

1. Open your device’s default app store (Google Play Store).
2. Search for and install Company Portal // Portale Aziendale.

MEM Enrollment

1. Launch the Company Portal // Portale Aziendale app.
2. Log in with your company credentials.
3. Follow the on-screen instructions to enroll your device.
4. After enrollment, you will have access to a company-managed Play Store, where you can install approved apps like Microsoft Teams, Outlook, etc.
5. All apps in this store, including the Play Store itself, will be marked with a lock icon.
6. If you need an app that is not available in the company store, please contact InternalIT / DeviceManager for assistance.

Please reach out to InternalIT/DeviceManager if you encounter any issues during enrollment or need further support.

iOS

Note: Even personal (BYOD) devices must be enrolled to access company data and apps.

Initial Setup

1. Open the App Store on your iPhone.
2. Search for and install Company Portal // Portale Aziendale.

MEM Enrollment

1. Launch the Company Portal // Portale Aziendale app.
2. Log in with your company credentials.
3. Follow the on-screen instructions to complete enrollment.
4. When prompted by the Select device and enrollment type screen, choose:
   • Agile Lab owns this device if the device was provided by the company.
   • Secure entire device if you are enrolling a personal iPhone.
5. Once enrolled, Office 365 apps and other company apps will be protected and managed by Microsoft Endpoint Manager.

Please reach out to InternalIT / DeviceManager if you encounter any issues during enrollment or need further support.