This is a quote from AirWatch
Enrolment changes for Windows devices after Windows Anniversary update
The enrolment flow for Windows device has changed following the Windows Anniversary Update. This article outlines the flow pre-update as well as the new flow post-update.
Pre-update enrolment flow
Prior to the Windows Anniversary update, when an end user is enrolling into AirWatch they navigate to Settings > Accounts > Work Access. This flow will take them to their MDM enrolment workflow.
Selecting Enrol in to device management will take end users to their AirWatch Auto-Discovery server and then prompt them for their MDM server URL if discovery fails.
New Flow
In the Windows Anniversary update, Microsoft has:
• Updated the UI menu item for enrolment to be Access work or school
• Unified all workplace join flows for MDM, Domain, Azure AD / Cloud Domain and DJ++ (Domain Join ++) so that all work accounts are visible on a single screen.
• Added an Azure AD (AAD) domain name check as a part of the discovery for all their flows.
Process flow changes with Azure AD domain check
Current users who have been instructed to navigate to Work Access will select the Connect option and enter in their directory credentials. If the customer has registered their domain with O365 or with AAD, then the user will be taken into the AAD flow and their device will be joined to the cloud domain. If you have AAD premium enabled and the AirWatch MDM cloud app added, then the device will be enrolled into AirWatch.
With the Windows Anniversary update, users navigate to Work Access and select Connect to begin enrolment as they did before. The process that follows has changed. If you have registered your domain with O365 or with AAD, selecting Connect begins the AAD flow and the device joins the cloud domain. If you have AAD premium enabled and the AirWatch MDM cloud app added, then AirWatch enrolment begins after the AAD flow completes.
However, if you have your domain registered with O365 or AAD but do not have AAD premium with “Require Management” enabled this flow will not complete. As a result, end users will complete the Connect process and be joined to their cloud domain but will not have enrolled into AirWatch. The AirWatch enrolment flow does not automatically begin following the AAD flow.
The example below shows this incorrect flow for non-AAD Premium users. In this example, the device connects to AAD and is authenticated using user@vmware.com because the company has an O365 account registered but no AAD premium account.
Proper work flow created by Deep Linking to MDM
To mitigate this issue, Microsoft has provided us a deep link that can be called from any app or website, which skips the AAD discovery and navigates straight to AirWatch Auto-Discovery.
The deep link is: ms-device-enrolment :?mode=mdm
We have updated the AirWatch Agent and Workspace ONE apps to use this deep link to take users to the correct enrolment flow.
Implications for Customers without O365 and without Azure AD
• Users should use the new AirWatch Agent v1.2.1 to enrol and follow the prompt to Connect to Work or School Account.
• Users who use Workspace ONE with a step up enrolment flow should upgrade to Windows Workspace ONE v 2.0.1.
• Users who use a web enrolment flow can go to awagent.com to enrol.
• As a fall back option, customers can navigate to the deep link (ms-device-enrolment :?mode=mdm) from an email or by typing it into their browser window.
Implications for Customers with O365 or AAD but without AAD Premium (Majority of customers will be in the first or second scenarios)
• Users should use the new AirWatch Agent v1.2.1 to enrol and follow the prompt to Connect to Work or School Account.
• Users who use Workspace ONE with a step up enrolment flow should upgrade to Windows Workspace ONE v 2.0.1.
• Users who use a web enrolment flow can go to awagent.com to enrol.
• As a fall back option, customers can navigate to the deep link (ms-device-enrolment :?mode=mdm) from an email or by typing it into their browser window.
Implications for Customers with O365 and with AAD Premium and the AirWatch Cloud Application in their tenant
• Customers should continue to enrol using the native Settings app by selecting Connect and entering their domain credentials. This process adds the device to the AAD domain and also enrols the device into AirWatch.
Support Contact Information
To open a Support Request, please call your local AirWatch support line or submit a Support Request via myAirWatch.