Every business requires devices such as laptops and desktops for daily operations. With Windows holding a desktop operating system market share of 72.08% worldwide[1], it is clear that Windows OS is the most widely used desktop and laptop operating system in enterprises.
However, managing a large number of devices demands efficient strategies to maintain productivity and ensure security within organizations. However, without enrolling devices in a Unified Endpoint Management (UEM) system, managing these devices can become a tedious task. Enrolling a substantial number of devices in bulk presents an additional challenge for businesses.
Windows Provisioning Package offers a streamlined solution to address the bulk enrollment challenge by configuring and enrolling Windows devices into a UEM system. This blog serves as a comprehensive guide to the Windows Provisioning Package, highlighting its benefits and the steps for enrolling Windows devices into a UEM using these packages.
What is a Windows Provisioning Package (ppkg)?
A Windows provisioning package (.ppkg) is a streamlined way for IT administrators to configure and enroll Windows devices into a UEM solution without imaging. These packages serve as containers that bundle all the device configurations and an enrollment URL. This makes it easy for IT admins to enroll and apply consistent configurations to Windows devices in bulk.
Provisioning Packages are created using the Windows Configuration Designer. They can be distributed via removable media or downloaded directly onto Windows devices. This method streamlines the Windows device enrollment process, offering end-users a smooth out-of-box experience (OOBE) and facilitates initial device setup.
A Windows provisioning package has the following structure: :
- Package Metadata: Includes basic details about the package, such as its name, description, version, and ranking.
- XML Descriptors: These define each customization asset or configuration setting included in the package.
- Asset Payloads: Contain the actual data or settings associated with an app or configuration item in the package.
How to Enroll Windows Devices in Bulk Using Provisioning Package with Scalefusion UEM
Windows provisioning packages are created mainly for two deployment scenarios:
A. Enrolling new Windows devices
When deploying company-owned devices in bulk, IT administrators traditionally use imaging techniques to create OS images that can be applied to multiple devices. Provisioning packages offer a simpler alternative by eliminating the complexity associated with imaging.
Instead, devices can be configured according to specific requirements and directly enrolled into Scalefusion. This method is used to generate provisioning packages when you are planning to enroll Windows 10 and above devices that are fresh out of the box or are factory reset.
To generate and deploy a provisioning package for an out-of-box or factory reset Windows devices, follow these steps:
Step 1: Preparing Configuration Data
Begin by creating a Windows Device Profile and Enrollment configuration in Scalefusion. Access the enrollment configuration and copy the Bulk Enrollment URL and Enrollment code, which will be used later in the Windows Configuration Designer.
Step 2: Generating the Provisioning Package
Open Windows Configuration Designer and select “Provision Desktop Devices.” Name your project, choose a folder, and click Finish. Configure the device settings: Set up the network (choose Wi-Fi or leave blank to use Ethernet), create a local admin account, and skip adding applications and certificates.
Switch to the Advanced Editor and expand Runtime Settings. Under Enrollment UPN Setting, enter the UPN and add it. Next, provide the Discovery Service Full URL and Enrollment code from Step 1. Finally, generate the .ppkg file.
Step 3: Enrolling a Windows Device
Power on the new Windows device and wait for the first run setup screen. Insert the USB drive containing the provisioning package. Windows will recognize the drive and start the setup automatically. If prompted, select the .ppkg file from the USB drive.
Once the setup is completed, the device will boot normally, with the admin account configured and enrollment to Scalefusion completed. Additional policies and applications, such as kiosk modes or enterprise apps, will be applied according to the package configuration.
B. Enrolling existing Windows devices
Enrolling existing Windows devices using provisioning packages requires users to have an admin account on the devices that must be enrolled. IT administrators can simplify device configuration and enrollment by generating a provisioning package (.ppkg).
This method is ideal for applying common policies, distributing applications, and managing devices where alternative enrollment techniques may be impractical. It ensures a smooth setup for users, whether they are students, non-IT staff, or have specific application policies in place.
To deploy devices using a provisioning package follow the below steps:
Step 1: Preparing Configuration Data
Start by preparing the necessary configuration data. Create a Windows Device Profile and an Enrollment Configuration, then copy the Bulk Enrollment URL and Enrollment Code from the Windows tab of the Enrollment Configuration.
Step 2: Generating the Provisioning Package
Next, generate the provisioning package using the Windows Configuration Designer. Launch the tool, name your project, and select a save location. Proceed through the wizard, expanding Runtime Settings and entering your User Principal Name (UPN) under the Enrollments section, using the email associated with Scalefusion. Add the Discovery Service Full URL and Enrollment Code from Step 1.
To generate the .ppkg file, select Export > Provisioning package, choose “IT Admin” as the owner, and configure any encryption and signing options as needed. Save the package file to your desired location and click Build to create it. Share the .ppkg file with end users via email or a shared folder.
Step 3: Enrollment using PPKG on a Device
For enrollment, users should download the .ppkg file to their device, double-click to start the process and follow the on-screen instructions. They must confirm prompts to complete enrollment and administrative access is required. Once installed, the device will appear in the Scalefusion Dashboard.
Benefits of Enrolling Windows Devices using a Windows Provisioning Package
1. One-time setup
With a provisioning package, end-users only need to power on the device, connect to the network, and install the .ppkg file to enroll in a UEM. This makes the enrollment process seamless for IT admins, during device setup.
2. Bulk enrollment of devices
IT admins can enroll corporate-owned Windows devices in bulk. Administrators can apply consistent settings and policies to all devices, ensuring they are ready to use and meet company standards.
3. Automated Configuration
Windows provisioning packages automate the device configuration process, applying all necessary settings, policies, and apps without manual intervention. This ensures that each device is configured according to company requirements, enhancing security and efficiency.
4. Out-of-Box Experience
Provisioning packages can be applied during the device’s Out-of-Box Experience (OOBE), making the initial setup seamless for end-users. Users get a business-ready operational device.
5. Flexible Deployment Options
Provisioning packages can be delivered through various methods, such as via Windows Configuration Designer, USB drives, over the network, or preloaded onto Windows devices. This flexibility allows organizations to choose the most convenient method for their specific deployment scenario.
Use Case of Windows Provisioning Packages
1. Knowledge Workers
For businesses employing knowledge workers, provisioning packages simplify the setup of laptops and desktops in bulk with the necessary data and network security settings and access controls. This is beneficial when onboarding new employees or rolling out upgrades, as it ensures no disruption in the ongoing business operations
2. Education
In educational institutions, provisioning packages are ideal for managing large-scale deployments of Windows laptops and desktops in classrooms. IT administrators can ensure that every device is equipped with the necessary educational apps, security settings, and network configurations, streamlining the onboarding process for new academic terms or during remote learning initiatives.
3. Healthcare
In the healthcare industry, time is a matter of life and death. Medical professionals work around the clock, facing emergencies 24/7. Windows provisioning packages allow IT teams to preconfigure and set up a large number of modern healthcare devices such as medical tablets and patient monitoring screens, with necessary security configurations at once. This ensures that devices used for healthcare are operational and ready to use. This gives healthcare professionals immediate access to the applications and tools they need while maintaining and securing data.
4. Aviation
The aviation industry relies on a wide range of devices, from in-flight entertainment systems to tablets used by cabin crew and pilots. Windows provisioning packages streamline the configuration and deployment process, ensuring that all Windows devices are pre-configured with necessary device policies and security settings.
5. Retail
Retail environments require the rapid setup of point-of-sale (POS) systems and kiosks running on Windows OS. Windows provisioning packages allow retailers to pre-configure devices with inventory applications, and security settings, ensuring minimal operational downtime and a consistent customer experience across all locations.
Provisioning Packages vs. Windows Autopilot
| Feature | Provisioning Packages | Windows Autopilot |
| Deployment Method | Devices are configured using files transferred via USB drives, SD cards, or over the network. | Devices are set up automatically via cloud services once connected to the internet. |
| Setup Type | Requires manual installation of the .ppkg file during the device setup. | Provides a hands-free setup process, configuring the device automatically. |
| Internet Requirement | Does not need an internet connection for installation; the setup occurs offline. | Requires an internet connection to download configuration profiles and complete setup. |
| Configuration Flexibility | Allows for configuration during the initial setup or afterward, based on predefined settings. | Applies configurations and settings automatically based on user profiles, offering a tailored experience. |
| Integration | Dependent on a device management solution such as a UEM solution. | Integrated with Microsoft Azure and Intune. |
| Scalability | Suitable for smaller deployments or environments where devices need to be configured offline. | Ideal for large-scale deployments across multiple locations, supporting extensive device management. |
| Personalization | Limited to the configurations included in the package; less flexibility for user-specific settings. | Provides a high level of personalization, with settings and apps tailored to individual user needs. |
| Ease of Use | Simple to create and distribute by IT admins, but requires manual application by end-users. | The automated setup process minimizes IT involvement and simplifies the deployment experience. |
| Use Cases | Best for quick, offline configurations or where internet access is limited. | Best for large-scale, cloud-based deployments where a seamless setup experience is desired. |
| Best For | Scenarios where offline setup is required or where quick deployment is needed. | Scenarios requiring extensive, cloud-based device management and personalized user setups. |
Opt Scalefusion UEM for Seamless Windows Device Enrollment Using Windows Provisioning Package
Scalefusion UEM offers a seamless way to enroll Windows devices using provisioning packages. It provides IT admins with the enrollment URL and enrollment code required while generating a provisioning package. Scalefusion UEM also offers various other enrollment types for Windows devices streamlining the enrollment process.
Contact our experts to learn more about Windows Device Management. Book a free demo or start your 14-day free trial today.
