You log into the UEM Admin Console.

1. When connected to your lab environment, you will be brought to a screen from the ControlCenter.techseals.co VM.
2. At the top-left of the screen, you will see an icon of a keyboard.  Click on the keyboard icon, and a dropdown will appear, showing an option, “Ctrl+Alt+Delete”.  Click on that.
3. Login to the ControlCenter VM:
   1. Username: Administrator
   2. Password: Pa$$w0rd 

4. Open the Chrome Browser and log into Workspace ONE UEM (https://techseals.awmdm.com)

   • User name: StudentAdmin{labid}
   • Password: Pa$$w0rd

   NOTE:  You will see your UEM Admin Username on the far right-hand side of the screen, in the box next to UEM Admin Username.  You can type it in yourself, or click on the box, “StudentAdmin########”, to have it automatically type it in for you.  The # numbers represent your Lab ID.

5. If you get any pop-up windows, asking you to "Save password?", just click "Never".
6. From the Omnissa General Terms window, click I agree to the Omnissa General Terms and click ACCEPT, and wait a couple of seconds for the Security Settings window to appear.  
7. Set a Password Recovery Question and Answer.
8. Set the Security PIN as 1234
9. Click SAVE.
10. In the UEM Admin console, on the left-side of pane, go to Devices> Devices
11. You will notice that you do not have any enrolled devices at this time.
12. Make a note of your Group ID.  It is in a box, above the List View section, in the form of, Student########

A. Silent Enrollment (w11Client-01a)

1. From the dropdown at the top-left of the screen, click on ControlCenter.techseals.co and select w11Client-01a.techseals.co
2. Login to the w11Client-01a.techseals.co VM.
   • You might have to click on the screen to bring up the login window
   • User name: Nancy
   • Password: Pa$$w0rd
3. Navigate to C:\Resources.
4. Double-Click the Update Group ID file
5. Type your assigned Group ID. For example- Student########  (Note:  Make sure to preface the Group ID with "Student")
6. Click OK.  
7. Then Click OK to the Replacement complete... message.
8. Right-Click on the newly created file, Right-Click Me and choose Run As Administrator batch file, And choose Run As Administrator.
9. Enter:
   • Username: Administrator
   • Password: Pa$$w0rd
   • Click Yes.
10. A Command Window will appear briefly for about a minute and then go away on its own.  This starts the enrollment process.
11. You will have to wait about 2 minutes while the device enrolls for Nancy.  There will be no visible progress while the enrollment is happening.
12. While silent enrollment is in progress, take a look at the script.  Go to C:\Resources\Right-click me and choose Run As Administrator.  Right click and select Edit in Notepad.  Do not click Open.  Note the parameters that have been embedded within the script.  Close Notepad after viewing.
13. When enrollment completes, you will get a Want an even better experience? window.  Click Not Now.
14. Click Get Started at the Hello, Nancy window.
15. You should now see the Hub app interface with a section of information on Nancy, Support, About, Enrollment, Network, and Device.
16. Leave the Hub app interface open because we will refer to it in the next activity.

B. Intelligent Hub UI Enrollment (w11Client-02a) 

1. From the dropdown at the top-left of the screen, select w11Client-02a.techseals.co
2. You might have to click on the screen to bring up the login window.
   • User name: Craig
   • Password: Pa$$w0rd
3. Navigate to the C:\Resources folder.
4. Double-click the AirwatchAgent file.
5. In the setup wizard:
   • Click Next.
   • Accept the terms in the License Agreement → Click Next
   • Click Install →
   • If you get the User Account Control window, enter:
     1. Username: Administrator
     2. Password: Pa$$w0rd
     3. Click Yes.
   • Click Finish.
   • In about 2 minutes, the Workspace ONE Intelligent Hub window will automatically appear.  (Note: If it doesn't appear after 2 minutes, click on the Start/Windows button and type hub, then click, "Workspace ONE Intelligent Hub")
6. Enrolling Device:
   • Enter techseals.awmdm.com in Email or Server Address.
   • Click Next.
   • Enter student{labid} in Group ID.
   • Click Next.
     1. Username: Craig
     2. Password: Pa$$w0rd
     3. Click Sign In.
   • Click Not Now on the "Want an even better experience?" window.
   • Click Done → Click Get Started at the Hello, Craig window.
   • You should now see the Hub app interface with a section of information on Craig, Support, About, Enrollment, Network, and Device.
   • Leave the Hub app interface open because we will refer to it in the next activity.

C. Verify Enrollment

1. You have now enrolled two devices:
   • One, via silent enrollment, where the user did not have to enter anything.
   • Second, via manual enrollment, where the user did have to interact with prompts in the Intelligent Hub app interface.
2. To validate, go to the ControlCenter VM, open Google Chrome.
3. Go to Workspace ONE UEM Console.
4. Navigate to Devices > Device and from the List View page.  Confirm that both VMs are listed.  
5. Note:  It is possible that one or both Windows computers have not yet completed the enrollment process.  Make sure that they appear before you start the next lab.

In this lab, we will create a Baseline to apply security settings to the Windows devices. 

1. From the dropdown at the top-left of the screen, make sure that ControlCenter.techseals.co is selected.
2. In Workspace ONE UEM Console:
   • Click Resources > Baselines.
   • Click New
3. On Select Baseline Type screen:
   • Keep default: Use template → Click Next.
4. On General screen:
   • Name: Windows11-24H2 → Click Next.
5. On Choose Baseline screen:
   • Select Windows Security Baseline → Click Next.
6. On Customize screen, make the following changes:
   • Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout duration: Set to 4 minutes.
   • Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length: Set to 4.
7. Click Next:
8. On the Add policy screen, in the search box, type “camera”, and wait for policies to appear.
9. Select Allow use of camera.
10. From the drop-down, click Enabled → Click Next
11. On Summary screen, click Save & Assign
12. Type All in the search for Smart Group box, and wait assignment groups to appear.
13. Select All Corporate Dedicated Devices(Student...)
14. Click Publish

Validate Baseline

1. To validate the Baseline, open the Workspace ONE UEM Admin console and go to Devices > Devices and click on the friendly name of one of your Windows computers.  
2. Click on the Baselines tab.  It is possible that the status will show a black check mark, indicating that it has not yet applied.  If so, this is because the device has not yet checked in and been notified that the Baseline is awaiting.
   •  If you see a black check mark,  log in to that specific Windows VM and click the Sync Device button in the Intelligent Hub screen. Optionally, you can find the purple Intelligent Hub icon on the taskbar in the lower right corner.  Right click it and click Sync in order to force synchronization.  On the Windows VM, you should see a message within a few seconds indicating that policies have been applied.
3. In the Workspace ONE UEM Admin console, go to Devices > Devices and click on the friendly name of one of your Windows devices and navigate to the Baselines tab.  You should now see that the status column shows a green check mark.
4. Under the Compliance column, it likely shows Not Available or Intermediate.  Click whatever the text says, under the Compliance column.  You will see the compliance status of each of the settings from the Baseline, including those that were modified.  Given more time, the status will update from Not Available after a short while.
5. You can close the Compliance window.