Device Onboarding

  • 4 minutes to read

Purpose

This SOP outlines the steps for onboarding devices into the Microsoft cloud as part of the Compliance-as-a-Service offering. It ensures a structured and secure onboarding process for new devices while maintaining compliance requirements.

Scope

This procedure applies to all organizations utilizing Compliance-as-a-Service and includes actions for both the Organization seeking certification (OSC) and the External Service Provider (ESP).

Authorized Roles

Reminder: Always review the roles of OSC users to ensure they align with the Authorized Roles. No action should be taken without a request from or approval by a user assigned the appropriate authorized role.

  • Authorized Managers
  • Global Administrator
  • Intune Administrator

Organization seeking certification (OSC) Steps

Step 1: Submit Device Onboarding Request

  • Submit a request for a new device onboarding through the helpdesk.
  • Ensure that the request is made by an authorized user.
  • Provide relevant details including the device type, user assignment, and any special configurations required.

Step 2: Confirm Licensing & Compliance Requirements

  • Verify that the appropriate Microsoft licenses are available for the device (E5 for CAAS)
  • Ensure that the device is capable of meeting compliance standards (e.g., encryption, non-rooted / jailbroken).

Step 3: Review and Approve Acceptable Use Policies

  • Ensure the user reviews and acknowledges IT security and compliance policies before accessing the device.

Step 4: Device Backup & Data Preservation

  • If applicable, back up any existing data before onboarding the device.
  • Ensure that users are informed of potential data loss if migrating from an old device.

Step 5: Confirm Device Deployment & User Access

  • Once onboarding is complete, verify that the user has access to all required resources.
  • Report any issues to the ESP for resolution.

Section 2: Windows Device Onboarding Steps

Windows Devices

For Windows device onboarding, follow the steps outlined in the internal SOP: Windows Device Enrollment SOP.

Note: Users must be a member of the tenant and have appropriate license to Azure AD Join a device.

Cloud PC Onboarding

Step 1: Licensing Request & User Creation

  • An Authorized Manager submits a request for a new Cloud PC via the helpdesk.
  • If the user does not yet exist, the request must include details for user creation (Full Name, Email, Role, Department).
  • OSC confirms the user is authorized for a Cloud PC based on licensing availability and business need.

Step 2: Confirm Licensing & Compliance Requirements

  • Verify that a Windows 365 license is available for assignment.
  • Ensure the user meets the compliance requirements, such as MFA enforcement and adherence to security policies.

Step 3: ESP Licensing & Provisioning Tasks

  • The ESP assigns the Windows 365 license to the user.
  • The ESP assigns the user to the appropriate Provisioning Policy Security Group, ensuring the Cloud PC is provisioned according to the organization’s policies.

Step 4: Cloud PC Deployment & User Notification

  • Once provisioning is complete, the OSC confirms with the user that they can access their Cloud PC.
  • The user validates access through the Microsoft Remote Desktop Client.

Step 5: Post-Onboarding Checks & Troubleshooting

  • The OSC verifies that the user has access to all required corporate applications and resources.
  • Any issues with provisioning or access are escalated to the ESP for resolution.

Mobile Devices

Bring Your Own Device (BYOD)

  • Ensure that users have Microsoft Intune Company Portal installed.
  • Guide users to enroll their device through the Microsoft Intune enrollment process.
  • Verify that the device is successfully added to the organization’s mobile device management (MDM) system.

Enterprise-Owned Devices

  • Configure and enroll enterprise-owned devices through Microsoft Intune.
  • Ensure that compliance policies and security configurations are properly applied.
  • Deploy required corporate applications.

Android Service Onboarding

Some Android device enrollments require technical integration with Microsoft Intune and Entra ID. Refer to the detailed implementation guide: Android Service Onboarding.

Apple Service Onboarding

Apple device onboarding also requires integration with Microsoft Intune and Entra ID. Refer to the technical guide here: Apple Service Onboarding.

Nimbus Logic Support

Nimbus Logic can assist with Android and Apple service onboarding configurations. Authorized users can submit a request for assistance by contacting the helpdesk at support@nimbus-logic.us.

Review & Maintenance
This SOP will be reviewed on a quarterly basis or as required by changes in compliance regulations or Microsoft cloud services.