Abstract: Disclosed are various examples for device provisioning using a manufacturer boot environment. A management agent can be executed from a manufacturer's boot environment and can install a management application that is executable in the main operating system to provision a client device for management. The management agent can then set a provisioning status BIOS variable to indicate that the client device is provisioned. The client device can then be booted to the main operating system and the management application can be executed.

Abstract: Disclosed are various approaches for remotely deploying provisioned packages. An installer for an application is stored in a cache location of the client device. A hash of the installer is then written to a registry of the client device. The installer is then executed to install the application on the client device. Then, the client device is registered with a management service. Subsequently, a registration confirmation is received from the management service. The hash of the installer is then confirmed and the installed application is identified to the management service as a managed application installed on the client device.

Abstract: Disclosed are various approaches for remotely deploying provisioned packages. An installer for an application is stored in a cache location of the client device. A hash of the installer is then written to a registry of the client device. The installer is then executed to install the application on the client device. Then, the client device is registered with a management service. Subsequently, a registration confirmation is received from the management service. The hash of the installer is then confirmed and the installed application is identified to the management service as a managed application installed on the client device.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Disclosed are various examples for device provisioning using a manufacturer boot environment. A management agent can be executed from a manufacturer's boot environment and can install a management application that is executable in the main operating system to provision a client device for management. The management agent can then set a provisioning status BIOS variable to indicate that the client device is provisioned. The client device can then be booted to the main operating system and the management application can be executed.

Abstract: Disclosed are various examples for dynamic application deployment in trusted code environments. In some embodiments, an application is identified for installation on a client device. The client device includes a security process that limits the client device to execute trusted code based on a trusted code policy. Characteristics of a file are identified from an installation package for a client application. A management agent is instructed to update the trusted code policy to whitelist the file by providing the characteristics of the executable file to the security process. A command to install the application is transmitted to the management agent, where the management agent is a trusted installer for the client device.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Disclosed are various examples for persistent device provisioning. In some examples, a management agent is executed from the manufacturer boot environment. The management agent determines that a main operating system of the client device is currently unprovisioned for management by the management service. The management agent installs a management application that is executable in the main operating system. The client device boots to the main operating system and executes the management application. The management application enrolls the client device with the management service by installing an enrollment token received from the management service.

Abstract: Disclosed are various examples for dynamic application deployment in trusted code environments. In some embodiments, an application is identified for installation on a client device. The client device includes a security process that limits the client device to execute trusted code based on a trusted code policy. Characteristics of a file are identified from an installation package for a client application. A management agent is instructed to update the trusted code policy to whitelist the file by providing the characteristics of the executable file to the security process. A command to install the application is transmitted to the management agent, where the management agent is a trusted installer for the client device.

Abstract: Disclosed are various examples for persistent device provisioning. In some examples, a management agent is executed from the manufacturer boot environment. The management agent determines that a main operating system of the client device is currently unprovisioned for management by the management service. The management agent installs a management application that is executable in the main operating system. The client device boots to the main operating system and executes the management application. The management application enrolls the client device with the management service by installing an enrollment token received from the management service.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

Abstract: Disclosed are various approaches for remotely deploying provisioned packages. An installer for an application is stored in a cache location of the client device. A hash of the installer is then written to a registry of the client device. The installer is then executed to install the application on the client device. Then, the client device is registered with a management service. Subsequently, a registration confirmation is received from the management service. The hash of the installer is then confirmed and the installed application is identified to the management service as a managed application installed on the client device.

Abstract: Disclosed are various examples for dynamic application deployment in trusted code environments. In some embodiments, an application is identified for installation on a client device. The client device includes a security process that limits the client device to execute trusted code based on a trusted code policy. Characteristics of a file are identified from an installation package for a client application. A management agent is instructed to update the trusted code policy to whitelist the file by providing the characteristics of the executable file to the security process. A command to install the application is transmitted to the management agent, where the management agent is a trusted installer for the client device.