In the location and groups section, you can choose where the target devices are placed in your CapaInstaller management infrastructure during enrollment.

First, you decide on a Management Point (CMP) and a Business Unit (BU), and then you can select a unit folder in either the CMP or BU.

Next, you can choose one or more groups in the CMP and/or BU that the devices should be made members of during enrollment.

This enables fine-grained sorting of devices enrolling in CapaInstaller. Sort units by Company, Location, Department or any other structural division your organization are built around.

If this option is not configured, devices will still be able to enroll, but like the default enrollment configuration, they will end up in the root of the "Computers and Devices" section among all your other non-sorted devices and computers in the default management point.

To offer even finer granularity in enrollment scenarios, and to support customers utilizing CapaInstaller Asset Management in identifying and describing company devices, this configuration option offers to assign asset tags to devices.

The asset tags which can be chosen here are created in Asset Management.

Click the Add button in the Asset tags panel to open the Asset Browser dialog.

You can select multiple values in the same entry to give the enrolling user a choice between them, or you can select only one value if you don't wish to give the user a choice.

The values you or the enrolling user chooses will be assigned to the enrolled devices.

This option offers the possibility to secure enrollment with authentication and enables support for linking users to enroll devices.

Three authentication modes are offered.

1. Active Directory
2. Simple
3. None

If you have no access to authentication via an Active Directory you can set up a simple user/password to be asked at the enrollment page prior to enrolling the device.

Linked user: Select existing users to link the device to or prompt for a username on the enrollment page. This option is available for Simple and None authentication modes. If AD authentication is chosen, the AD user enrolling the device will also be linked to the device.

Below is an example of a configuration with simple authentication chosen, and the user enrolling a device will be asked to supply a user name to be linked to the device.

Example of a configuration with no authentication selected, where all devices being enrolled using it will be linked to the same user:

Devices enrolled with this configuration option added will be placed in quarantine right after enrollment, and will wait for an Administrators approval before the rest of the configuration options are put into effect.
This will let you control and review enrollment of all devices enrolled via the configurations specific URL.
You can find the quarantined devices in Configuration Management in CMP->Views->Quarantined Units or CMP->Business Units->'Your BU'->Views->Quarantined Units.

If some devices have enrolled using this configuration and are currently in quarantine, and you then change the CMP or BU of the configuration, the devices will be moved from quarantine in the old CMP or BU, and into quarantine in the new one.

The MDM section has no impact on whether or not the configuration is active on your specific MDM service. Rather its function is to generate an enrollment URL consisting of the public URL of your MDM service and the Enrollment ID specified in the configuration.

Clicking the icon next to the MDM Enrollment URL will copy the URL to your clipboard, and you can then send it to users in a mail or paste it on your intranet etc so they can start enrolling their devices.

In the Volume Purchase Program section, you can select one of your VPP accounts and/or give the user the option to choose one during enrollment. Devices running iOS8 or higher, enrolled with this configuration, will receive an invitation to the selected VPP account. This will associate the Apple ID on the device with the VPP Account, once the user on the device accepts the invitation.

The combination of this VPP setting and which groups devices should be made members of, enables users to enroll their device, and without further actions from an administrator be able to receive licensed applications.

A possible enrollment scenario to take advantage of this:

Devices are made a member of a group that contains some licensed applications, which are configured to retrieve licenses from the same VPP account selected in this configuration. Once devices are enrolled, an invitation to VPP is sent and applications from the groups are assigned. The first attempt to install the licensed applications will result in the status 'Needs license key'. Once the user accepts the invitation sent to their device, they will be associated with the VPP account, and the system will periodically check and assign the license they need and attempt the installation again.

Creating multiple Enrollment Configurations in a snap can be done with the "Clone" function on an existing Enrollment Configuration.

In 4 Steps the new Enrollment Configuration is ready:

1. Simply right-click the Enrollment Configuration that you will use as the base for the new one and select "Clone".
2. Change the values that you want to change
3. Give it a new name
4. Hit "OK" and you are done