If you need AD/LDAP for enrolling devices of any supported platform,  then

1. Have a running AD/LDAP server with required AD/LDAP user and group entries configured

2. Add an LDAP/AD connection with proper address/FQDN/port, domain, authen. mode, etc. (see https://www.soti.net/mc/help/v14.0/en/console/system/ldap/ldap.html, which is basically accurate also for v12.x or v13.x of Mobicontrol).  You don't need to configure any field in various attributes group if you connect to an Microsoft AD server.  Otherwise, you might need time and expertise to configure the various attribute filter settings for MobiControl to correctly extract proper information from your LDAP server.

3. Choose AD/LDAP mode for authentication in your Add-Devices rule, and map each required AD/LDAP group to a target Mobicontrol target device-group. If your step 2 has been done properly, you can select available AD/LDAP group(s) in the web-console while you are  editing related fields in your Add-Devices rule.


There are always security issues (permissions, firewall exception, etc.) you need to consider to make sure the AD/LDAP is reasonably safe and can be queried by your Mobicontrol server.  I think MobiControl Windows Modern only supports  Windows 8/8.1 Phone  and some editions of  Windows 10 Desktop/Phone devices, and has the MDM device agent built in without any need for you to generate one with MobiControl.   On the contrary, Windows XP, Vista, .., up to Windows 7/8 devices require agent from Mobicontrol, and are only supported in the Windows Classic platform, and not in the Windows Modern platform in MobiControl.  Also, please be reminded that some Windows 10 editions support MDM enrollment  without requiring AD/LDAP.