admin enrollment guide (#3061)

docs/guides/enroll-device.md

@@ -1,5 +1,5 @@
 ---
-title: Enroll a Device
+title: User Device Enrollment
 lang: en-US
 meta:
   - name: keywords
@@ -10,11 +10,11 @@ description: >-
   This guide covers how to enroll a trusted execution environment device as a Pomerium end-user.
 ---
 
-# Enroll a Device
+# Enroll a Device as a User
 
 If a Pomerium route is configured to [require device authentication](/docs/topics/ppl.md#device-matcher), then the user must register a [trusted execution environment](/docs/topics/device-identity.md#authenticated-device-types) (**TEE**) device before accessing the route. Registration is easy, but different depending on the device being used to provide ID.
 
-This guide covers enrollment of a device by a user. This is available for both open-source Pomerium and [Pomerium Enterprise](/enterprise) installations. However, Enterprise users may also receive registration links [generated by their administrators](/enterprise/reference/manage.md#new-enrollment), which will mark the newly enrolled device as approved in the Pomerium Enterprise Console.
+This guide covers enrollment of a device by a user. This is available for both open-source Pomerium and [Pomerium Enterprise](/enterprise) installations. However, Enterprise users may also receive registration links [generated by their administrators](/guides/admin-enroll-device.md), which will mark the newly enrolled device as approved in the Pomerium Enterprise Console.
 
 1. Users are prompted to register a new device when accessing a route that requires device authentication: