Data communications are enabled between a machine and a remote service application. When user-based credential data is valid, an authorization code is provided from an authorization service application to the machine. The authorization code and a request for a first access token are received and in response, the first access token is sent from the authorization service application to the first machine. The first machine responsively sends the first access token and an enrollment request to an enrollment service application. The enrollment service application sends machine credential data to the first machine to permit the first machine later access to cloud-based applications.