In a fast moving world for many businesses we now can benefit from the newest IT technology on the digital workplace journey many are aiming for. One of those technologies we can use for deploying applications and clients with a out of the box experience and with minimum configuration required is Microsoft Intune – AutoPilot.
Microsoft Intune is a Mobile Device Management (MDM) and Mobile Application Management (MAM) cloud-based platform.
In this scenario we using a hybrid Azure Active Directory setup for managed domains and with some custom made Intune policies for Windows 10 devices.
Important : Before starting the AutoPilot configuration, make sure that the basic setup are done regarding Automatic Enrollment (Azure AD Premium required), Importing the AutoPilot devices via a CVS file, Create Company portal branding and do CNAME registration if using a custom domain name if not using domainname.onmicrosoft.com.
License that can be used is Enterprise Mobility + Security E3 and E5.
EMS E3 includes Azure Active Directory Premium P1
EMS E5 includes Azure Active Directory Premium P2.
Read more about the licenses here -> https://www.microsoft.com/en-us/licensing/product-licensing/enterprise-mobility-security
Note: In this test lab MDM and MAM Scopes is set to all users. This can be scaled down to a group of users. Select Some tab to define a custom group.
Note: Make sure that all DNS modification are made within your domain registrar regarding the Azure AD DNS. For detailed custom domain setup see -> https://docs.microsoft.com/da-dk/azure/active-directory/fundamentals/add-custom-domain
Note: Before the enrollment can happen, the Windows 10 device must be known in advance by AutoPilot. Read more about how to import a Autopilot device for enrollment here -> https://docs.microsoft.com/en-us/intune/enrollment-autopilot
Note: Read this for configure Company branding -> https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/customize-branding
Note: For this test lab we skip Convert all target devices to AutoPilot. This test lab does not have any existing Windows 10 devices added that needs to be converted.
Note: When White glove is enabled its possible to pres Windows key 5 times to run OOBE without user authentication to enroll device and provision all system-context apps and settings. User-context apps and settings will be delivered when the user signs in. Requires Windows 10 1903 or later.
Note: Select a group with Windows 10 Devices that needs the profile assigned. Its possible to excluding groups from this AutoPilot profil. Microsoft Store for business (MSFB) can also be used to manage and assign AutoPilot profiles to Windows 10 devices. Try to login to MSFB. -> https://businessstore.microsoft.com/en-us/store
Note: Assign a user to a specific Autopilot device to pre-fills a user from Azure Active Directory in the company-branded sign-in page during Windows setup.
Note: Sorry for the bad picture quality !!!