Windows Autopilot: What it is and how it works
Вставка
- Опубліковано 12 лип 2024
- Microsoft Ignite Session: THR2112
Windows 10 introduces new modern deployment capabilities, called Windows AutoPilot, that leverage the cloud to automate the configuration of new PCs without any need for IT to even touch the computer. In this session, you'll learn about Windows AutoPilot and the key cloud-based scenarios that it enables. - Наука та технологія
Thank you so much!
Does windows auto pilot deployment support by Dell workstations?? does it have any specific hardware requirements??
Very nice 👍👍
What about other automation used in small/medium/large such as application (+legacy), registry changes, additional files required for a lot of Enterprise automation? how to we get blob-ware placed by Microsoft removed in the process? how do we keep a feel/look for every user like start menu, pin apps, etc? in a highly secure environment, what URL/domain would need to be white-listed for the device to connect and download policies?
The primary heavy-lifting from a configuration perspective comes with the MDM auto-enrollment once the AutoPilot service customizes OOBE. The good (and Ignite-timed) news there is that Intune now has Intune Management Extensions coming that will enable EXE installation (previously was UWP or MSI on Windows) and enable you to run PowerShell scripts for any configuration that is PS1-scriptable if it isn't already in the MDM CSP. Another option you can take is to have Intune install ccmexec for ConfigMgr to takeover post-specialization config. -Jeremy
Is it possible to deploy applications using this service in same way like SCCM does ?
There are a few ways to do that. Autopilot basically gets you enrolled into Intune and Intune can deploy MSI packaged apps easily or run commands to install .exe or bootstrappers. With co-management, you can also use Intune to install ccmexec, then you get the best of both worlds - Intune MDM and Configmgr for granular control.
@Microsoft Mechanics May I have that desk?
You can buy them at Restoration Hardware. We have 2 of them and use them daily.
if the machine is on the network and does not allow direct connection to the internet and they have to go through a PAC file / Proxy
You'd need to open the URLs for the AutoPilot service on your proxy. The process for using other Microsoft cloud services like Intune (see docs.microsoft.com/en-us/intune/network-bandwidth-use) and Office 365 (see support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2). The team is working on this documentation currently for AutoPilot-specific URLs and IP ranges required.
What happens if the user skips AutoPilot "wizard" by not connecting the laptop to any Wifi network? Will it provision as a normal Windows 10 with a local username/password?
We don't currently lock out a system if it cannot connect to a network during OOBE, so you would be able to skip that connection step and provision a local account.
Microsoft Mechanics what would be the process to then ”fix” this for the user? Would that be the funcionailty Settings > Update & security > Reset this PC and remove everything and make sure they enroll correctly or is there any other way?
that's right, we are evaluating ways to enforce the out of box experience to go down the Azure AD setup flow (make network connection mandatory) for a future Windows release.
How without a deployment image how do we get rid of all the crud that OEM's place on devices?
There are a few ways to do this. Ideally, the system starts with a Signature image free of bloatware. If not, you can use Fresh Start, which essentially resets Windows, removing any bloatware. To automate, it can be performed via MDM CSP with the "Manage Windows Fresh Start" setting, but the PC would need to be re-enrolled afterwards.