S02E17 - Microsoft Intune and Autopilot Quick Start Guide (2020 Edition) - (I.T)
Вставка
- Опубліковано 7 сер 2024
- In this video, our first video • S01E01 - Setting up yo... and show how to build a new Intune tenant and get started with Windows Autopilot in under an hour. This video is designed as a quick start guide. Watch our other videos for more in-depth discussions.
S01E01 - Setting up your Microsoft Intune Tenant (I.T)
• S01E01 - Setting up yo...
S01E02 - Setting up Windows Autopilot with Microsoft Intune - (I.T)
• S01E02 - Setting up Wi...
S01E43 - Revisiting Windows Autopilot - (I.T)
• S01E43 - Revisiting Wi...
00:00 - Intro
01:13 - Overview
02:25 - Create Azure subscription
portal.azure.com/
04:10 - Create Azure AD tenant
aad.portal.azure.com/#blade/M...
07:38 - Create global administrator account
09:29 - Assign Microsoft 365 E5 trial licence
admin.microsoft.com/AdminPort...
12:38 - Set Company branding
portal.azure.com/#blade/Micro...
16:00 - Enable Intune automatic enrollment
endpoint.microsoft.com/#blade...
17:47 - Enable Microsoft Store for Business
businessstore.microsoft.com/m...
19:53 - Create Windows Autopilot deployment profile
23:22 - Create dynamic Azure AD group
25:50 - Create enrollment status page
27:04 - Assign applications
27:54 - Register device in Windows Autopilot
oofhours.com/2020/07/13/autom...
32:30 - Confirming profile has been assigned
35:39 - Windows Autopilot OOBE
38:01 - Recap
Windows Autopilot documentation
docs.microsoft.com/mem/autopi...
Visit our websites and social media for more or to get in touch with us
Steve Hosking - Microsoft MMD Team
/ onpremcloudguy
steven.hosking.com.au/
mvp.microsoft.com/en-us/Publi...
github.com/onpremcloudguy
Adam Gross - Microsoft MVP - Enterprise Mobility
/ adamgrosstx
www.asquaredozen.com
github.com/AdamGrossTX
mvp.microsoft.com/en-us/Publi...
Ben Reader - Microsoft MVP - Enterprise Mobility
/ powers_hell
www.powers-hell.com/
github.com/tabs-not-spaces
mvp.microsoft.com/en-us/Publi...
Guys, thank you so much for your work. You and and oofhours are only usefull source of informations for Intune / autopilot. Good work
Great walkthrough guys, loads of improvements over the old version
Really great videos! Thanks for your work, guys!
Thanks guys! I already set this up with your previous videos but it's good to refresh and make sure everything is set right. I think i missed the ESP last time.
Thanks guys very informative, I'm at the start of this journey with my own company - the MEM and other stuff all setup - just getting my head around AutoPilot. I'm still a little dismayed that it takes quite a number of steps and jumping around different menus to get it going, especially don't understand the getting the new devices registered into your group part... but will re-watch and try to get it...
This was so helpfull! Thnx you cant wait for the next video.
Thanks folks, that was really good
Great Job Guys!
Thanks for the video guys. Very useful
Wow, the Enrollment Status Page that's something new to me. I was using the default for years, let's check that out. Thx guys.
Microsoft changed the syntax from (device.devicePhysicalIDs -any _ -contains “[ZTDId]”) to (device.devicePhysicalIDs -any (_ -contains "[ZTDId]"))
Thank you for this! I had it working with before's code and it randomly stopped working. Spent 2 days troubleshooting and found this comment fixing my issue.
I know it takes time to prepare the branding files and cut the lengths but be aware that it is very appreciated.
Good vid, didn't know about the autopilot online script
@Intune Training This is really helpful. I am wondering are you going to talk about windows compliance policy and configuration profiles?
Another great video, and thanks for revisiting with all the changes in Intune since the first AP video.
Any thoughts on why the -AssignedComputerName switch may not work? It worked fine for the last 6 months, but has suddenly stopped. Everything else fine, profile assigns fine, and user assignment works, but device name remains blank, even though we specified the -AssignedComputerName switch.
Great Video guys - I've just discovered you!! Quick Question, can I set autoenrollment up for just specific users (e.g. a trial group?) Also i dont have a P1 licence, i saw there are some work-arounds. Do you cover those anywhere? I work for a football (soccer) club in the Uk and resources are limited. Thanks
Great video. Can you clarify the point about joining something to a group so you don't have to enable new features as they come down a pipe? At 11:20. Are you saying associate the user to a user group or associate the license to a user group? Thanks!
hey good job!
A question, how do register device automatically without execute powershell manually? setting-up the unattend file?
thanks a lot
For the Company Portal app, aren't we supposed to use the (Offline) version for Autopilot?
also, can you do a video about : join ad on premise devices to Azure AD ?
It's so important because the majority enterprises have hybrid configuration ;)
up for my question ;)
Phew -lucky we all love dark mode :D
Steve could you please help me with how to allow only certain USB removable drives and block other via intune.
this setup method is for IT that laptops before they go to users as you need to sign in with the GA account?
Hi - what is the business store for?
I am setting up intune to manage:
Android mobile devices
iOS mobile devices
Win 10 laptops
Do you guys have tutorials how to migrate to Intune from other MDM Solutions. Like Airwatch to Intune? Without using 3 party tools like EBF or Exodus. Getting lots of requests in north Texas customer having other MDM Solutions and wanting to go to Intune without any hiccups.
35:13 i think im missing something i have waited over a day and profile status is still not assigned, is there anything someone can suggest?
First of all cool video! and I do all of that just with trial licenses just to try it out or do I have to pay for it?
You should be able to do everything with a trial license - as long as you complete your setup and testing before the trial expires.
I've done this before a couple of times without issue. For some reason though i'm now stuck and unable to even get cmd open. fn + shift + 10. Shift + F10. Windows + X. Windows + R and then cmd all do absolutely nothing. Ideas?
Hi I have some questions. Our company is using HAADJ, is it still unavoidable that we will see 2 entries for a same device nowdays? Second I use windows buildin reset function to reset an autopilot device. And then I realize that it will create a new entry and the old is still there. Is there any better way to handle this? I don't want to see too many duplicate devices in portal.
Do we still need to register with our credit card details !
I have been really enjoying your series. Do any of the team offer consultancy? We are a UK based SME looking for some support getting more up to speed with Intune. There are a lot of UK support companies but none really see up to speed with the latest offerings from Microsoft.
Sure Tim. Adam works for System Center Dudes and would be glad to connect with you. Shoot him and email - adam at intune dot training.
Could you help in understanding from client perspective how device knows it should connect to which tenant or it should get setting from Intune in Autopilot.
All Windows devices will check into the Autopilot service when first connected to the internet. They check to see if they are registered into a specific tenant and if so, pulls down the autopilot profile.
🙏🏼
folowed the steps and the "create"button is greyed out..
this is hard to follow
Can I just ask - the part with the script running on the VM. Is this performing the same step as getting serial numbers from your manufacturer, uploading them as a CSV into Autopilot? Or is there more to it?
Yes. It is collecting the device hash, serial, etc then uploading to the Autopilot service just like your OEM would or like you can do manually exporting to a CSV then uploading in the portal.
@@IntuneTraining This is amazing. Thank you for making me aware of this. I had no idea about the '-online' option.
Hi guys - I have a question: I've gotten mixed answers from Microsoft Support in regards to assigning apps to Security groups including devices vs users. Is it just for Autopilot set up that we should be assigning these apps to devices or always? I'm just going through your videos and this is my first project within Endpoint Manager. Please redirect me to another video if you have one in regards to app assignment. Thank you :-)
So far I've only assigned apps to a group of users using iOS devices. Security group = "Portal iOS" including specific users I know have iOS devices. By doing this I was able to see the apps show up in company portal however when I tried assigning the devices themselves into this group, did not have any luck seeing the apps show up?
Thank you!
It's not working for me, I followed every step and when I reboot my Vm machine to get the windows deployment profile to sync with the Intune and get the profile, it's not doing so. It's not booting from Autopilot even though everything is working.
Good thing to review it. :)
Now how about for ISO 27001 Compliance tutorial ?
Thanks! Glad you liked it. Unfortunately we won’t be able to do a video on ISO compliance. That’s just not an area that we have expertise in.
@@IntuneTraining Isn't it great? No experience and we will do it. Endpoint manager has a compliance, I think its doable? Make assessment on Intune and adopt it on ISO 27k01. 👍👍👍
Do you know the difference between Branding in AAD Vs Branding in MEM > Tenant Admin > Customization ?
We did a video on it.
ua-cam.com/video/VdZOmUkTHnw/v-deo.html
@@IntuneTraining too good! Thansk
i have a HUGE problem when i try to register my device on INTUNE with the powershellautopilotInfo, it demand me permition to be accepted by an admin, the problem is : I Cant Be Global admin !
So how do i do ?
Have you tried using the CSV option instead of Online?
Also you just need to have your GA run the command and grant perms one time.
haaa okay i see that !
Thanks you so much i will ask to my GA tomorow
What is the best way to get MFA and Autopilot working together?
Are you having a problem with it?
-- Ben
@@IntuneTraining yes. my setup is CA policy for MFA all users and All Cloud Apps, MDM=All, MAM=none, AAD device settings=joined and registered devices require MFA =Yes, All= users may join AAD. I setup a VM and followed your video on using the get-windowsauto...ps1 - online. Authentication popup, pw and MFA is ok... then You can't get there from here...Devices or client applications that meet management compliance policy. If this ia a personal device you can choose to let comp manage your device by Settings>Accounts>Access work or school... and can't get past this. My Device comp policy simply has Bitlocker, secure boot, AV. Any thoughts?
LOL @9:50
i have the code but wha'ts the difference between
(device.devicePhysicalIDs -any (_ -contains "[ZTDId]"))
(device.devicePhysicalIDs -any _ -contains "[ZTDId]")
does the both work ??
Good point.
Latest documentation from Microsoft has updated with the extra brackets - docs.microsoft.com/en-us/mem/autopilot/enrollment-autopilot
I have been using the original query in the video, and it has worked countless times until a few days ago. I had to log a ticket with MS and the tech created a new group with the query for the double bracket - the same as the new Microsoft Docs. My autopilot issue then worked.
My issue BTW was that Autopilot branding never showed, the device would just boot to standard Microsoft login instead.
I did get Autopilot branding however if I assigned a user to the device in Intune.
Anyway, issue resolved when using the expression - (device.devicePhysicalIDs -any (_ -contains "[ZTDId]"))
Epic beards boys - 'cept for Ben of course. Not sure what his deal is.
You mean the hobo looking Adam?
(device.devicePhysicalIDs -any (_ -contains "[ZTDId]"))
19:26 Store for business, you guys are clicking and talking so fast I have no clue what the hell you did...
Honestly neither are we :-)
What do you need to know?
@@IntuneTraining LOL, seriously you do know what you are doing... I am just trying to keep up. So your older videos are dated (thanks Microsoft for changing things faster than most tech's change their underwear) I right now am trying to run the "Get-WindowsAtuoPilotInfo -Online" on a Virtualbox vanilla windows 10 pro install. (still at the OOBE screen) I tried following a hybrid of what you typed on the screen and what the linked article suggested by adding tag "Hah" and "Group" StarPower (I named it something else) 12 hours later still waiting for the profile to assign. I figured I screwed it up, and deleted the device. I am now trying just the Get-Windows...ps1 -Online (no other flags) hopefully I can get to the Profile Assigned point and move forward.
Make sure you add the computer object to a group that has the policy assigned, also hit the sync button in the autopilot blade
@@IntuneTraining yup. completely lost.
So, I am not sure what I am doing wrong. I am (as best as I can with how fast you all go though stuff) following step by step, but I get here. to where we need to wait for the Profile status to change to assigned. and it never does. I have sync'd and refreshed I don't know how many times and we are days later and obviously something is microsofted up. (see what I did there.) I think it has to do with "(device.devicePhysicalIDs -any _ -contains "[ZTDld]")" not working.