Here's how Windows Autopilot works with Microsoft Intune
Вставка
- Опубліковано 4 гру 2024
- Windows Autopilot is a cloud-based deployment and device management service that simplifies the process of setting up, resetting, and repurposing Windows devices for organizations. It is designed to streamline the process of deploying and configuring new devices, allowing IT administrators to customize the out-of-box experience (OOBE) for end users. Autopilot enables users to receive devices with pre-configured settings, applications, and policies, reducing the need for manual IT intervention.
Microsoft Intune is a cloud-based unified endpoint management (UEM) solution that enables organizations to manage and secure their devices, apps, and data across various platforms, including Windows, iOS, Android, and macOS. Intune integrates seamlessly with Windows Autopilot to enhance the overall device management experience.
Here's how Windows Autopilot works with Microsoft Intune:
Device registration: When an organization purchases new Windows devices, the device manufacturer or reseller can register the devices' hardware IDs with the organization's Autopilot deployment profile. This process links the devices to the organization and ensures that they receive the correct configuration settings during the OOBE.
Profile creation: IT administrators create Autopilot deployment profiles in Microsoft Intune, which contain the desired settings, applications, and policies for the devices. These profiles can be customized according to the organization's requirements, such as disabling specific Windows features or pre-installing specific software.
Device assignment: IT admins can assign Autopilot profiles to devices registered in Intune. When users power on their devices and connect to the internet, Windows Autopilot automatically configures the devices based on the assigned profile.
User experience: During the OOBE, users sign in with their organization's credentials. Windows Autopilot then applies the assigned profile settings, installs any required applications, and enforces the security policies defined in Microsoft Intune.
Ongoing management: After the initial setup, IT admins can use Microsoft Intune to manage the devices, enforce security policies, distribute software updates, and monitor device compliance.
In summary, Windows Autopilot and Microsoft Intune work together to simplify the deployment and management of Windows devices for organizations, providing a streamlined and efficient user experience.
Great video. Really helpful. Is no one going to mention the priceless moment when your webcam rebooted itself and we just hear fu&+ ? That was priceless.
Glad it was helpful!
yep! 😂😂 I can relate!!
Sh*t happens! Lol
Great video, I loved your reaction at 7:49 haha
Yeh, no idea what happened there, my elgato camera stream just crapped out for a couple of seconds, I should have cut it, but I wanted to see if anyone would spot it! You win!
ikr fffuuu XD
Fuk!!! lol priceless
Great pace, great selection of highlights, great relevance - Bookmarked for my future reference as our org will be migrating to MS365 with intune and autopilot in the future
Very well explained, especially the whiteboard session. Props :)
Thank you very much, if you enjoyed my whiteboard explanations you should check out the az104 and machine learning videos
Thank you for all!
Thanks for This Video really great, I don't know how this channel didn't appear before when I searched on this topic, anyway well done for the clear explanation and that reaction when the camera went off was really funny 😂
Glad it helped!
Awesome video, thanks for sharing
What a great video. So helpful. Subscribed.
Outstanding explanation, thanks a lot!
You're very welcome!
Very informative. Thankyou for sharing
There're numerous videos already on YT covering the basics, but I'm missing a much more in-depth video about this topic. E.g. The use of multiple deployment profiles and security groups (to separate devices by admin, std user and VM's). Also, I believe configuration profiles/apps should not include the Autopiloted devices group, but rather create another security group which includes all Windows devices instead. The way you do it, what happens if some user manually AD-joins or AD-register another Windows computer by himself? (Each user can use up to 5 devices...). Anyone have any input on this? PS: Not to criticize, I'm really grateful that people like you take their time to make such videos. Keep up the good work!
You are right about more in-depth needed, but from the side of making these videos and trying to build a channel. I can go much more in depth in a lot more detail but the more complex you make a video the less views and hit you get, which is important when trying to grow numbers on such a small channel, it takes a lot of time to put these videos together and cut and splice and edit ect. So I am just going for maximum audience. There are more complex topics on my channel too, yet that is going to have wait until I build a larger audience and can bring them along for the ride. Thank you for your good comment though and thank you for taking the time to watch.
@@mwcloud I understand. Will continue to follow your channel. Again, keep up the good work!
Thank you @@frankfix247
Hi Mike, thank you for the helpful and direct video! Cheers!
Glad it was helpful!
Btw thanks for the video, helps alot in understanding other videos about this as well. Only you explained clearly to me about the steps ands why
Great video! I appreciate your attention to detail. Does this work for devices with any Windows version (Home or Pro)?
Great walk-through, thanks!
Glad it was helpful!
Yeah like everyone said nice video, good explanation. One question, is there a preference for generating a CSV instead of enrolling directly online?
Here is what I run on a freshly installed Windows 11 device from the OOBE setup menu:
(Registering Computer with AutoPilot)
Shift+F10 - pulls up CMD
powershell
Set-executionpolicy bypass
Install-script get-windowsautopilotinfo (press yes to any prompts)
get-windowsautopilotinfo -online
*****login prompt should appear - use your admin account to login
Not really, I used CSV as it was a demo with new machine. You would normally have them auto enrolled from time of order
Great video sir , your videos are changing my life
Glad to hear that
Another great video from the legend
Glad you enjoyed it
one of 2 videos that helped me to understand intune thanks.
No problem. Would you like to see more in tune content ?
You video was really helpful specially for one part where I was stuck. I had followed some other videos on UA-cam where they showed similar step but missed telling about an Important step which is to Reset the PC (the test VM) so that OOBE experience appears after the restart and your video helped me with that doubt ! Thank you for such an amazing content.
No problem! Like and sub!
@@mwcloud done already ! Thanks Mate
If there are any other topics you would find useful let me know
@@mwcloud Hi, is it necessary to reset the pc? i dont want to lose any settings or files on the pc
@@Kevin-hq6pm yes, this is for autopilot onboarding a new computer. If you already have a machine you want to onboard to azure you might just need to do an azure ad join and that won’t affect any data on your machine. I have a video on that too
Nice session matey👍😊
Thanks 👍
Thanks a million, I get to keep new job lol
47:43 you recommend "explicitly adding and removing devices from blocking apps list"? can you pls clarity
So helpful! Thanks so much ❤
You're so welcome!
amazing explanation!
Glad you think so!
Does this work the same in a Hybrid Domain set up?
rather than import you can run the ps script live which imports into auto pilot and will appear as pending and eventually changing to assigned
57:35 do you have a source or video on running this script from thumb drive?
@@itst0000 which script? The command from the psgallery? It’s on psgallery.com if you want to download it.
good video ,Do you have to have TPM defined. I have a new Lenovo w11 laptop its not joining because of a TPM message not found. Should i deactivate TPM from the setup requirement?
I honestly do not know, that would be something I would be googling myself. Sorry, but I do not have an answer to that one.
@@mwcloud Thank you. because its new I dont why its issue.
Autopilot is great but for our organization the idea is not taken far enough. Our users are SO not tech savvy, that even choosing the right keyboard layout can be a challenge. What we want is a device that the user only needs to log in and get to work straight away. To get there, Autopilot is a bit of help to me as an admin, but I can still spend about 4 hours per device to uninstall the Windows bloatware, update it (which is REALLY painful) and wait for all our company apps to be pushed to the device.
You need to have a look at making a custom windows images and loading it via USB if you have your hands on the machine before the user. Or use MDT to do that too.
Autopilot has its place, but it is not for everyone
I don't understand what is better by using Autopilot. I can already have a user buy a laptop from Best Buy with windows Pro and they log in and we can install all programs and AAD join the computer. It seems really dumb that the user has to login before things install.
Now do that for a corporate refresh with 50,000 employees worldwide when you have a partnership with dell/hp/lenovo. If you don’t see the use case, then it’s probably not a use case for your environment. Just because it exists doesn’t mean it is relevant for everyone out there
if you ever see this, how would i go about adding all windows devices on Intune (remotely, around 200 devices) IF they are all Entra ID registered and have all been used for a while, so wiping out the data does not seem very worth it ?
and i do not have all their serial numbers on me, and I am not currently using azure.
learn.microsoft.com/en-us/mem/intune/enrollment/windows-enroll
set the MDM scope to all and they will all be enrolled into intune, or select some, put your 200 devices into a group and add that group.
its called "mdm auto entrollemnt"
@@mwcloud are you sure? I thought that was for entra joined devices, not registered ? mine are all registered
@@martiniproductions185 read that link, in the first paragraph is says joined or registered. I have not tested this though. So I would make a test group and give it a shot if it were me
What I want to know is the following: you said manufacturers create these hardware IDs, and feed them to intune. So if I buy a lenovo computer, my hardware ID is already registered in intune? So I can just setup autopilot for my organization and it'll run wild? How do I know if I have to manually enroll a device?
You are on the right track but not quite there. A hardware ID is unique to your computer through the combination of CPU/Mobo that will have unique codes when they leave the factory, Microsoft can use this to uniquely idenify a single machine out of all the machines in the world (they can use this for licencing windows for example, so when you swap the mobo in your computer you r windows licence will reset as it sees it as a new computer) So, since MS can target a computer based on a HW ID and lenovo (or whoever) can get this HW ID when they build the machine, when you order say 100 laptops, when you order them you tell lenovo your tennant details and they pass the HW IDs of the devices you bought to MS who import them directly into your intune. The first time those devices then turn on and connect to the internet, Microsoft will pick up on this and hook them into your intune. If you want to do this process manually, that is what I have explained in the video. Hope this helps.
I see, I spoke to Lenovo and they said that, they have a form to fill out that will help them register the device (post purchase). I have to do that per device. Currently they explained that there is no way to get it registered prior to shipping because purchases typically are fulfilled with computers that are sitting in warehouse inventory (post manufacturing). I'm assuming this is only for enterprise (large) customers that can swing their wallets around and ask for what they want? Or at least a company larger than mine (we only make 1-5 laptop purchases at a time). Although starting in January they will have a process that will help facilitate that automatically on new purchases for anyone. Does this sound accurate? Thank you so much for this, it's helping me a ton@@mwcloud
How do you deliver the passwords to users before they start the out of box experience?
Same way we always have, when you set up an AzureAD user account for the first time there will be a one shot password for them to use and then they will be prompted to change the password on first login
next time please remove the background music ty for video
Okay
Could you please change your background music to some lofi. What you have at the moment is unbearable.
I will do on the next video, it seems you are not the only one who dislikes it. #Learning
@@mwcloud Other than that, thank you very much for the video. Its a great synopsis and it really helped wrap my head around it.