@Microsoft Mechanics, My question would be, if you do not have the Hardware IDs, can you use auto pilot using only a user account that has permissions and license to join computers to Azure and that Azure has auto enrollment configured?
Everyone says that Intune and Autopilot are replacing system imaging, but I don't really see how this does anything close. It lacks a LOT of features and settings that I'd come to expect from a replacement of a system image.
The basic answer is that MS expects you to be fine with the VLSC image and just tweak it with scripts, policies and configuration URIs. It's not supposed to "replace" OSD, it's supposed to obsolete OSD. That was the original idea. Stick around a year or two and the goalposts will shift 500 miles and it'll all be rebranded again.
Exactly, a lot of work, and of course, additional licensing needed for this functionality, and I can make an image in 15 minutes for what I need, refresh the image once in awhile, and have everything I need for most user groups. I get what they are trying to do here, but it is just a big licensing/dependency play for MS to get your $$$$ and really not save you any time in the process.
There are a lot of extra steps for Apple devices. You'll need to pay for expensive Microsoft hand holding. This is a shit solution from a shit company. Good luck even following their documentation. It's like a portal to the dyslexic dimension.
I have around 20 machines which has all been azure joined a while back, and as summer ends and school starts again, I am resetting them with Auto pilot reset, but it has been saying pending on around 15 of them for 4 hours now, what is up with that? :)
@@reguitarded yes for both. You don't want an endpoint to fail the whole enrolment just because there is some latency issue outside of your control. In most cases, it is fine to let the user get straight to their desktop and the remaining tasks will complete in the background.
Depends on the security policies in place. Every company is different. Many would want base security agents to be installed prior to a user hitting the desktop. As long as your apps are packaged and scripted properly and you don't mix LOB and Win32 apps, ESP is very reliable - although I'd agree about disabling the User ESP portion
Can anyone provide some hardware vendors that can add newly purchased devices into Windows Autopilot? Im currently buying devices from Best Buy and importing them on my own.
It would have been great if you showed exactly what the user needs to do right after they open up the box. I.e. - is it hit the Windows key 5 times. And then show what happens.
At 6:05 there's mention of assigning an Autopilot device to a user and having it say "Welcome ". I thought this was disabled because of security concerns? Or was that only preprovisioning that was affected?
But what about PPKG’s? Why not cover them Microsoft? Autopilot is great, just not for shared devices. FYI, Windows Configuration Design locks down to a single tenant during getting the bulk token, this makes MSP life difficult. I have to run WCD in VMs and revert checkpoints each time I make a new ppkg for a different clients. WCD also let’s me add Wifi and apps, settings to the device via a ppkg (At OOBE, Windows 10/11 have to be Pro to use a ppkg).
It depends on the scenario. User assignment is a bit more future proof, but if you buy a batch group of machines that need the same config from the profile, then the device group could be better, but not always.
Hi there so if I have already devices as hybrid that is being synced from AD if I make them an Autopilot device they will be added as a serial number I assum they also have to be in Intune so I can trigger a fresh start? I’m a bit confused with already existing devices, for brand new devices it is easy though, any help would be great
Hmm regarding the point made at 1:20 - I've had users self enroll from the settings page and their devices DO infact register to Azure as Hybrid Joined devices. Am i missing something?
Depends on automatic device enrollment configuration in Azure AD. This article also explains the pros and cons of each Intune enrollment option: learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
I guess what I don't understand is how is an Admin going to enforce a certain OOBE when the device isn't connected to AAD to sync with the policy in the first place? It's like a chicken before the egg problem in my head.
That's exactly what this solves for. Before the device connects to the Internet, its unique hardware ID is associated with your org and AAD tenant, then in OOBE once you connect to the internet for specialization, it pushes policy down to the device. It's like you've identified the chicken so your org owns it before it crosses the road
@@MSFTMechanics but the deployment profiles are group-based. And the device can't be assigned to a group until it checks in with AAD. I can't tell the device how to perform the OOBE until the user powers on the device and allows the check in with AAD. By then the OOBE is over.
@@Thecolonelshinn That's not entirely correct. There is a difference between an AAD joined device and an Autopilot registered device. An Autopilot registered device doesn't necessarily have any AAD object associated with it. Instead, the Autopilot device is recognized via the hardware hash of the device. The hardware hash is imported into Intune (or other MDM solution) and then becomes an Autopilot device via the hardware hash. You can build device groups that contain Autopilot devices, and then assign the Autopilot profile to that device group. When OOBE runs, it checks to see if any Autopilot registered device (NOT AAD device) has an Autopilot profile deployed to it, and if it does, it picks up the Autopilot profile and runs it.
So you are showing a Macbook with Windows running on it???? Left off the part about all of the additional licensing and costs per user this requires, otherwise, all of this is moot. Part of MS's master plan to put everybody on their cloud and have all of their server, devices, licensing etc...more than increasing your costs in the end by 8 fold.
