While I was on site working with @ChaCha_Arvay he asked “Do you want to see something cool?” So naturally when you are asked that you must reply “YES!”. You may recognize Chad from Microsoft Ignite where we rolled into Orlando together, but he also produces great content on the site! Chad is the main knowledge source behind our series for “Modern Operations”, but back to my first AutoPilot experience! So a few hour later, 2 guys walk into a bar, and set up shop to watch magic happen.
This customer was interested in pursuing a Windows Autopilot solution so that they can simplify the end users experience. This brings together Azure AD, Windows 10, Intune, & Office. There is something special about having an end user up and running with just a few clicks. This experience will be from the end users perspectives, but there are a few admin side things we should keep in mind.
You can read more in depth about how to setup and configure the AutoPilot prereqs, and how to configure profiles on other blogs more in depth.
The End User Experience
The user is issued a device, and tries to logon for the first time will have to follow the OOBE we have pre-configured. This customer operates world-wide so we have not set the region in our configuration and allow the end user to select this on their own.
The user will then select the keyboard layout.
The user will then be able to select a second keyboard option. This is something I just skip
Next the user will select to connect to a network (unless already on Ethernet, or a VM). All win 10 devices will check into autopilot service. This is true across the board, not just corporate owned devices starting on 1703 w/July update
Once on a network the machine checks with autopilot deployment service and sends it’s hardware hash. The device will now understand that “I belong to xyz org and I should behave in xyz way”. Before the user can even attempt to log into the device the corporate profile configured for this device will be downloaded, and start to apply. Once the profile gets downloaded it will be used to customize the rest of the end users experience on the device.
The system will “Just a moment, setup” then reboot itself. This scenario the OEM Device installed a
downloaded and then profile that required the device to rename itself to our environments standard naming convention. The device now matches what is on on your DC for the object.
The actual renaming of the computer is what took place which needed the restart
The system comes back up, and again asks for network information.
Now we are presented with our login page requesting our email information. In the interest of keeping the customer confidential we will swap the corporate branding.
Enter your password and select “Next”
First step is to join the device into Azure AD > then that triggers automatic Intune enrollment. >Once this is completed the device starts receiving policy. This is where we start seeing the enrollment status page below. Users will remain on this page until the device is configured enough where can login and begin to be able to do their jobs.
Device Preparation: Secures the hardware, Joins organizations network, registers device for mobile management
Device: Setup: CSP for enrollment, apps in device context, etc
Account Setup: Security policies, certificates, apps in user context, etc
For more information on this information check out Anoops Blog.
In this demo it only took maybe 15 minutes from start to finish on an iPhone hot spot. I can see significant time and cost benefits by leveraging AutoPilot. We no longer will to coordinate with T1 to take a PC out of a box, wipe the OEM image, and replace with our image, and then ship to the customer. My background is supporting classified mission networks, and tactical environments so this entire “Cloud” was very new to me. If you are an admin supporting corporate America I would absolutely recommend giving autopilot a spin!
Yes, my first time seeing AutoPilot in action was in a bar drinking many crown apple and cokes to be exact.