 Show
During my engagements I have the chance to see many different environments and learn how customers transform to a modern workplace. In this series I will share the top 5 questions which arise. In this blog I will answer: What is the best method to enroll Windows devices?Modern projects always focus on Windows Autopilot. The general idea is to let the end-user enroll the device and save time within the IT department and provide flexibility. The problem is that most of the companies do not realize that not all users are capable and willing to do such an enrollment. Therefore management support and also good communication is crucial.
Autopilot provides high flexibility regarding hardware models can be used within an environment because driver engineering and staging is no longer required. This also means that the IT department can safe plenty of effort and costs. Additionally, devices can be reset and enrolled everywhere on the world with just a internet connection. So, it seems clear we will try it. We all have enough to do… but soon after a rollout started, the following questions arise:
I saw that customers collected the end-users password to do the rollout or that the rollout technician is using his personal account to enroll devices. Both are definitely a NO GO. Sometimes I get also the question regarding white glove/pre-provisioned deployment. Windows Autopilot for pre-provisioned deploymentThe pre-provisioning is an option to install apps and settings before handing out a device to a end-user. But the end-user still needs to do the Autopilot enrollment by himself, but now a little bit faster (Depending on the count of Apps).
My personal opinion is in most cases to not leverage this option. But why? We try to optimize a process with Autopilot and allow shipping of the device directly to the end-user to safe the time the IT has to invest. With pre-provisioning we lose all these benefits as the IT still has to touch each device and connect it to the network. In most cases I would assume that just doing PXE boot and execute a MEMCM task sequence could be faster, more reliable and allows to do more customizations. The only draw back is the driver engineering which needs to be done. But this is a one time task per model and the most time consuming IT tasks (unpacking, connect, ship to end-user) are still required. Device Enrollment Manager (DEM)In MEM it’s possible to define some users as Device Enrollment Manager which are then allowed to enroll more devices than a standard user and with the benefit that the user is not associated with the device. Enrolling a device without a user assigned has some drawbacks, but they are not as big as they were a few years ago. As you can see in Docs since Windows 1709 Conditional Access is also working with this enrollment type. So, this could be an option, but I recommend testing it well as some features are not working. Autopilot Self-enrollment modeThe self-enrollment mode is great for kiosk or shared devices. But as with a DEM there are drawbacks regarding Bitlocker and Conditional Access. Interesting is that Microsoft is using “may” in the warning:note Note Self-deploying mode does not presently associate a user with the device (since no user ID or password is specified as part of the process). As a result, some Azure AD and Intune capabilities (such as BitLocker recovery, installation of apps from the Company Portal, or Conditional Access) may not be available to a user that signs into the device. For more information, see Windows Autopilot scenarios and capabilities and Setting the BitLocker encryption algorithm for Autopilot devices. SummaryAs you can see there are multiple options but only one brings the expected benefits of modern management. Therefore it is crucial that you educate your users, work on the company culture and communicate well, especially the Windows Autopilot benefit which Thomas Marcussen explains well in his TOP 10 list. An additional tip is to provide the users a nice designed setup manual with a step by step manual and some tips and tricks adjusted to the tools you use. When I was attending a rollout you couldn’t imagine how happy the users where as I could show them flags/to-do in Outlook or how they can use OneNote.
Principal Workplace Consultant | MVP at baseVISION AG I’m a consultant, trainer and architect for modern workplace and enterprise mobility projects with Microsoft Technologies in the past eight years. I love to push and design the modern workplace based on Windows 10, EM&S and O365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs. 0 CommentsWhat is pre provisioned deployment?Autopilot for pre-provisioned deployment (former White Glove) is a way to build modern Windows 10 devices by offloading the time-consuming Autopilot related tasks like an installation of apps, policies, profiles etc. from an end-user to the device provisioning Technicians (IT, Partners, OEMs).
How does Windows Autopilot help with deployment?Windows Autopilot simplifies the Windows device lifecycle, for both IT and end users, from initial deployment to end of life. Using cloud-based services, Windows Autopilot: reduces the time IT spends on deploying, managing, and retiring devices. reduces the infrastructure required to maintain the devices.
Which features of a device are retained after performing a Windows Autopilot reset?The Windows Autopilot Reset process automatically keeps information from the existing device:. Wi-Fi connection details.. Provisioning packages previously applied to the device.. A provisioning package present on a USB drive when the reset process is started.. What are the three steps of Autopilot deployment?Steps for configuring Windows Autopilot. Step #1: Create an AutoPilot profile.. Step #2: Obtain device details for AutoPilot deployment.. Step #3: Upload device details and associate profile.. Step #3.1(Optional): Branding the device activation screen.. Step #4: Assign users to enrolled devices.. |
What happens to a device when IT goes through pre provisioned deployment using Windows Autopilot?
Urheberrechte © © 2024 WIKIFI Inc.
