Following the pandemic, most organizations have shifted towards a hybrid workplace with a disaggregated workforce. This has seen most remote workers add their own devices to the organization’s IT ecosystem. This has introduced a unique challenge with most organizations grappling with the reality of how difficult it is to manage endpoints. Endpoint Manager, formerly Intune, offers a modern solution enabling businesses to manage their devices from anywhere. This cloud-based platform eliminates traditional management constraints. For starters, you can now manage these endpoints with Windows Intune Autopilot.
The latter starts by simplifying device provisioning and offering the ability to give new devices to end-users as the need arises without having to build or maintain a custom operating system image. On the other hand, Intune manages policies, profiles, and security settings, making managing Windows endpoints relatively more straightforward.
What Is Windows Intune Autopilot?
Windows Autopilot includes a set of technologies leveraged by IT professionals to set up and pre-configure new devices for productive use. This desktop provisioning tool native to Windows 10 helps the IT team automate all new devices with preset configurations. Additionally, it allows IT professionals to apply profiles to PCs so that new users can have full access from their first login.
Think of it this way. Windows Autopilot simplifies and streamlines all the bulk deployments, setups, and configurations added onto the organization’s IT ecosystem, ensuring that these are ready for corporate use. It also comes in handy in facilitating the easy management of Microsoft Windows devices throughout their usage within the organizations right from the initial deployment. Overall, Windows Autopilot helps organizations simply Windows device management. It reduces the time IT professionals spend deploying and managing devices and the infrastructure needed to maintain said devices throughout their lifecycle. Additionally, it maximizes the ease of use for both IT professionals and users.
What Can Autopilot Manage?
Windows Autopilot enables administrators to manage a few functions within the ecosystem with a new approach.
For starters, administrators can automatically add devices to ADD or Active Directory via Hybrid Azure AD join. Additionally, it becomes easier to auto-enroll devices into MDM services, including Microsoft Intune. Note, however, that this function requires that the user have an Azure AD Premium subscription for configuration. Further, administrators can create and auto-assign the different devices within their ecosystem subject to the device’s profile. Finally, it becomes relatively straightforward to customize OOBE content specific to the user’s organization.
How to Deploy Autopilot
Once you deploy a new Windows device, Windows Autopilot leverages the OEM-optimized version of the Windows client. As it stands, this version is already preinstalled on the device, which means that neither the end-user nor the IT professionals must maintain custom images and drivers for the particular device model.
In place of the reimaging, the existing Windows is transformed into a state that can easily apply the preset settings and policies, install apps, and support advanced features. Before you can leverage Windows Autopilot, there’re a few configuration requirements that you’ll need. These should sufficiently meet and support some of the common Autopilot scenarios you are likely to encounter.
The first step would be to configure ADD automatic enrolment. Note that if you are using a different MDM service, it is advised that you liaise with the vendor for the specific URLs or configurations needed for this deployment. You’ll also need to configure ADD’s custom branding to display key organization elements, including a square logo, sign-in page text, and tenant name. It is prudent to mention that as you consider Windows Autopilot deployment, you also have to consider the best practice guidelines for devices.
For starters, your devices are expected to meet the minimum hardware requirements for Windows. These best practices are meant to ensure that the devices can quickly be provisioned as part of the deployment process. It would be best if the IT professionals reviewed the minimum hardware requirements for Windows before embarking on the deployment process.
After meeting the hardware and software requirements, the next stop should be the Windows Autopilot enrollment status page (ESP). Administrators can display the device’s configuration progress on your ESP profile. You can also track the installation of applications, security policies, certificates, and network connections as the need arises.
Licensing Requirements for Intune Autopilot
Right out of the gate, it is paramount to mention that Microsoft Intune Autopilot licensing requirements apply to Windows 11, Windows 10, and Windows Holographic, version 2004 or later devices. Further, it is essential to note that Windows Autopilot is reliant upon the specific capabilities available in Windows client and AAD. Further, it leverages MDM services, including Microsoft Intune. All of these are made available through different editions and subscription programs.
Seeing as you will need ADD as it comes with automatic MDM enrolment and key functionalities, there are specific subscriptions that you will require. These include:
- Azure Active Directory Premium PI and P2
- Microsoft Intune Subscription
- Microsoft 365 Enterprise E3 and E5 subscription
- Enterprise Mobility and Security E3 or E5 subscription
- Microsoft 365 F1 and F3 subscriptions
- Microsoft 365 Business Premium subscription
Additional recommended licenses include:
What if, during the device’s lifecycle, an endpoint is performing poorly? What if you intend on passing the device over to the next end user? In this case, you can leverage Windows Autopilot reset. The latter takes the device back to a business-ready state. Thus, the next user should be able to sign in and utilize this endpoint without much hassle. This reset removes any personal files, applications, or settings that might have been on the device. It also reapplies the original settings without compromising its identity connection to Azure AD. Further, it removes the device’s primary user and establishes the next user as the primary.
Manage Windows Endpoints With Intune Autopilot
Want to radically reduce the cost and complexity of managing the devices of your remote and distributed workforces? Agile IT can help you configure and deploy Autopilot for your windows 10 and 11 endpoints across Commercial, GCC, and GCC High. Request a quote today.