Deployi Windows 10 With Autopilot in Microsoft 365 Endpoint Manager

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi there this time i've got three things to say to you windows 10 deployment autopilot microsoft endpoint manager are you ready let's go hi there andy malone welcome back to the channel microsoft mvp and microsoft certified trainer you know if somebody said to you let's do some software deployment or do some traditional windows deployment it would put the fear of god into most people we're talking about text files answer files oh it was a complete nightmare um if you wanted to spend some money you would use traditional tools like system center configuration manager which made the job a little bit easier but now life in the cloud is getting even easier with microsoft endpoint manager and microsoft intune of course so this time on this episode we're going to take a look at how we can deploy windows 10 using endpoint manager and a very cool tool called autopilot so without further ado let's take a look the first place to start is of course in microsoft 365 and i'm going to go into licenses and i'm going to grant this user an emns enterprise mobility and security as well as a microsoft e5 license and this will give the user the capabilities that we need please note here that if you're a small business you can also get this capability with the business uh premium the microsoft 365 business premium account as well so from that i'm going to go and switch over into azure active directory i'm going to create a new group here and this is going to be a dynamic security group so i'm going to click on new group and just to say that it has to be a security group because you can only create a dynamic device with a security group you can create dynamic users with both a 365 and a security group but for the purposes of what i'm trying to do here i'm going to call this it devices and it's going to be a dynamic device okay excuse me okay so now that i've done that i now need to put the obviously the rule in so i'm going to click on the add query and as they used to say on a famous tv show when i was a child here's one i prepared earlier so i'm going to go ahead and click on edit and i'm going to go ahead and paste this rule in so basically what this is it's basically saying hey if my user is running a windows 10 or it uses this device id okay so if the device id is this then it's going to deploy with autopilot so as i say this is just a very very simple rule so if the device id contains this rule then go ahead and enforce this so i'm going to click on create and that is the group created now okay and of course if i go into my devices um obviously in devices i will have a device with that specific id so now what i'm going to do is i'm going to flip over into powershell and i'm going to obviously create a little setup script so i'm going to go into here um into powershell and i'm going to install or get the details of the device so i'm going to build out the device so it's like a little template here and if you want to find all of these steps by the way docs.microsoft.com is the way to do it um or of course you could always pause the video and and go through it yourself so yeah so i'm creating my device setting up my device policy and this will create my device a template that i've i want to use you can see it's it's a csv file that i've gone ahead and created and i can go ahead and i can have a look at that file if i want to although to be fair in powershell it doesn't really look that much but if you opened it up in let's say excel it would give you a bit more detail okay so the details about the machine the options and so on so now that i've done that i'm going to flip over now i'm going to come into 365 and i'm going to go into endpoint manager and the first place to go of course is devices and you want to obviously think about how can i enroll these devices in um so the first things first um of course i need to enroll the devices and you can do this in a number of ways um if you've got ios and android devices you can automate the setup here i'm using a windows 10 so two elements of this i can create a profile and i can also add the device as well so the first thing i'll do is i'll i'll arrange for the device to come in and then i'll go ahead and create the profile so first up then i want to add this device in and i can go ahead and i can bring the device in i can import this csv file that i've created and again select the file so this is just an autopilot device here's my csv file that i created and just click on open okay and then i'll click on import you can see it's saying that it's correctly formatted so that's fine okay so you can see that the device will come in in a second there it is okay so um windows 10 um it's not assigned to any particular user at the moment you've got a unique serial number there so the next step is i go back into enroll devices and this time i want to go ahead and create a profile now when you create a profile it's obviously what are the details of the profile and which users or devices are you going to deploy that profile to so i'm going to create this profile just call it a datum profile just now and then it says okay what do you want me to do um obviously i'm going to deploy autopilot and you can see there's loads of different options here and i'm really just going through and it can be user driven or it can be automated if you want to for the purpose of this demo i'm going to say it's user driven and i want the use the device to join our organization so there's various options that i can show with privacy settings desktop settings um i can put in certain restrictions and things like that if i want to i can say which what type of user again for the purpose of the demo i'm choosing administrator but it could just be as easy as a as a standard user as well um then you've got your language different language options of course you can choose your your language and you can also choose the the actual operating system itself the minimum requirements here of course are windows 10 so it's a windows 10 feature this windows 10 pro is the minimum here okay um do you want to configure the keyboard settings and and so on so you've got all of these settings that you could do i'm just for the again for the purpose of the demo i'll just keep it simple so now that i've created this i'm going to go ahead and add a group so what group do i want to deploy this you've got an include and an exclude option so you can include every one and then exclude them and of course this one it's the it devices group yeah so i'm going to click on select and i'm going to bring that it device group in and then click on next okay so you've created the profile you've assigned the profile and again you now get a nice overview of everything here just gives you a detail about what's included in that okay there we go so we've added the device you've set up the profile and we're now obviously ready to go so what i'm going to do is i'm going to flip over to my other machine this is a a desktop machine and i'm going to choose a windows reset here so on this machine this is obviously the target machine so i'm just going to do a complete reset now just be warned this can take some time for the purpose of our sanity you'll be glad to know i've sped this up quite a bit so obviously you might want to back up any important files and this will just basically bring the system back to a default so you can choose to restore keep your files or just remove everything again for the purpose of this demo i'm going to choose to keep my files okay so uh this will now start uh it will take quite a while i can i'll just warn you in advance it does on a virtual machine anyway okay so i'm going to go ahead and this will now off it goes you can go for lunch come back and it should be done we're gonna get things ready um again takes just does all of its cleaning all of its wiping off uh and then it will go off and do a reboot and it what it does it does several reboots here okay now the key thing to note is when you reset the pc um it will then when it restarts it will look for a profile and obviously because you're on a corporate network you're in microsoft 365. it will then say hey okay i want to uh get that profile okay so several several days i'm just joking a little time later it will reset the pc and i can tell you it definitely doesn't go this fast in reality okay so off it goes reboots the machine and when the machine reboots of course it's pre-configured with our profile settings what we need the user to do all right which you'll see in just a second so here we go now this particular virtual machine i'm in the uk so i'll go ahead and i'll select the uk option so make sure that your region is correct obviously make sure you've got the appropriate keyboard and of course yep keyboard language all of those things okay and then click on yes this looks good you can also add an additional keyboard as well i'm happy with that so i'm just going to click on skip for now okay so off it goes and again it's doing some important setting up so it's reading the profile and you can see it's already joined our microsoft 365 or azure active directory organization so i'm here's my user account i'm logging in as that user and i'm going to click on next so you don't need to do a domain join it's already done for you and it's asking me to put in my password now because of the security policy that i've got set up in my organization i'm also using multi-factor authentication it can reduce hacking by 99 okay so seriously consider setting this up so the second part here is it will just say hey you know i need a little bit more information from you and you'll need a mobile device here you can download the microsoft multi-factor authentication app it's a free download that you can set up the microsoft authenticator rather i should say so you download that machine reboots and it then says hey okay um i just need to uh set one more thing up now if you have windows hello so if you're using windows 10 you want to use facial recognition and iris recognition and all of that you can see here it's now saying hey okay i need some more information from you that your company has requested okay so i'll say next and i'm going to set up windows hello here so first of all you download the microsoft authenticator and you say yep okay that's fine i've gone ahead and done that and now what it will do is it will show you a qr code you take a picture of the qr code and then it will say hey okay do you have the number and you just approve it on the authenticator app okay so once you've approved it um yep so i've done that so you see it says approve the notification so i would go ahead and approve that on the app and once it's approved yay the green light lights up and i click on next okay so it will maybe also ask you if you want to set up a pin uh for the uh for your windows 10 device you can also set up other features as well i just chose a pin because this is a virtual machine but of course you can choose biometrics as well okay so i'll go ahead set up a pin um again i do recommend the minimum of six characters uh rather than just four so you want to make it as easy as and as secure as possible so off it goes and that's it you're all set so click ok and you can see that's it we're in so this is my corporate desktop and again i can all everything that i need is here so any restrictions any settings that i had set up are here so for example if i go into settings the gaming option is removed if i go into the accounts you can see that it's already set up with my user account so access school and work account everything is there all right and any apps that i would have obviously had access to you could get access to as well the other thing is of course when you go into microsoft 365 and it's already configured now here back in endpoint manager you can see that that machine is now being monitored it says it's not compliance probably because i need to maybe do an update because this is a just a vm but you can see the fact is it's now being managed by intune and there you go there you have it so again very cool there you have it deploying windows 10 with autopilot in endpoint manager i really hope you've enjoyed this episode if you have go ahead click on that subscribe button ring that bell so that you don't miss future postings and of course as always please put your questions and comments in the link below i really appreciate it until next time you stay safe see you soon [Music] thanks so much for dropping by remember you can visit me at andymalone.org and go ahead and click on that subscribe button so that you don't miss a thing i'll see you next time you
Info
Channel: Andy Malone MVP
Views: 5,872
Rating: undefined out of 5
Keywords: Windows Autopilot, Windows 10 deployment, Microsoft Endpoint manager, Microsoft 365, Andy Malone, MVPBuzz, Microsoft Learn
Id: RIvZIpHusu4
Channel Id: undefined
Length: 18min 4sec (1084 seconds)
Published: Mon Feb 15 2021
Related Videos
S01E02 - Setting up Windows Autopilot with Microsoft Intune - (I.T)
Intune Training
127K
Administering Microsoft Endpoint Manager Part 1
Andy Malone MVP
11K
How To Set Up Windows Autopilot in Microsoft Intune
Harry Lowton
46K
Windows Autopilot with Microsoft Intune in the real world
CloudManagement.Community
2.9K
Microsoft Deployment Toolkit & Deploying Windows 10 - From Scratch!
Mike Galvin
89K
What Is Microsoft Intune? (Microsoft Endpoint Manager)
Harry Lowton
33K
Test Autopilot in 20 mins or less! (Stop creating Windows images!)
Matt Soseman
16K
S02E17 - Microsoft Intune and Autopilot Quick Start Guide (2020 Edition) - (I.T)
Intune Training
28K
Configure Windows Auto Pilot | User Driven Mode
Concepts Work
11K
Whats New in Microsoft 365 for Admins (Oct 2021)
Andy Malone MVP
1.4K
S02E30 - What's new in Intune Reporting w/ Spencer Shumway - (I.T)
Intune Training
3.7K
Microsoft Endpoint Manager Intune Intro, Windows 10 Autopilot Enrolment, Hybrid Azure AD join Part 1
Cloud Inspired
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.