Here's how Windows Autopilot works with Microsoft Intune

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello again everybody today we're going to talk about Windows autopilot we're going to look at how to deploy a Windows 11 machine into windows in tune by using Windows autopilot we're going to start this off with a whiteboard demo to describe how windows automobile actually works and then we're going to get straight in and actually see a demo that I've set up for this so without further Ado let's go and talk about Windows autopilot thank you [Music] so the whole point of Windows autopilot is that in your environment you're going to have things like in tune running or at least hopefully you've got InTune running at this point now in tune is going to have a number of things inside it you're going to be injecting things into Windows InTune like applications that you want to actually push and you're going to be injecting things like configs that you actually want to push to your users and your user devices now the best idea with Windows InTune is to get this going automatically so you could have a series of rule sets that say for example along the lines of if a user is in the marketing department they get the following applications and they get the following configs delivered to their computers this is great as long as that laptop itself is actually registered into Windows InTune for deployment of these applications so what we want to do is kind of get these laptops or get these devices automatically registering with Windows in tune so we can automatically start pushing down applications and configurations now this all relies upon the fact that Microsoft allow Windows 10 and windows 11 to phone home so when you've got a device like for example a Windows 10 or a Windows 11 device this device has a very unique Hardware ID this Hardware ID is generated from a number of things it's generating for things like the processor the motherboard the serial codes that are inside that machine either way this Hardware ID is unique and it's Unique out of all of the computers in the world now because of that these machines themselves are actually phoning home in the background to Microsoft and because they're phoning home in the background to Microsoft Microsoft can identify that computer out of every other machine on the planet so with Windows autopilot by using this idea what we can do is we can actually go and say hey look I've got a bunch of users down here and these bunch of users need new laptops they need new desktops so I'm going to go to somebody like Dell or I'm going to go to somebody like Lenovo or I'm going to go to Microsoft themselves for their surface product line and I'm going to buy a whole bunch of devices from one of these manufacturers okay so I'm going to buy a bunch of devices from Dell for example now these devices when Dell actually build them say they build these three laptops these are going to have this unique Hardware ID for each individual laptop what Della going to do is they're actually going to feed that Hardware ID into windows in tune for you because Dell have a relationship with Microsoft as you're aware and what can happen at that point is that when they've been fed into windows in tune they're actually kind of fed into this Windows autopilot system and that means what Dell can do is they can take these devices and actually ship these laptops directly to individual users now these individual users might even be working from home and all they have to do is they actually have to log into their devices with their user accounts so if they log into something like Bob this will be a Microsoft 365 account since this is a Microsoft 365 account if Bob logs directly into that laptop with it that 365 account is in Azure ad up here and it authenticates over there Azure active directory is talking to Windows into and windows InTune can then take control of that device itself because Windows InTune knows that that device exists because Windows autopilot and Dell have provided this unique Hardware hash over to the InTune device then Windows InTune can come in and actually start delivering applications and configurations to that user so even though that user might be working from home or working from anywhere in the world it doesn't actually matter that device that's delivered to them can actually be automatically hooked in into our InTune environment and we can dynamically deliver applications and configurations based on the user account and based on the device that user has actually received what we can also do is we can generate this manually as well and this is where my demo will come in so if we've got a laptop or a computer here that's sitting independently on its own what we can actually do is we can jump into that device we can run a little Powershell script a little PS1 script to generate this Hardware ID and once this Hardware ID is generated we can pass that out as a CSV file and we can actually upload it manually into Windows engine at that point Windows InTune knows that that device exists it can identify that device uniquely out of every device in the world and can then actually start feeding that device applications and configurations that might be assigned to it so let's get straight in and do a demo so the first thing I'm going to do here in my demo is I'm going to create a group a dynamic group where all of the devices that will be joined by windows in tune will actually be fed into I'm going to come in here into the active directory admin Center you could do this through Android if you wanted to and I'm going to create a new group here and I'm going to create this as a security type and I'm going to just name this group it devices we'll give it an IT department devices description down here and the membership type is going to actually be a dynamic device now within here I'm going to add a dynamic query and we're actually going to add in an expression here we're going to edit this rule syntax and we're going to drop in this specific expression device dot device physical IDs contains ztdid that way I will be able to identify any of these devices that are joining via Windows autopilot I'm going to save that for you right now and I'm just going to create that group okay we can now see that our group is created here called it devices and there's nothing in it as of yet so if we go into members we'll see there's no members attached to this group what I'm going to do now is I'm going to move over to a blank machine this is the machine we are going to use Windows autopilot to join this to our environment automatically you can see this machine is very basic it doesn't even have any domain joins attached to it so if we go and run not who am I if a government who am I on here you'll be able to see that's even got the basic Windows Auto generated name I do have access there to the Internet so if I ping 888 you'll be able to see I do have access there to the internet what I need to do is I need to go and get the unique Hardware ID for this machine and I'm going to do that by running install script what this is going to do is it's going to go out to a location on the internet called PS gallery and this location has a collection of modules and a collection of scripts from Microsoft and from others this location has a collection of scripts and modules from Microsoft and others and this specific script here is going to generate a CSV file this CSV file is actually going to contain our Hardware ID our unique Hardware ID for this specific virtual machine this is just a VM but it would work with actually full physical computers as well that CSV file is then going to contain that Hardware ID that I will then upload into Windows InTune so let's go and run that file now or sorry run that script Now with an output file so we'll just run get Windows autopilotinfo.ps1 and that should have created that very very quickly for us if I just jump in and have a look at that specific file so I jump into this PC I jump into the root of C you'll be able to see there should be a computer.csv file right here if we look at the contents of this CSV file by using the type command here in our Powershell prompt you'll be able to see this is the unique Hardware hash of this machine this is the information that we need to upload into Windows InTune so what I'm going to do now is I'm going to take that CSV file I'm going to move it over to a server computer where I had access to Windows InTune I could move this out in any different way I actually want to it's just text but I'm going to pass this over directly into SCA svr2 this is actually the computer that's running this hyper-v environment as well so if I jump back over to this SCA svr2 environment I should find inside this elab files that computer.csv file so let's move that into windows in tune so if I drop over here into endpoint.microsoft.com into my windows InTune environment what I can do now is I can drop down into devices and within devices I can drop into enroll devices now when I drop into enrolled devices well I have the ability to do down here underneath Windows autopilot deployment program is I can actually start to import that into here so I can just drop in and I can go into devices and I can go and add that specific file now if I had a Dell or Lenovo or anybody else I would actually already have this pre-populated because they would be providing me with that information so I'm going to actually import the CSV file I'm going to grab it from this computer directly so here we go e lab files let's go grab that computer.csv file and upload it okay now this process as it says here can take up to 15 minutes for this enrollment process to actually complete so we'll just wait for that to appear before we carry on so we can see now that my autopilot device has actually been added in so we've got a serial number we've got a manufacturer Microsoft core because it's a virtual machine that's running on hyper-v and we've got no real other details in here there's no device names or group tags that's not associated to anything so we need to do another step down here first of all we need to go and create a Windows autopilot deployment profile so we basically can identify this machine we can have control of this machine but we need to know what to do with it now we can actually do that so let's drop back into our enrolled devices section down here and we're going to select deployment profiles so on this deployment profile we're going to go and select a new profile for Windows PC because this isn't a hololens if you don't know what a hololens is you should really Google that thing it's awesome but let's go and create a profile and within this profile we're going to create contoso profile one I could name this anything I want to and we're going to convert all targeted devices to autopilot devices down here uh and the outer box experience we're going to change this out to a user driven or we could also do a new self-deploying which is actually in preview at the moment if something's in preview from Microsoft it kind of means that it might have a couple of bugs inside there well it's not in preview it might have a couple of bugs inside there anyway either way so we're going to join this too as your active directory and we're going to join this as Azure adjoint rather than hybrid joint down here and we're going to add a couple of other things so we're just going to hide this Microsoft software license terms we're going to hide the privacy settings down here we're going to hide these change account control devices and the user account type we're just going to change that to administrator so there's a local admin on this system leave that language region all at default which at the moment is set to English us and we're going to leave that automatic configure keyboard on yes and the apply device template on no so on here with the assignments we're going to add this to specific groups so we're going to add a specific group in here and we're going to take our it devices group the one that we created earlier and we're going to select that we're going to click next on this one and we're going to create this now hopefully what we should be able to do is go back here to int devices refresh this and we should be able to see that our Windows InTune device was automatically added to this group so when this contoso profile is applied to that group it's also applied to the device that we have actually joined in here via windows in tune now all I need to do for that device is to actually go and reset it so that should be taking control of that device and making it Azure adjoined if I drop back into that seaws-4 machine down here if I just drop it into it I can choose reset and I can choose reset this PC this is actually going to do a reinstallation of the operating system and allow Windows autopilot to kind of take control of everything within that environment so we could reset this PC now and we'll just remove everything and completely reinstall the whole thing this is going to take a while to actually do this process so we'll choose a local reinstall rather than a cloud reinstall so we don't have to re-download all of windows 11. but this point what I could do while that's getting on is I could come back here into InTune for example and I can go into things like applications and I could go and take any applications that I already have and I can go and add these applications to my it devices group so when that InTune process completes with Windows autopilot it will automatically receive the applications that I've specified for it so I could choose something like for example the 365 apps for Windows 10 or later let's go and select that and just make sure that Office 365 is being pushed across to this I know it's called Microsoft 365 now but it's kind of stuck in my head that it's office 365. so we'll just go and select a couple of the basic office apps down here we don't need access we don't need publisher we don't need T well we do need teams let's say we've got Excel OneNote Outlook PowerPoint teams and word that'll be fine we'll leave everything else into defaults on here and we'll just take a default file format of OpenOffice and we'll leave this on the monthly Enterprise Channel so on that assignment if I go and assign that to specific groups I can assign that to the it devices group down here and I can review and create this so what should actually happen is now that has been added to it devices and this is an IT devices group computer once there's reset procedure completes and I can log into this with a normal user account that is already in Azure 8D now if we look in here I do have a lot of users that are already in Azure active directory a lot of default users within this tenant so under all users there we go I've got a bunch that I can actually use I can log into this machine once it's complete it's reset with one of those with one of those accounts so let's just leave that to reset for the moment and then we'll try and log in and we'll see what we get so I'm just going to use an account here called Alex W which is an account that already exists here within my talent belonging to an Alex Wilbur to sign into this new the reset machine I'm going to pop in his password Here I'm going to wait for that process to complete and set up so what we're going to do now is we're going to just set up Windows hello for this account for Alex W and we're just going to give them a very basic pin code here so let's just go and pop in a pin code here for this account click OK and we should be logged in if we take a look here we can see with Ds reg command status that this is actually Azure AG joined at this point with this default device name connected to Azure ad after a long time well I say a long time after a certain amount of time what's going to happen now is that our Office 365 will be streamed down to this computer and installed in the background and Alex Wilbur will receive all of his additional settings over in our Windows InTune admin Center if we go and click into our Windows devices down here and refresh we can see it's still not appeared actually in Windows InTune it might take a while to actually pop up if we drop back into Azure active directory and we drop into devices down here we should be able to see on all devices it's actually appearing here as Azure ID joined and owned by Alex Wilbur with this lovely icon that shows that it's actually joined by Azure ID and has got Windows autopilot enabled for it so that kind of concludes a quick demonstration of how to actually take a standalone machine and use Windows autopilot to actually connect that machine into Azure ad and to actually connect that machine into windows in tune and therefore control it in the future I hope you enjoyed this demo and you'll join me next time and you know the routine hashtag like And subscribe and I hope you enjoyed this video and will join me next time goodbye
Info
Channel: Mike in the Cloud
Views: 11,911
Rating: undefined out of 5
Keywords:
Id: y3iAjRXvdoY
Channel Id: undefined
Length: 18min 35sec (1115 seconds)
Published: Wed Apr 12 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.