Windows Autopilot with Microsoft Intune in the real world

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone in today's video we're going to talk about autopilot now there's a lot of videos already out there that cover autopilot and how you can test it out and get started with it but not a lot of them cover how it actually works in the real world also the videos that do exist have been around for quite a while autopilot came out a few years ago now and they really showcased how to do stuff back then and i want to cover how to do it now and also how to do it the most efficient way possible so the testing bit you know it's really important for you to be able to test autopilot but let's not do it the old way let's not do it the slow way let's do it as as i would and and get it the most efficient way as possible so let's jump straight into my uh my endpoint manager admin center and take a look at where we set up autopilot so we start in the admin center endpoint.microsoft.com and then in devices we can go to enroll devices and then windows enrollment so these are the uh these are the main points that we need to look at uh windows windows autopilot deployment program and then some deployment profiles bear in mind there are there are some prerequisites that i'll put in the description around things like custom branding in your um in your in your azure portal but there are so many videos out there on how to do that i don't want to cover that in this video this is really just about getting started with automatic so in deployment profiles and see how i've got a deployment profile already called cloud only let's create one from scratch and call this autopilot demo so this button here about uh converting old target devices to autopilot isn't relevant right now because what i want to show you is adding devices into the portal and then building them so we don't need to to worry about that but in the use case where you have existing devices that do are already you know either domain joined or as you're already joined then you could uh put them in a group and target this autopilot deployment profile at those devices and then they would automatically be put into your autopilot list so that you can build them without needing to capture the hardware information or without needing your oem to go in there and put the information in there for you i will cover that in a separate video along with hybrid autopilot in the future but let's just go through this very simple demo first so we'll use leave that as no for now and just click next and we're going to be doing user driven as opposed to self deploying mainly because i can't do self-deploying in my vm environment but also because user driven is the most frequent way you'll be doing windows autopilot we will be doing azure ad joined in this video but in a future video i'll be doing a hybrid as your adjoint to show how that works so skipping through this i'll be hiding uh license terms hiding the privacy settings and in newer versions we're able to hide account types and also we're going to allow this user to only be a standard user when they've when this they've finished enrolling this device i'm going to choose not to do white glove out of box experience and i will cover in the future video what white love is i'm going to automatically configure a keyboard and i'm not going to apply device name template for this video but if you were then you can simply choose a prefix and then a random set of characters afterwards so i'll choose no and choose next so for the deployment i need to create a group of devices and i'm going to leave this as blank for now and just not deploy this and we'll create that group once i've got my devices into the autopilot devices list so next and these are the settings nice and simple so quick create okay so we have an auto pilot demo and that is not assigned so heading back to the devices uh section here we can go to enroll devices and then take a look at devices so you can see i've got one device in my list already and it's got a profile assigned so that must be the other cloud only profile that i was using but what you will notice is that it's blank uh almost almost no devices in here at all and really in an enterprise you'd want to have all of your devices in this list so how do we get devices in this list well we need to import them using a csv theoretically that was the old way there are new ways tradition testing which i'll go through in a few minutes in the demonstration but the three ways to get devices into this list are to import it yourself using the csv or the script that i'll show you in a few minutes there's also to allow a csp licensing partner to to put these in your tenant for you uh when they sell you a device or when they um when they provide a device for you or there's the the oem so dell hp lenovo all those big partners will happily put these devices into your autopilot uh area for you into your devices for you as part of their service so what does it look like when an oem has put all of this information into your list for you well i'll show it i'll show you another tenant i've got where we actually have live devices being placed into the into the autopilot device list by a partner so i'll show you that and here we are so in this list you can see there's a couple of virtual machines we used for testing and then we've got some hp devices and this list has filled up quite nicely as we've been using autopilot over the years so yeah these devices are automatically building whenever we ship them to the end user they build and do the autopilot thing so the aim eventually when you're working with a partner and when you're doing this in production is to have something around about this around about how this looks and you can see we've got some information on the right hand side about the device itself the fact that it's got the the profile that was assigned when it was assigned the associated device and intune the associated azure id device and then the last contact you can also purchase information and tags and stuff when when when those oems create this information in the portal for you okay so over to my other tenant and we're gonna add some devices into this list as part of this demonstration so i'm to grab a virtual machine and do some autopilot registration for this virtual machine okay so here we are with a virtual machine now in previous videos that i've seen on on youtube and various demonstrations i've seen the the way we add devices or collect hardware information from this device to add into the autopilot device list is incredibly slow some trainers go through creating let's go through the outbox experience by clicking yes yes yes and then going to all the questions and eventually getting through to the bit where you can get into an interactive desktop and run the script other trainers will press ctrl shift f3 and get into the sysprep window where you can essentially get to the interactive desktop and do whatever you need to there run the script collect the information all that kind of stuff but there is a quicker way so let's see if this work on this virtual machine we're going to do shift and on my keyboard i need to press function but theoretically it's just shift and then f10 so this should launch a command prompt and from here we can run the script that we need to run so this very quickly gets us to the stage where we can run a script and in previous videos i've seen uh trainers go through a very elongated process to get to a command from where they can run a script okay so let's get started then so we're going to open powershell it doesn't have to be in capitals but i did accidentally tap caps lock when i was uh doing the the key combination there so i shall in lowercase will work just fine so we want to set the execution policy to bypass or unrestricted or whatever whatever you want to do to get this script to be able to run and then we also want to install script get dash windows autopilot info and this will go off to uh powershell gallery and grab the script that we need to run so it's asking for the path environment variable to be changed so i'm pressing yes on that and then we'll wait for it to download this script and ask a few more questions so it's asking if we can use nuget so i'll say yes to that so i can grab this package from the internet and it's an untrusted repository for this environment so i'm going to choose yes because we need to get this script running and it's definitely the right script name that i typed so i'm fairly comfortable that this is ready to go so just download and installs that and then we'll get the the prompt again where we can type the type the script name okay so from here we could run get windows autopilot info and then use output file and put a uh autopilot info file on the c drive and then we need to find a way to grab that from the c drive and put that into inching in this case i'm going to use a different command switch which is online and this is going to go away and install the required prerequisites to do the next bit of of what we're expecting it to do which is allow us to it to log in to our tenant and essentially push this autopilot device information directly to the intune portal okay so here we are just asking me to sign into my account so i'm going to log in as my global admin and i'll be prompted for multi-factor authentication so i'll just approve that on my thumb and you can see the bottom there it's connected to the intune tenant gathered the details for this device and it's waiting for one of one device to be imported so that's really good give us a few seconds and we'll see how it goes okay that took about two or three minutes uh and no i said two or three minutes it felt like longer it was 94 seconds i apologize so uh it currently imported the device and um all done so the process for now is to close this window and give this device a reboot so i'm going to choose to shut down so i'm going to restart it in a few minutes okay so heading over to the portal if we do a sync on our autopilot devices list and maybe a refresh we should see this additional device having been added awesome okay so we've got this new device that's been added that hasn't got an assignment so remember we didn't assign a profile so this profile is not going to get assigned by itself we haven't told it which profile we want to to assign to this device so i'm going to need to firstly create a group that this device will live within and then i will deploy this autopilot profile the autopilot demo profile that we just created to this device so let's create a group now with the group i want it to be an automatic group that picks up all auto pilot devices and automatically deploys the profile to them because that's firstly the way with the way you should do it in production but also it's a really good test so let's go to new group and i'm going to call it all autopilot devices now this obviously needs to be a dynamic group so we're going to change the membership type to dynamic device and we need to create a query so i'm just going to type this in because it's easy to type in i want to just give it a quick rule that i want to use so it's device dot device i'll speed this up while um while i type so this this um physical id the zero touch deployment id is a unique thing that gets created with all autopilot devices that i gotta get added to the deployment to the autopilot devices list so that quickly identifies all devices that are added into the autopilot device list if you wanted to you could use you could look for a group tag or you could look for a purchase order number but for me i just really want to use uh all devices in the list and apply that one profile so i'll save this and then create the group so at the top here we have this group that i've already created we'll give it a few moments while it processes these devices and picks up the computer that should be in the list okay so we can see we've got the the built machine that i already added into my portal in the past and then we've also got this virtual machine that i've just created so that's good now we have somewhere to target our autopilot profile so back into the auto part of the profile and choose it i'm going to change the properties and go to assignments and then deploy it okay so now we've done that a little bit more waiting we need to wait for this to assign to the device because remember this this all needs to go into azure all needs to go into the back end so that microsoft will tell this device what to do when you turn it on the way we can see how it's going is to go into the enrolled devices section and then devices and just wait for this not assigned status to to change to assigning and eventually it will get to assigned okay i just kicked off sync the sync normally happens every every once in a while anyway maybe a few hours or so and then it will update this and the idea is that in testing you you're quite impatient you you want it to synchronize much quicker but in reality these devices are going to get added to your portal by the oem and then shipped to you so the only thing that needs to happen is that the sync schedule is quicker than the shipping time of the device which is almost certainly true so the devices are always going to be there if they're imported at the time of shipping then they're definitely going to be in the portal and synchronize with the profile assigned by the time they get to your end user as you can see mine says profile status updating so we'll give that a few more minutes and see how this goes okay that probably took a few minutes it's now saying the profile is assigned so now we can jump into the virtual machine switch back on and see how this works okay so this machine's just going to load up it'll get to the out of box experience screen and then hopefully pick up some information from the autopilot service and there we go so we have a nice welcome message which says welcome to get modern enter your get modern email so we can sign in with our lucy.tester account and get signed in but i wanted to show you what happens if you assign the device to a particular user just to show it so i'm going to do is just turn this machine off and then go back to the portal so here we have our autopilot device this one here is the one that's assigned i'm going to choose it and then firstly i want to also give it a device name so this is autopilot demo one one i'll save that and then i want to assign this device to lucy so that when lucy receives this device she is greeted in a more personal way let's do that so i click on the device itself tick that check mark and then choose a sign user and then find lucy in the list and she is choose select and you can see we've got our user friendly name there i'm going to actually just call her lucy because we you know it would quite informal team here so i'm going to call her lucy he doesn't change the upn that gets assigned but it just greets her with a with a first name rather than the full name which is quite good and then we'll choose save okay great so let's see what happens when we start this off so back over to the virtual machine just started it let's see what happens when we load it up okay so we're back to the welcome to get modern but as you can see we've got hi lucy so that's you know better for a start it's much more personal to the user because we knew who was selling the device to but also notice it doesn't ask her to type in her username or her email address or upn or whatever just ask for the password so now we can get started much quicker without needing to tell users that they should enter their email address they can just get cracking so let's go ahead and type in lucy's email address uh sorry just tap in lucy's password and it's asking us to set up additional information about lucy so that we can be verified through additional factors but you set up now it will probably ask us to configure multi-factor authentication by getting the app so i've already got the app so i'll grab that now okay so that was really simple to do full information on the screen of how to how to get started with that uh and you know up and running in a few seconds with that additional second factor of of uh verification okay so what this is going to do now we're just going to go away sign lucy in and get us set up with all of the stuff that we've deployed via autopilot in this case we've not deployed anything via autopilot yet or anything via intune to these devices so nothing is going to happen so i'm going to skip past this bit rather than wasting your time and letting you see a device sign in you've seen the device sounding before so we'll skip over that but that really is as simple as it can get so in the next video i'm going to try and show you how to do all of this with hybrid autopilot and join on-premise ad in case you still need to do that and also we're going to look at converting existing devices to autopilot to get your existing devices though in azure id or hybrid 80 to become autopilot devices and deploy using these profiles but that's it for this video so if you've liked this please hit the like button and let me know if you've got a question or a comment or want me to cover anything else related to this please let me know in the comments bye for now

Info

Channel: CloudManagement.Community

Views: 2,979

Rating: undefined out of 5

Keywords: Windows 10, Drivers, Intune, Autopilot, Surface Pro, Walkthrough, OS Deployment, CloudOSD, OSDeploy, endpoint manager, mem, microsoft, Windows Autopilot, windows autopilot step by step, intune, windows 10, autopilot, winpe for windows 10, Windows Autopilot using real world, Windows Autopilot in the real-world, real-world, MDM, mobile device management

Id: X2S0I84fTcU

Channel Id: undefined

Length: 19min 48sec (1188 seconds)

Published: Sat Jul 17 2021