This is Part 8 of a 13 part series.
=====================================================================
Welcome to part 8 of my thirteen part series of tutorials taking you step by step on how to configure Microsoft Endpoint Manager / Intune, from initial DNS config up to Autopilot and application deployment. This series gives you all the knowledge you need for you to successfully deploy a basic Intune / Endpoint Manager environment.
Initial Tenant and Intune Configuration
1. Configure DNS and CNAME - Link
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming - Link
3. Enable Conditional Access and MFA (Multi factor authentication) - Link - This Article
4. Configure Conditional Access Terms of Use - Link
5. Company Terms and Conditions - Link
6. User and Device Groups, and Device Categories - Link
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment - Link
7a. More information regarding options for configuring the MDM and MAM user scopes - Link
8. Enrollment Status Page - Link - This Tutorial
9. Enrollment Restrictions - Link
10. Deploying Microsoft 365 apps (Office apps) - Link
11. Enable Microsoft Store for Business and publish the Company Portal app - Link
12. Assign Company Portal app - Link
13. Test autopilot via register online - Link
If you don't have a test environment for Intune / Endpoint Manager, just follow this guide on
How to get a Free Developer Tenant with 25 x E5 licenses and a free Top Level domain name - Link
=====================================================================
Configuring the Enrollment Status Page (ESP) -
In the Microsoft Endpoint Manager admin center, choose
Devices - Windows - Windows enrollment
Enrollment Status Page.
Currently, there is already a default Enrollment Status Page that is assigned to All users and all devices
When you select the properties, you will see that -
This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership.
As we want to create our own Enrollment Status Page that we can assign to users and devices of our choice, click
Create - 
Basics -
Name - Default Enrollment Status Page
Next
Settings -
Configure as needed - Below are my recommendations
Note - As I want to ensure the Company Portal is installed before users continue, configure as below.
Select - Block device until all apps and profiles are installed
Select - Block device until these required apps are installed to the user / device - Selected
Click - Select apps
Select the app - Company Portal -
Click - Select 
Save
Assignments -
Select the group to target autopilot devices -
AAD_Sec_Device_AutopilotDevices
Note - also add other important user groups if created (the MFA group
Next
The group has been assigned - Next
Add other groups if needed (AAD_Sec_User_MFA) - (This screenshot is from when editing the ESP)
Scope tags - None
Review and create - create
======================================================================
Confirm the default page is Off for all users -
In the Enrollment Status Page blade, choose Default - Click - All users and devices to select
Select - Properties.
Confirm - Show app and profile configuration progress is set to - NO -
====================================================================
Configure the Enrollment Status Page - Link
Troubleshoot the ESP - Link
Known Issues - Link
ESP will time out on earlier versions than 1903 during Add work or school account
===============================================================
Check out all my tutorials - Link
Highlights include -
13 part series on how to perform the initial Tenant and Intune Configuration - Link
1. Configure DNS and CNAME
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming
3. Enable Conditional Access and MFA (Multi factor authentication)
4. Configure Conditional Access Terms of Use
5. Company Terms and Conditions
6. User and Device Groups, and Device Categories
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment
7a. More information regarding options for configuring the MDM and MAM user scopes
8. Enrollment Status Page
9. Enrollment Restrictions
10. Deploying Microsoft 365 apps (Office apps)
11. Enable Microsoft Store for Business and publish the Company Portal app
12. Assign Company Portal app
13. Test autopilot via register online
===============================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry
LinkedIn - https://www.linkedin.com/in/terry-munro/
Facebook - @IntuneAdmin - https://www.facebook.com/IntuneAdmin/
Facebook Community Group - https://www.facebook.com/groups/intuneadmin/
GitHub Repository - https://github.com/TeamTerry
No comments:
Post a Comment