This step by step tutorial will take you through how to test autopilot by registering a device via Online mode via Intune / Endpoint Manager.
This is Part 13 of a 13 part series.
=====================================================================
Welcome to part 13 of my thirteen part series of tutorials taking you step by step on how to configure Microsoft Endpoint Manager / Intune, from initial DNS config up to Autopilot and application deployment. This series gives you all the knowledge you need for you to successfully deploy a basic Intune / Endpoint Manager environment.
Initial Tenant and Intune Configuration
1. Configure DNS and CNAME - Link
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming - Link
3. Enable Conditional Access and MFA (Multi factor authentication) - Link - This Article
4. Configure Conditional Access Terms of Use - Link
5. Company Terms and Conditions - Link
6. User and Device Groups, and Device Categories - Link
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment - Link
7a. More information regarding options for configuring the MDM and MAM user scopes - Link
8. Enrollment Status Page - Link
9. Enrollment Restrictions - Link
10. Deploying Microsoft 365 apps (Office apps) - Link
11. Enable Microsoft Store for Business and publish the Company Portal app - Link
12. Assign Company Portal app - Link
13. Test autopilot via register online - Link - This Tutorial
If you don't have a test environment for Intune / Endpoint Manager, just follow this guide on
How to get a Free Developer Tenant with 25 x E5 licenses and a free Top Level domain name - Link
======================================================================
Now you're ready to test to see if all your hard work has successfully configured your Intune environment. So let's jump in and test on a device. This will work on a VM or a physical machine if needed.
We will need a Windows 10 device that will be wiped completely after registering for Autopilot via a script. I do the vast majority of testing on virtual machines as it is easy and I have no spare physical machines.
======================================================================
Resource -
Automating the Windows Autopilot device hash import and profile assignment process - Link
Example -
Get-WindowsAutoPilotInfo.ps1 -Online -AddToGroup "AAD_Sec_Device_SharedDevices" -Assign
Explanation of the switches
- From “-Online”:
- The device will be registered in the tenant that you specify. (The script will prompt for an account and password with sufficient rights to Intune, then use the Graph API to add the device.)
- It will wait to confirm that the device was registered and that it is present in Intune (synced back automatically by Intune using a delta sync process after the import completes).
- From “-AddToGroup”:
- It will add the new device’s Azure AD computer object into the group name that you specify.
- From “-Assign”:
- It will then wait for Intune to assign an Autopilot profile to the device.
=========================================================================
Perform the following in PowerShell
Set-ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -Online -AddToGroup "AAD_Sec_Device_SharedDevices" -Assign
This will perform the following
The device will be registered in the tenant
Assign the autopilot profile
Add the device to the Azure AD group - AAD_Sec_Device_SharedDevices
Note - Devices cannot be added to a Dynamic device like groups associated with the device categories.
Enter your tenant admin credentials when prompted (a DEM account will not have the rights)
Consent on behalf of your organization
The hardware details will be generated and imported into the tenant.
Here we can see the serial number of the device.
Here we can see where the device has been registered as an Autopilot device.
Here we can see the device is a member of the group assigned in the script
=====================================================================
To trigger the auto-pilot process - run a 'Reset this PC' on the device.
After reboot, the device will be autopilot ready, and ready for login -
===============================================================
Check out all my tutorials - Link
Highlights include -
13 part series on how to perform the initial Tenant and Intune Configuration - Link
1. Configure DNS and CNAME
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming
3. Enable Conditional Access and MFA (Multi factor authentication)
4. Configure Conditional Access Terms of Use
5. Company Terms and Conditions
6. User and Device Groups, and Device Categories
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment
7a. More information regarding options for configuring the MDM and MAM user scopes
8. Enrollment Status Page
9. Enrollment Restrictions
10. Deploying Microsoft 365 apps (Office apps)
11. Enable Microsoft Store for Business and publish the Company Portal app
12. Assign Company Portal app
13. Test autopilot via register online
===============================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry
LinkedIn - https://www.linkedin.com/in/terry-munro/
Facebook - @IntuneAdmin - https://www.facebook.com/IntuneAdmin/
Facebook Community Group - https://www.facebook.com/groups/intuneadmin/
GitHub Repository - https://github.com/TeamTerry
No comments:
Post a Comment