Windows Autopilot Deployment Scenarios – On-Prem Hybrid Domain Join

0
Windows Autopilot Deployment - white glove

Windows Autopilot deployment Scenarios and upcoming features are announced in the Ignite 2018. This post is based on the two sessions BRK3014 and BRK3015 by Tanvir Ahmed and Michael Niehaus. New Windows Autopilot capabilities and expanded partner support simplify modern device deployment. Most catching phrase related to Windows Autopilot for me is “White Glove”. Read this post to get more details about this white glove feature of Autopilot.

[Related Posts – Step by Step Guide Windows AutoPilot Process with IntuneBeginners Guide Setup Windows AutoPilot Deployment]

Reset Devices – Local/Remote – Windows Autopilot Deployment

The Autopilot reset options are important in break-fix scenarios of device management life cycle. One

Windows Autopilot reset – local – This feature is available
Window 10 1703 and above
Join device to AAD, enroll in Intune/MDM
Device Rename options

Windows Autopilot reset -remote – This Feature is Public Preview
Windows 10 Insider Preview Build 17672 and later. And Windows 10 1809
Execute a device reset via Intune and maintain AAD join and MDM enrollment
Device Rename options

Self-Deployment – KIOS – Windows Autopilot Deployment

This self-deployment option is already available in public preview.

Public Preview
Windows Autopilot Self-Deployment mode
Windows 10 Insider Preview Build 17672 and later. And Windows 10 1809
Execute a device reset via Intune and maintain AAD join and MDM enrollment

Windows Autopilot Deployment

Hybrid AD Domain Join with Windows Autopilot Deployment

Hybrid AD Domain join during Windows Autopilot is a private preview feature. The process is explained in the following paragraphs. Hybrid Azure AD joins is –Devices joined to on-premises Active Directory and registered in Azure AD

Employees unbox devices and starts the self-deployment. The device sends hardware ID to Windows Autopilot deployment service. Windows Autopilot deployment service provides Autopilot profile to the device. The device performs MDM enrollment with Intune. After this MDM enrollment, Intune contacts On-Prem Domain Controller via Offline Domain Join connector.

[Related Posts – Step by Step Guide Windows AutoPilot Process with IntuneBeginners Guide Setup Windows AutoPilot Deployment]

Windows Autopilot Deployment

The device receives ODJ blob from Intune and with the help of ODJ blob the device would be able to join the on-prem AD Domain controller. Once the device is joined to a domain, you would be able to get GPOs and other policies from the AD. Also, Intune can deploy SCCM clients to the device so that SCCM can be used to deploy apps if required.

Hybrid Azure AD Join (Azure AD)
Windows 10 1809 and above
Join device to AD, enroll in Intune/MDM

The ODJ connector allows Intune to generate machine objects in your DC on your behalf. This creates ODJ blobs, which are then transported to Intune using the connector.

Let’s talk about ODJ blobs. Stands for an Offline Domain Join blob. At the center of the Hybrid Autopilot flow. You can generate your blob from any domain joined machine if you have rights to join.

Existing Devices – Windows 7 Devices to Windows 10 Using Windows Autopilot Deployment

This feature is on private preview till now. This Autopilot explanation is for existing devices. I hope soon Microsoft will release more details about this feature and Json script used in the SCCM TS.

Windows 10 1809 and above
Windows 7 to Windows 10
OneDrive for Business Known Folders Group Policy
SCCM Task Sequence, followed by Windows Autopilot user-driven mode

Autopilot for existing devices explained in the Ignite session. It’s true that not all hardware running Windows 7 is ready for disposal just yet (for most of the organization). Many organizations have continued to install Windows 7 on the new hardware. Remaining hardware lifecycle often goes beyond 2020. Learn How to upgrade Windows 7 to Windows 10 using AutoPilot using SCCM and OneDrive for business.

[Related Posts – Step by Step Guide Windows AutoPilot Process with IntuneBeginners Guide Setup Windows AutoPilot Deployment]

Windows Autopilot Deployment

The biggest challenge is hardware hash not available in Windows 7. So it’s impossible to pre-register existing devices with Windows 7 OS. SCCM task sequence can help to lay down a signature image of Windows 10 and collects HardwareID via task sequence. Windows device then boots into Windows Autopilot user-driven mode. This required Windows 10 1809 or later.

White Gove, Cortana and Enrollment Status Page Improvements

Windows Autopilot White Glove

What is the biggest challenge in adopting Autopilot today? Yes, it’s Apps. When an employee starts an enrollment process, he/she needs to sit a long time to complete the enrollment process mainly because of application download. There could be bandwidth issues and many other issues causing this slow download of application like Office Pro Plus.

Microsoft came up with a new solution/option that your OEM vendors can do this app download for you in their factory itself. This process will be done as part of the onboarding process. Microsoft thinks that would give a better end user experience while Autopilot enrollment process. The code name of this process is the White Glove.

[Related Posts – Step by Step Guide Windows AutoPilot Process with IntuneBeginners Guide Setup Windows AutoPilot Deployment]

Windows Autopilot Deployment - white glove

Cortana

You would be able to disable the Cortana during Windows Autopilot deployments.

Enrollment Status Page

Enrollment status page can target to specific Azure AD groups. The enrollment status page will give you a more granular option to track or skip the status of configurations (and applications may be?) which you want to track. You would be able to skip some of the configurations which are not important to track during enrollment.

Enrollment status page can track the configurations from other sources. Does this mean? Would you be able to track Security Baseline policies, Wind 32 apps, and PowerShell deployments?

Resources

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.