Windows Autopilot Updates Timelines Microsoft Endpoint Manager MEM

1
Windows Autopilot Updates

Let’s check the details about Windows Autopilot updates in this blog post. The screenshots are taken from the Ignite session slides and demos by Michael Niehaus and Tanvir Ahmed. More details about the session details & recording are available in the below section of the post.

Ignite 2019 Coverage

  1. Microsoft Endpoint Management SCCM Intune Windows Updates
  2. Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
  3. iOS Android macOS Mobile Enrollment Options with Intune
  4. Basics of Windows Dynamic Update Explained Update Management
  5. WVD End User Experience Availability Updates
  6. MSIX Updates from Ignite Reliability Network Disk-space
  7. Microsoft Learning Certification Exams Updates
  8. On-Prem WVD Options Azure Quantum Qualys Scan Integration
  9. Intune Reporting Strategies Advanced Reporting
  10. Intune Endpoint Security Policies Enhancements
  11. Intune Policy Sets Collection of Workflows
  12. Windows Autopilot Updates Timelines

Deployment Scenarios Release Timelines

  • User Driven mode AAD Join
    • Windows 10 1703 and later
  • User-Driven mode Hybrid Azure AD join
    • Windows 10 1809 or later
    • Deploy over VPNPublic Preview in Q1 2020
      • Windows 10 1903 or later
  • Windows Autopilot white glove
    • Windows 10 1903 or later
    • General availability some time in 2020
  • Self-deployment mode (preview) KIOS/Special devices
    • Windows 10 1903 or later
    • General Availability some time in 2020
      • Windows 10 1903 or later
  • Windows Autopilot for Existing Devices
    • Now it supports Hybrid Azure AD join
    • Windows 10 1809 or later
Windows Autopilot Deployment Scenarios
Windows Autopilot Deployment Scenarios

Enrollment Status Page Updates & Release Timelines

Learn more details Enrollment Status page here. More details about Autopilot ESR updates below.

  • Enrollment Status Page (ESR)
    • Windows 10 1803 onwards
    • Disable ESR for Nth user in a multi-user scenario (Available now)
    • ESR Integration with SCCM
      • H1 2020 (Coming Soon)
    • Skip user ESP for multi user scenario
      • ESP Targeting users & devices
        • Some time in future?
Windows Autopilot Updates Timelines Microsoft Endpoint Manager MEM 1
Windows Autopilot Cross Scenarios Features

Device Life Cycle Management Updates

The basic life cycle management updates are already available in MEM Microsoft Intune (MEMI).

  • Register and de-register or remove devices from Autopilot
    • Performance Improvements are coming soon
    • Edit Group Tag option
      • Available Q4 2019
    • Assign Computer names
      • Available Q4 2019

Autopilot Reporting and Monitoring Enhancements

As mentioned above this feature is also already available in Intune. I think these Windows Autopilot reporting and monitoring (enhancement) topics are aligned with Intune advanced reporting options announced here.

  • More detailed information about Windows Autopilot deployment and troubleshooting
    • Windows Autopilot Deployment report
      • Expected to get release some time in Q4 2019
    • Windows Autopilot Log Collection
      • Some time in near future (Similar to Intune Log collection?)

Windows and Device Configuration with Windows Autopilot

Intune is introducing more features to manage Windows and device firmware configurations. Some of them are given below.

  • Intune DFCI Firmware configuration
  • Remove list of in-box apps (coming soon)
  • Add Language packs and Features (Coming soon)

Delivery Optimization with Windows Autopilot

This DO improvements will help organizations to save the bandwidth related issues. This could be a big issue when all the clients will download the feature updates from internet.

Following are the some of the DO supported scenarios in now and future?

  • Peer to Peer Cache with DO
  • UWP/Store Apps
  • Intune Content
  • Office 365 ProPlus install support (Preview)
  • Office 365 ProPlus update support (?)
  • Automatic connected cache discover for White glove (coming soon?)

Independent Windows Autopilot Update

I don’t know whether this is similar to Windows Dynamic updates or not. But it seems to me similar to that service. This will help to get the latest updates & features from Autopilot service independent of Windows 10 feature updates.

  • Available for Windows 10 1903 + KB 4517211 or later
  • For the OEMs it will be available only with Windows 10 1909 or later

User-Driven Azure AD Join

  • Connect to a network
  • Authenticate to Azure AD
    • Password-less with phone sign-in
      • Authenticate with FIDO2
  • Enroll to Intune
  • Track the process through Enrollment Status Page
    • Policies
    • Apps (Win32,MSI,UWP)
    • Certificates
    • Network – VPN connections
    • SCCM Task Sequence status (coming soon H1 2020)
User-Driven Azure AD Join - Windows Autopilot Updates
User-Driven Azure AD JoinWindows Autopilot Updates

User-Driven mode Hybrid Azure AD join

NOTE! – Hybrid Azure AD Join – Ping to establish connectivity check is removed in the future versions. Microsoft added supported for VPN for the future versions.

Intune will push down the VPN client during DEVICE setup stage in Enrollment Status Page(ESP) as per the demo and explanation by Tanvir Ahmed! IT admins to deploy VPN client as Intune app.

NOTE! – And Windows 10 sign-in page has a frame work to allow VPN to connect with pre-authenticated token. End user still has to authenticate with user ID and Password.

  • Connect to a network
  • Authenticate to Azure AD
    • Password-less with phone sign-in
      • Authenticate with FIDO2
  • Enroll to Intune
  • Perform Offline Domain Join
    • VPN Support Preview in Q1 2020 with Windows 10 1903
  • Track the process through Enrollment Status Page
    • Policies
    • Apps (Win32,MSI,UWP)
    • Certificates
    • Network – VPN connections
    • SCCM Task Sequence status via ESP (coming soon H1 2020)
User-Driven mode Hybrid Azure AD join - Windows Autopilot Updates
User-Driven mode Hybrid Azure AD joinWindows Autopilot Updates

Self Deployment Mode – Windows Autopilot

KIOS and shared devices scenario with Autopilot provisioning. The TPM 2.0 chip is required to support Self deployment mode scenario.

  • TPM attestation to authenticate to Azure AD
  • Enroll to Intune
  • Track the process through Enrollment Status Page
    • Policies
    • Apps (Win32,MSI,UWP)
    • Certificates
    • Network – VPN connections
    • SCCM Task Sequence status via ESP (coming soon H1 2020)
  • General Availability is some time in next year 2020
Self Deployment Mode -Windows Autopilot Updates
Self Deployment Mode – Windows Autopilot Updates

Windows Autopilot White Glove

Windows autopilot White Glove is based on self-deployment frame work as per Micheal N.

White Glove Technician Flow

  • Press Windows Key FIVE times to start
  • Select Windows Autopilot Provisioning
  • Confirm Settings
    • Configure user with companion app
    • Change Group Tag, Computer Name with companion app (Q4 2020)
  • Autopilot registration details with QR code and click on Provision
    • Join to Azure AD / Hybrid AD
    • Enroll to Intune
    • Install Device targeted Apps
    • Install Device targeted Policies
    • Install User targeted Apps (?)
Windows Autopilot Updates Timelines Microsoft Endpoint Manager MEM 2

White Glove User Flow Process

  • Switch on the device
  • Select the region, Keyboard, language
  • Connect to Internet Network
  • Standard user driver process
    • Track the process through Enrollment Status Page
      • User Policies
      • User Certs / Profiles
      • etc…

New Windows Autopilot Features

  • Coming Soon Features
  • Future Future Features
Windows Autopilot Updates Timelines Microsoft Endpoint Manager MEM 3

Session Details – Windows Autopilot Updates

Whether you’re new to Windows Autopilot, or looking for troubleshooting tips, this session has plenty of information, insights, and best practices to offer. More details – https://myignite.techcommunity.microsoft.com/sessions/81679?source=schedule

Resources

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.