What about other automation used in small/medium/large such as application (+legacy), registry changes, additional files required for a lot of Enterprise automation? how to we get blob-ware placed by Microsoft removed in the process? how do we keep a feel/look for every user like start menu, pin apps, etc? in a highly secure environment, what URL/domain would need to be white-listed for the device to connect and download policies?
The primary heavy-lifting from a configuration perspective comes with the MDM auto-enrollment once the AutoPilot service customizes OOBE. The good (and Ignite-timed) news there is that Intune now has Intune Management Extensions coming that will enable EXE installation (previously was UWP or MSI on Windows) and enable you to run PowerShell scripts for any configuration that is PS1-scriptable if it isn't already in the MDM CSP. Another option you can take is to have Intune install ccmexec for ConfigMgr to takeover post-specialization config. -Jeremy
What happens if the user skips AutoPilot "wizard" by not connecting the laptop to any Wifi network? Will it provision as a normal Windows 10 with a local username/password?
We don't currently lock out a system if it cannot connect to a network during OOBE, so you would be able to skip that connection step and provision a local account.
Microsoft Mechanics what would be the process to then ”fix” this for the user? Would that be the funcionailty Settings > Update & security > Reset this PC and remove everything and make sure they enroll correctly or is there any other way?
that's right, we are evaluating ways to enforce the out of box experience to go down the Azure AD setup flow (make network connection mandatory) for a future Windows release.
There are a few ways to do that. Autopilot basically gets you enrolled into Intune and Intune can deploy MSI packaged apps easily or run commands to install .exe or bootstrappers. With co-management, you can also use Intune to install ccmexec, then you get the best of both worlds - Intune MDM and Configmgr for granular control.
You'd need to open the URLs for the AutoPilot service on your proxy. The process for using other Microsoft cloud services like Intune (see docs.microsoft.com/en-us/intune/network-bandwidth-use) and Office 365 (see support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2). The team is working on this documentation currently for AutoPilot-specific URLs and IP ranges required.
There are a few ways to do this. Ideally, the system starts with a Signature image free of bloatware. If not, you can use Fresh Start, which essentially resets Windows, removing any bloatware. To automate, it can be performed via MDM CSP with the "Manage Windows Fresh Start" setting, but the PC would need to be re-enrolled afterwards.
Does windows auto pilot deployment support by Dell workstations?? does it have any specific hardware requirements??
Thank you so much!
What about other automation used in small/medium/large such as application (+legacy), registry changes, additional files required for a lot of Enterprise automation? how to we get blob-ware placed by Microsoft removed in the process? how do we keep a feel/look for every user like start menu, pin apps, etc? in a highly secure environment, what URL/domain would need to be white-listed for the device to connect and download policies?
The primary heavy-lifting from a configuration perspective comes with the MDM auto-enrollment once the AutoPilot service customizes OOBE. The good (and Ignite-timed) news there is that Intune now has Intune Management Extensions coming that will enable EXE installation (previously was UWP or MSI on Windows) and enable you to run PowerShell scripts for any configuration that is PS1-scriptable if it isn't already in the MDM CSP. Another option you can take is to have Intune install ccmexec for ConfigMgr to takeover post-specialization config. -Jeremy
What happens if the user skips AutoPilot "wizard" by not connecting the laptop to any Wifi network? Will it provision as a normal Windows 10 with a local username/password?
We don't currently lock out a system if it cannot connect to a network during OOBE, so you would be able to skip that connection step and provision a local account.
Microsoft Mechanics what would be the process to then ”fix” this for the user? Would that be the funcionailty Settings > Update & security > Reset this PC and remove everything and make sure they enroll correctly or is there any other way?
that's right, we are evaluating ways to enforce the out of box experience to go down the Azure AD setup flow (make network connection mandatory) for a future Windows release.
Very nice 👍👍
@Microsoft Mechanics May I have that desk?
You can buy them at Restoration Hardware. We have 2 of them and use them daily.
Is it possible to deploy applications using this service in same way like SCCM does ?
There are a few ways to do that. Autopilot basically gets you enrolled into Intune and Intune can deploy MSI packaged apps easily or run commands to install .exe or bootstrappers. With co-management, you can also use Intune to install ccmexec, then you get the best of both worlds - Intune MDM and Configmgr for granular control.
if the machine is on the network and does not allow direct connection to the internet and they have to go through a PAC file / Proxy
You'd need to open the URLs for the AutoPilot service on your proxy. The process for using other Microsoft cloud services like Intune (see docs.microsoft.com/en-us/intune/network-bandwidth-use) and Office 365 (see support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2). The team is working on this documentation currently for AutoPilot-specific URLs and IP ranges required.
How without a deployment image how do we get rid of all the crud that OEM's place on devices?
There are a few ways to do this. Ideally, the system starts with a Signature image free of bloatware. If not, you can use Fresh Start, which essentially resets Windows, removing any bloatware. To automate, it can be performed via MDM CSP with the "Manage Windows Fresh Start" setting, but the PC would need to be re-enrolled afterwards.