The fact that you are demoing a feature live for the first time and still post it after not succeeding shows you are truly here with community to teach and learn. Thank you for all your help and videos 🙏
I don't see much point in this unless theres an easy way for suppliers or engineers to upload a corporate identifier. It looks kind of like a rebranded policy set.
I like that they are trying to move away from the hardware hash to Autopilot devices. But Microsoft need to give us a simple way to identify Corporate devices so we can make it fast and simple to implement. So far I'm not seeing any advantage over the hash. Also loving your videos and been a subscriber for a while, please keep producing this content 👍
Its an advantage when I buy corporate Devices, I need to check the order list any way when it arives and on there is the serialnumber and model. So if I write am down I already got the list in one step. So when not byuing from a big vendor, that supports adding to intune directly its an advantage I think.
Writing things down off of the box isn't really progress though is it, easier to make an error. Especially when I can run a command and import the hash directly into intune. Dean also made the CSV file and it didn't work so again not exactly simple and fool proof.
@@m02uih00 I´m just saying that it fits in the corporate process, that I have to do anyway. So now, that this is possible, it is much easier. Is it optimal. No. But at least progress. When you dealing with a media breach, like this one, then its hard to automate everything. So at least like this, I can prepare everything without taking a single device out of its box. And Corporations take sometimes a long time to ship every device. Its such a pain to unpack everything, plug it in, get the hash and repacke it, so it doesnt take up to much space. Maybe it is different for you, but there are positives. Try to change the perspective and maybe you can see it.
It saves time! You don't need to open up the device and run a command on it. Purchase 10 computers and just upload the CSV and the devices should be ready for hand out.
I ran into the same problem last night when testing Autopilot Device Preparation. Removing the Windows Corporate Device Identifier and re-adding it worked. It still seems a rather buggy to me.
This looks cool, some of our users needs to be local admin on their devices. Which meant I needed to set the Group tag on the device beforehand to get the correct profile. Which also meant that mistakes could happen where an device on the shelf never was assigned the correct group tag before being handed to a user. This looks promising as the device can get a profile that is meant for that user :D
The important bit you mention does exist - I created csv, just to test problem with latest NUC (ASUS took over from Intel), the problem is the manufacturer ID on this model shows as system manufacturer - though its ASUSTeK Computer INC, the V1 hardware hash outputs manufacturer as this but if you make mistake and don't put the same it would think it's personal - yes this is an ASUS fault but there are many companies who put new eqpt and admins have to check thoroughly to save them from compliance problems later. - just for info of course :-)
Was it the same image in HyperV as in the last video? Quite not sure about the requirements Microsoft wrote on MS Learn about specific OS versions including certain KBs.. But again - thanks for the content. Always a pleasure!!
Could we not rejse the list we already have in Intune? Do a export from the Windows enrollment. Clear the CSV and import it. 😊 I have not tried it yet. But maybe work
If you upload the hash, the device will be processed with autopilot V1. In fact, the Microsoft employee in this video says you should remove your device's hash from autopilot if you want to use autopilot v2. I'm calling it v1 and v2 because it's easier to say. ¯\_(ツ)_/¯ th-cam.com/video/WPiQ16Y7ZJc/w-d-xo.htmlsi=m_LkpKlSk4u0QE9K&t=2505 She has an accent, but she says: "Registration is not something that's supported. In fact, if you want to use autopilot device preparation, you need to make sure the devices you start with are not registered for autopilot. Otherwise, they'll just go through the classic autopilot experience."
Perhaps the identifier needs time to "bake" and it was a little short? Um, don't vms also regenerate serials on rese? Potentially sysprepping took the serial to being different? Good video though.
Nice, Dean. But am I the only one that thinks the hardware hash is much easier than this? I get what MS are trying to do but this is such a convoluted way of achieving it, and certainly more room for error if you're manually noting serial numbers. I'd like to think vendors will have a way of ingesting this information into a tenant.
Since all the necessary information already is available on the box. Maybe they could add a QR code sticker to the box. So that we can just scan devices into Intune.
Autopilot v1, wish hardware hash, can help with theft, but only if the stolen device goes through OOBE. If the thief uses an image, swaps in an SSD (with Windows already installed) from another computer, or uses some other method to bypass OOBE, autopilot won't come into play.
The fact that you are demoing a feature live for the first time and still post it after not succeeding shows you are truly here with community to teach and learn. Thank you for all your help and videos 🙏
Thanks!
Dean, the fact that you "do it live" makes your content the best. Thanks for keeping it real!
Thanks!
Thanks for doing a short series on this, definitely been curious about it 😁
Thank you Dean for clarifying how to stop Personal devices from registering at deployment stage.
You’re welcome. Now I just have to get it working 😂
In my MS tenant the option "Manufacturer, model and serial number (Windows only)" missing. What is your tenant version?
I don't see much point in this unless theres an easy way for suppliers or engineers to upload a corporate identifier. It looks kind of like a rebranded policy set.
I like that they are trying to move away from the hardware hash to Autopilot devices. But Microsoft need to give us a simple way to identify Corporate devices so we can make it fast and simple to implement. So far I'm not seeing any advantage over the hash. Also loving your videos and been a subscriber for a while, please keep producing this content 👍
Its an advantage when I buy corporate Devices, I need to check the order list any way when it arives and on there is the serialnumber and model.
So if I write am down I already got the list in one step. So when not byuing from a big vendor, that supports adding to intune directly its an advantage I think.
Writing things down off of the box isn't really progress though is it, easier to make an error. Especially when I can run a command and import the hash directly into intune. Dean also made the CSV file and it didn't work so again not exactly simple and fool proof.
@@m02uih00 I´m just saying that it fits in the corporate process, that I have to do anyway. So now, that this is possible, it is much easier.
Is it optimal. No.
But at least progress. When you dealing with a media breach, like this one, then its hard to automate everything. So at least like this, I can prepare everything without taking a single device out of its box. And Corporations take sometimes a long time to ship every device. Its such a pain to unpack everything, plug it in, get the hash and repacke it, so it doesnt take up to much space.
Maybe it is different for you, but there are positives. Try to change the perspective and maybe you can see it.
It saves time! You don't need to open up the device and run a command on it. Purchase 10 computers and just upload the CSV and the devices should be ready for hand out.
Seems the process does not take effect immediately but takes time as per one of the blogs but the setup looks bang ON. Thanks Dean
I ran into the same problem last night when testing Autopilot Device Preparation. Removing the Windows Corporate Device Identifier and re-adding it worked. It still seems a rather buggy to me.
Thanks for the tip!
This looks cool, some of our users needs to be local admin on their devices. Which meant I needed to set the Group tag on the device beforehand to get the correct profile. Which also meant that mistakes could happen where an device on the shelf never was assigned the correct group tag before being handed to a user.
This looks promising as the device can get a profile that is meant for that user :D
This is saving me hours Dean. Thank you!
The important bit you mention does exist - I created csv, just to test problem with latest NUC (ASUS took over from Intel), the problem is the manufacturer ID on this model shows as system manufacturer - though its ASUSTeK Computer INC, the V1 hardware hash outputs manufacturer as this but if you make mistake and don't put the same it would think it's personal - yes this is an ASUS fault but there are many companies who put new eqpt and admins have to check thoroughly to save them from compliance problems later. - just for info of course :-)
So you still need to make a list of devices/corp identifiers, that are somewhat unique to the devices, in order to block out personal devices?
Why did I only have IMEI and SERIAL NUMBER options ? no "Manufacturer, model and serial" :(
You need to look at the CSV upload option. That includes the Tuple.
@@DeanEllerbyMVP I am looking at the CSV upload option and still do not see the third identifier type option either, please advise.
Was it the same image in HyperV as in the last video? Quite not sure about the requirements Microsoft wrote on MS Learn about specific OS versions including certain KBs..
But again - thanks for the content. Always a pleasure!!
It was the same ISO, yes. W11 23H2 May update.
Could we not rejse the list we already have in Intune?
Do a export from the Windows enrollment. Clear the CSV and import it. 😊
I have not tried it yet. But maybe work
So, we have to leave personally owned as allow (4:06) to avoid the error message that you get at the end.
@2:39 - can we still use Hash ?
If you upload the hash, the device will be processed with autopilot V1. In fact, the Microsoft employee in this video says you should remove your device's hash from autopilot if you want to use autopilot v2. I'm calling it v1 and v2 because it's easier to say. ¯\_(ツ)_/¯ th-cam.com/video/WPiQ16Y7ZJc/w-d-xo.htmlsi=m_LkpKlSk4u0QE9K&t=2505
She has an accent, but she says: "Registration is not something that's supported. In fact, if you want to use autopilot device preparation, you need to make sure the devices you start with are not registered for autopilot. Otherwise, they'll just go through the classic autopilot experience."
Perhaps the identifier needs time to "bake" and it was a little short? Um, don't vms also regenerate serials on rese? Potentially sysprepping took the serial to being different? Good video though.
You’re right - I didn’t really give it “cloud time” to set.
The serial number stayed the same, though.
So, it worked after the video?
Nice, Dean. But am I the only one that thinks the hardware hash is much easier than this? I get what MS are trying to do but this is such a convoluted way of achieving it, and certainly more room for error if you're manually noting serial numbers. I'd like to think vendors will have a way of ingesting this information into a tenant.
Since all the necessary information already is available on the box. Maybe they could add a QR code sticker to the box. So that we can just scan devices into Intune.
Hardware hash also helps with theft. Doesn't it?
Autopilot v1, wish hardware hash, can help with theft, but only if the stolen device goes through OOBE. If the thief uses an image, swaps in an SSD (with Windows already installed) from another computer, or uses some other method to bypass OOBE, autopilot won't come into play.