Perfect Timing - Great Video - Also worth mentioning that with TAP they dont need to pre register MFA if MFA is required to enrol. Back to the Chicken Egg , I often find clients having to send out mobile devices to users and getting them setup with MFA so then they can use that on the Laptops when they enol.
This should work in theory, but in the real world there are at least a few obstacles to this. A major blocker is that if the Autopilot device goes into sleep/standby/screen saver mode (which modern computers do fairly aggressively), the only way to unlock it is by providing a regular password for the account. With ESP usually needing 30-45 minutes to complete this will happen more often than not, as the user will leave for coffee and return much later…
Hi Steve, We use this system frequently. One thing I would have loved you to go through more is how to get around windows hello and skip their mfa setup. You wouldn't want to do these parts for the user as this should be apart of their setup.
Why is it Autopilot always makes the user login 2 times before it hits the Windows Hello setup and sends them to their desktop? User logs in once at the beginning and then during the user setup it reboots, goes to the Blue login screen but wont prompt for the Temporary password.
Autopilot can be a bit tricky in how the sign in is perceived. I break it down in this write up: www.getrubix.com/blog/autopilot-group-tags-part-4?rq=group%20tags
![*Next-door 10x Software Engineer* [FULL]](http://i.ytimg.com/vi/kKAue9DiHc0/mqdefault.jpg)
Perfect Timing - Great Video - Also worth mentioning that with TAP they dont need to pre register MFA if MFA is required to enrol. Back to the Chicken Egg , I often find clients having to send out mobile devices to users and getting them setup with MFA so then they can use that on the Laptops when they enol.
Exactly- it's a great solution
This should work in theory, but in the real world there are at least a few obstacles to this. A major blocker is that if the Autopilot device goes into sleep/standby/screen saver mode (which modern computers do fairly aggressively), the only way to unlock it is by providing a regular password for the account. With ESP usually needing 30-45 minutes to complete this will happen more often than not, as the user will leave for coffee and return much later…
Thanks!
Thanks!
Great as always! Love Your Videostyle❤
Thanks so much 😊
Hi Steve,
We use this system frequently. One thing I would have loved you to go through more is how to get around windows hello and skip their mfa setup.
You wouldn't want to do these parts for the user as this should be apart of their setup.
Thanks. I'll definitely do a follow up 😃
Why is it Autopilot always makes the user login 2 times before it hits the Windows Hello setup and sends them to their desktop? User logs in once at the beginning and then during the user setup it reboots, goes to the Blue login screen but wont prompt for the Temporary password.
Autopilot can be a bit tricky in how the sign in is perceived. I break it down in this write up: www.getrubix.com/blog/autopilot-group-tags-part-4?rq=group%20tags
Hi Steve, great video as always. I have one concern: how does TAP work in hybrid setup when you create AD user that must have password?
As long as you're syncing to Entra and have password hash sync enabled, you should be good.
In this scenario, its assuming user is doing this outside of normal business hours? You didnt mention user calling helpdesk for temp entra pw.
Yeah I mentioned it briefly, but they still need to be provided the TAP- difference is more the TTL on it and security
👍