Intune/Autopilot Free lab: Part 1 - Intune Configuration
https://www.systanddeploy.com/2019/08/build-your-autopilot-free-lab-part-1.html
This is my first post about Autopilot and Intune. We will see how to build your own Intune and Autopilot lab with only free accounts, meaning everybody can test it.
I heard everywhere Autopilot, Intune, Autopilot, intune but never used or tested it.
Some months ago, last March (yeahh I finished this post a long time ago but have many posts in draft) I was flying to Seattle for the MVP Global Summit and I say to myself hey let’s make a post series about Autopilot and Intune for the noob by a noob, so let’s begin.
The goal of this blog series is to help you to make your own idea about Intune and Autopilot by testing them.
In this blog series i will demontrate the below thing, then I will start a new one with Intune.
Build your Autopilot + Intune Lab for Free
- Part 1 - Intune Configuration
- Part 2 - Install your devices with Autopilot
- Part 3 - Intune to manage your devices
- Part 4 - Apply your company configuration
What is Autopilot ?
First, Autopilot is not a way to install Operating System, like MDT or SCCM do. When you use Autopilot, OS is already installed, so it’s not an OSD solution.
Ok, so what it is ?
Autopilot is a solution based on the Out-Of-The-Box-Experience (OOBE).
What the hell is OOBE ?
OOBE is the first step after OS installation when you need to fill your regional, language… options.
Do you remember those screens after installing a Windows 10 computer ? This is the OOBE part.
The principe is simple:
- The vendor sends directly the computer to the customer.
- You (the administrator, or help desk) have to add a profile based on the computer and vendor in Intune.
- This profile will be used to configure the device with your company parameters (applications, policies…)
- The user will connect to the computer using its company account (Azure AD for instance)
- All applications, and configurations will be applied.
See below a little picture from Microsoft.
For now Autopilot works with the below manufacturers:
Prerequisites
- Azure AD Premium
- Intune (Autopilot is an Intune functionnality)
So now we have seen a bit what is Autopilot, let’s see how to use it. We will first see how to configure Intune in order to use Autopilot.
Configure your Free environment
Create your free Azure account
In my case I created a new gmail address then used it to create my Azure account.
1 / Connect to the Azure portal with your mail.
2 / Go to the Azure portal: https://portal.azure.com/
3 / Type your mail or create a new one
4 / Create your password
5 / Type your informations and check code
Create your free Trial Azure subscription
Why? By default, when you connect to the Azure portal for the first you have no subscription, so you need to create a new one.
1 / For that in the sidebar go to the Cost Management part
2 / In the subscription part, click on the New subscription button
3 / Type your mail again
4 / Choose Free Trial
5 / Click on Activate
6 / Fill your informations
7 / Fill your credit card information’s. As mentioned, don’t be afraid it won’t take money.
8 / Check I accept and click on Subscribe.
Create your Azure AD premium trial license
Why? To work with Intune we will need a specific license for Azure AD.
See here to learn more about Azure AD.
On the Microsoft site you can found more information about licenses.
In this part we will see how to enable a trial license in order to use Intune.
1 / In the side bar click on Azure Active Directory
2 / In the main page your Azure AD account will be marked as Free.
4 / Click on Free trial for Enterprise Mobility + Security E5
5 / Click on Activate
6 / Go to licence, then All products, you will find the licence EMS E5
7 / Now we will just change the directory name, click on Properties
9 / Change it with the name you want
10 / Now in the main page of the Azure Active Directory part, your Azure AD will be marked as Premium P2.
Create your environment: other method
There is also another way to create your free environment using the EMS evaluation website.
Sorry screenshots are in French :-)
You can find more informations on the MS link here.
1 / Click on this link
2 / Type your informations
3 / Click on Next
4 / Type account you want and type a password
5 / Click on Create my account
6 / Type your phone number to get the code
7 / Now you are good
8 / Connect to the Azure portal: https://portal.azure.com
9 / Go to Azure Active Directory
10 / Go to Licences
11 / Go to All products
Prepare Azure Active Directory
Create the user
Why? In this part we will create a new user account with Global admin rights
1 / Go the Users
2 / By default, you will only see the Microsoft Account
3 / Click on New User
4 / Type your user information
5 / Click on Directory role
7 / Click on Show password (keep it for later)
9 / Now you will see the new user
Change user location
Why? The usage location is required to affect a license to the user.
1 / Click on the new user profile, by default as below
2 / Go to Settings part and click on edit
3 / By default this part is as below
5 / Click on Save
Affect a license to your user
Why? We must affect a license to the user in order to allows device enrollment.
1 / On the user part, go to Licenses
2 / Click on Products
3 / Check Enterprise Mobility + Security E5
4 / Click on Assign
Change user password
Why? By default, the user password is a temporary password. We will connect to the user account to reset it.
1 / Sign out from the Azure portal
2 / Connect with the new user account using the temporary password we have seen before
3 / Type your new password
Create a Group for your Devices
Why? We will create a group that will contain our future imported devices.
1 / Go to the Group part.
2 / Click on New group
3 / Configure the Group as below
- Type: Security
- Group name: Autopilot Devices
- Group description: Autopilot Devices
- Memberhip type: Dynamic Device
4 / Click on Add dynamic query
5 / Click on Edit
6 / Type the following query
ZTDId allows you to import all Windows AutoPilot devices
Configure Azure AD join
Why? Now we will configure Device settings for users to join devices into Azure AD.
1 / Go to Device
2 / Go to Device Settings
3 / Select All
Configure the Company branding part
To understand what you can customize in the branding part see this link
1 / In your main directory, go to Company branding
2 / By default, nothing is configured, so click on Configure.
3 / Choose what you want to display
4 / Click on Save
5 / Now your default Company branding is available
6 / Now if you sign-in on the portal azure, the login page will be as below
Enable MDM enrollment
Why? Enable MDM Auto enrollment in Azure AD in order for devices to auto enrolled with Microsoft Intune as well.
1 / Go to the Mobility (MDM and MAM) part
2 / Click on Microsoft Intune
3 / By default the settings are as below:
4 / In MDM user scope, select All
5 / Click on Save
6 / A notification will be displayed
Intune configuration
1 / In the search bar, type Intune
2 / Go to Device enrollment
4 / A notification will be displayed
Configure the enrollment static page
1 / Then go to Windows enrollment
2 / Select Enrollment Status page
3 / In the Enrollment Status Page select the Default profile
4 / Go to Settings and check Yes
5 / Configure settings as you want
Create a Deployment Profile
1 / Go to the Deployment profiles part
2 / Click on Create profile
3 / Type profile name and description
4 / Click on Next
5 / Configure as below then click on Next5 / Configure as below then click on Next
6 / Click on Select groups to include
7 / Select the group previously created then click on Select
8 / A notification will be displayed
9 / The group will be then displayed
10 / Click on Create
Enregistrer un commentaire