Introduction
One of our customers was really struggling with getting devices to users over the COVID 19 lockdown. They could get the devices to the users physically, but as the devices weren’t on the network the users were not able to login due to not having a profile on the device. This lead to some interesting ways of provisioning devices. Although, however interesting, were not sustainable. To us, the solution was obvious, as they were using Windows 10 as their operating system, and were already hybrid joined with Intune, configure Microsoft Autopilot.
The Process
Ideally the process is simple, add a device to Autopilot, configure a couple of policies and the Out-of-Box Experience (OOBE), boot up the device and login. And although it’s been that simple with some of our clients, those with an on-premise footprint normally require the device to be hybrid joined, and when off-site and working from home, this also means an offline domain join (ODJ).
The customer had a VPN, but the problem was it was certificate based, and the certificates were issued through an on-premise provider, so getting a cert from the network so you can connect to the network had it’s challenges. Luckily, however, that on-premise provider was already working on a solution to allow Intune request a certificate over the internet. By adding the certificate and pushing out the VPN during the OOBE we’re able to ensure that not only does the device connect and enroll into Intune, it receives all the security configuration prior to connecting to the domain. Once the user logs in, it create the VPN tunnel, finishes the ODJ and brings the user to their normal desktop.
The Outcome
The outcome of this project was that we enabled the organisation to ship devices straight from the factory to the user, if needed, and the user experience wouldn’t be diminished. Of course the initial sign-in would take a little longer, but that expectation is managed in these cases. From an ongoing process point of view, the build room no longer need to re-build devices with USB keys, on arrival from the factory devices are read
Project Overview
We wanted to build a process which allows organisations to get devices to users without the preamble of building devices, and without the requirement of being on the corporate network to get authenticated initially. To do this we used Microsoft Autopilot which uses the version of Windows provided on the device, automatically configures, secures and brands corporate devices and allows users to get up and running fast with minimal fuss.
