This is part 2 of the modern management series. In this article we will prepare Intune for Autopilot.


Groups

We are going to use groups to assign the auto pilot devices to profiles. This will make us able to control per role setting and deployments. I will suggest that you find a naming standard that make sense for you.

Sign-in to Microsoft Intune admin center -> Click Groups
Click New group
Add Group name

Add Group description (Optional)

Choose Dynamic Device

Click Add dynamic query
Click Edit
Paste the following query:
(device.devicePhysicalIds -any _ -contains “[ZTDId]”) and (device.devicePhysicalIds -any _ -eq “[OrderId]:OFFICE”)

In this example I tag the pc’s in the group as “Office”

Click Ok
Click Save
Click Create
You should now see the group that you have created. I have created more than one group as I want to be able to assign pcs to different profiles.

Applications for deployment profile

Add the application that you want to be installed during enrollment. In this example I will add two applications. Microsoft Edge and Company portal.

Click Apps -> Click Windows
Click Add
Select Microsoft Store app (new) -> Click Select
Click -> Select
Click Search the Microsoft Store app (new)
Search for company portal -> Mark it -> Click Select
Modify the setting to your needs -> Click Next
Add Assignments to your needs -> Click Next
Review the setting -> Click Create

Autopilot Deployment Profile

In the deployment profiles we choose what behavior we want when a pc being enrolled.

Click Devices -> Windows
Click Windows enrollment -> Automatic Enrollment
Verify the Automatic Enrollment setting -> Click Windows | Windows enrollment

Windows Hello for Business

You can enable and define requirements in “Windows Hello for Business”

Click Windows Hello for Business
Enable Windows Hello for Business and modify the settings as you would like them to be -> Click Save -> Close Windows Hello for Business window.

Enrollment Status Page

Click Enrollment Status Page
Click Create
Add a Name -> Click Next
Select the setting that you desire. Just be aware about “Blocking apps”. You have to make sure that they get installed otherwise the enrollment will break.

Click Next
Assign it to the group that we crated earlier.

Click Next
Click Next
Review the settings

Click Create
You can now see the profile on the enrollment page

Deployment Profiles

Click Enrollment Status Page
Click Create profile -> Windows PC
Enter a Name -> Click Next
Choose the setting that you want -> Click Next
Assign the Office group that we created earlier -> Click Next
Review the setting -> Click Create
Create the number of profiles that you need in your environment.

Intune is now setup with some basic setting to get started. Continue to part 3 to prepare a pc for enrollment.

twitterlinkedin

By Claus