Windows Autopilot-Describe Microsoft 365 apps and services
Windows Autopilot is a cloud-based tool for automating the deployment of Windows workstations on enterprise networks. Administrators can create Autopilot profiles in the Microsoft Intune admin center, as shown in Figure 2-52, or the Microsoft 365 admin center.
FIGURE 2-52 The Windows Enrollment page in the Microsoft Intune admin center
When an Autopilot profile is properly configured in user-driven mode, IT departments can ship new computers directly to end users from an OEM or dealer. Creating and maintaining image files for each type of computer is no longer necessary. In a typical deployment, IT never touches the machine, and the only tasks required of the end user to set it up are as follows:
Open the box.
Plug the computer into a power source and turn it on.
Choose a language, locale, and keyboard.
Connect the computer to a network with Internet access.
Supply login credentials for an organization account.
All other prompts that normally appear on a new computer starting for the first time (called the out-of-box experience or OOBE) can be customized or suppressed with Autopilot because the tool can supply the correct responses. For example, a Windows Autopilot deployment profile includes a page like the one in Figure 2-53, which specifies what screens should appear to the user during the OOBE phase of the deployment.
FIGURE 2-53 A Windows Autopilot deployment profile in Microsoft Intune
In addition to handling the OOBE settings, Autopilot can do any or all of the following:
- Upgrade Windows to a new edition, such as Windows 11 Enterprise
- Enroll devices into mobile device management (MDM) in Microsoft Intune
- Join the computer to an Azure Active Directory or Active Directory Domain Services domain
- Add the computer to selected groups
- Install applications
- Apply policies and configuration settings
Co-management with Configuration Manager
The Configuration Manager product, formerly known as System Center Configuration Manager, is now part of the Microsoft Intune family of products. Originally designed as a management tool for on-premises devices, Configuration Manager can perform many of the same functions as Intune, including deploying new workstations, distributing software updates, installing applications, and so forth.
Microsoft Intune can handle all the endpoint management needed for a new enterprise network based on cloud technologies. However, for a hybrid network with existing on-premises devices already managed by Configuration Manager, it is possible to create a co-management arrangement between Intune and Configuration Manager. This can be a permanent arrangement or part of a gradual transition from the datacenter to the cloud.
Co-management is the process of connecting a Configuration Manager installation to the cloud so administrators can manage their devices with both Intune and Configuration Manager, as shown in Figure 2-54.
FIGURE 2-54 A co-managed enterprise with Microsoft Intune and Configuration Manager
Microsoft 365 uses the cloud-based Azure Active Directory (Azure AD) directory service to manage the identities of its users. An on-premises Configuration Manager installation typically uses Active Directory Domain Services (AD DS), hosted on a local server functioning as a domain controller. By default, these two directory services are completely separate. All the identities must be in one place to create a co-management environment. Therefore, administrators must create a hybrid Azure AD service by installing Azure AD Connect, a tool that runs on the AD DS domain controller and synchronizes its user accounts with the Azure AD directory. This ensures that both directories contain all the user accounts and are regularly updated. Once the directory services are synchronized, for co-management of a client device to occur, it must have both the Configuration Manager client installed and be enrolled in Microsoft Intune. Therefore, for administrators attempting to connect a cloud-based Microsoft 365 network to an on-premises Configuration Manager installation, they will have to upgrade the client devices in one of two ways:
- For devices already enrolled in Microsoft Intune, install the Configuration Manager client.
- For existing Configuration Manager clients, join the device to the Azure AD directory and enroll it in Microsoft Intune.
Once the co-management environment is established, administrators can manage clients from either the Microsoft Intune admin center or the Configuration Manager console. For administrators accustomed to working with Configuration Manager clients and consoles, their existing practices will change as a result of co-management. However, once co-managed, those clients will have access to Microsoft Intune features that Configuration Manager cannot provide, such as conditional access and remote restart.