Reassigning a device to another user
What is the recommended process for reassigning a device to a new user in an environment where all devices are enrolled in Autopilot, Intune Defender, and Entra ID, and users have M365 E5 licenses? Currently, to maintain compliance while the device is awaiting reassignment, I have been deleting it from the Intune and Defender portals, but not from Autopilot. However, since the device remains in Autopilot, it cannot be deleted from Entra ID and continues to display the old name and user assignment, even after being renamed in Autopilot. Is there a better approach to this situation?
Cataloging Modern PC Management Ready PCs, Peripherals, and Software
I have started a shared spreadsheet for the community to share their experiences with "Autopilot Ready" PCs, Peripherals and Software. My hope is this will help admins find the rare gems and push OEMs to get with the times. Please contribute your own findings to the spreadsheet and discuss suggestions here. https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--AAutopilot Pre-Provisioned Deployment General Availability Date
I'm looking at sue cases for Autopilot pre-provisioned deployment. As per this link (Windows Autopilot for pre-provisioned deployment | Microsoft Learn) it state sit is still in public preview but it has been there for over 2 years as far as I can see! Out policy is only to use GA features beyond pilot/POC. Is there a date for pre-provisioned deployment to move to GA? It would add huge benefit to us but as it stands I cannot use it.systemreset.exe command line options
I'm doing a lot of testing with Windows autopilot. Is there a method to reset the machine solely from the command line using the systemreset.exe tool? I cannot find any documentation for the switches it supports. My goal it to do a full reset of the device but via a script rather than clicking through the UI options. I ran the sysinternals tools 'strings' against it and I see some options like -factoryreset which do work but I'd like to get a full listing/reference.Troubleshooting Autopilot enrollment Errors
Hello folks I have created a new blog post about troubleshooting Autopilot Intune errors! I am sure I can help some people out there with this 😉 I have also created a flowchart troubleshooting overview, what to check when receiving an error. Autopilot Troubleshooting (stardestroyer.xyz) Thanks for every share!AutoPilot Hybrid Join with White Glove - Issue at first login (MFA we think)
Hello, Project: Configure Auto-Pilot Hybrid Join for new users and laptops (with White Glove from Dell) Process works and pre-provisioning is successful, a VPN (Cisco AnyConnect) that auto-starts at the login screen via a certificate. At this stage the user is being targeted with Azure MFA via Conditional Access Once the user logs in, non of the Microsoft Endpoint Manager policies get picked up, Teams does not Automatically sign in (But prompts the user to sign in) If we leave it 30 mins (Waiting for Azure AD Connect to Sync the device. We reboot and we get the same, none of the policies get picked up, bit locker does not encrypt, teams doesn't auto sign in etc. If we do a dsregcmd /status on a CMD window, it shows as Domain Joined but not Azure AD joined. Then we look inside of "Work and School Account" we see the info button, we click this, and under "Sync" button has an error, with something on the lines of "Cannot authenticate your credentials" etc etc. - I then click sync and it pops up with the Microsoft Loin Box, I select my account (connected to windows) and sign in - it then throws an MFA prompt to MS Authenticator. If I approve, it syncs and the device starts to get all the policies it requires. ============= So, I decided to do another test, this time excluding the user from Azure MFA (CA Policy) and ran a new deployment. - Pre-provisions OK - Can login with AD credentials at login - Teams automatically signs in - dsregcmd /status shows everything is correct, it is Azure AD Joined and Local AD Joined - wait 30 min for Hybrid AD Join to happen from the DC through AD Connect sync - Reboot the machine, at next login, everything works, bit locker encrypts, oneDrive auto-signs in. - The world is a good place. It would therefore lead me to believe that with MFA enabled on the user that is signing into the machine, it blocks the initial Azure AD join process tied to that user and stops policies from pulling down to the machine. However, I cannot find any reference material surrounding MFA being the catalyst as to why the Hybrid Azure AD Join over VPN just does not work properly. Or how we can bypass it on AutoPilot deployments 'Hybrid' deployments. Note: In Azure AD > Devices > Device Settings - the option for "Devices to be Azure AD joined or Azure AD registered require Multi-Factor Authentication" is set to NO (Thought worth a mention, even though I think it does not apply to Hybrid AD join devices) Another note, is if the user is enabled for MFA and we then deploy inside the corp network (which is bypassing/excluded from MFA) then this works without a problem too. The CA Policy for MFA targets All Cloud Apps. We even tried to exclude "Intune Enrollment / Intune / Azure Management" - without success. So we're super stumped as what to do - Does anyone have any info on MFA being a problem with AutoPilot Hybrid Join over VPN?
Autopilot feature lock
Hi, we wanted to know when can we expect to have Autopilot be able to apply 'Feature update policies' during OOBE to avoid having the machine get upgraded to a new Windows 10 build and or have the ability to force the device to upgrade during Autopilot when we require it? https://docs.microsoft.com/en-us/mem/intune/protect/windows-10-feature-updates#limitations-for-windows-10-feature-updates-policy Thank you in advance and don't hesitate if you have any questionsFull tutorial on Microsoft Autopilot Intune
Ever wanted a full tutorial how to deal with Microsoft Autopilot Intune technology? Learn more about it on my blog and create the modern workplace today! https://stardestroyer.xyz/autopilot-intune-technology/ Manage your Windows 10 endpoints with Intune and use the public Cloud Azure with all aspects like enrollment, configuration, updating, apps and security. Make your enterprise mobile now!Autopilot White Glove Error 0x80070002
Hi I need assistance to troubleshoot Autopilot White Glove Error 0x80070002 on Win10 2004. I have been searching the internet for this problem but haven't got any helpful information. Please take a look to my screenshot where I have run Michael Niehaus Script to diagnose Autopilot - point of failure is "Could not establish connectivity" and ODJ error. I have set up the Intune connector and a Domain Join Profile to all devices. Subsequently I also tried to skip AD connectivity but this is not resolving the problem. On my Intune Connector I found following error in event viewer: (this is repeating multiple times during enrollment) {"Metric":{ "Dimensions":{ "InstanceId":"A24408CD-28C0-4B29-B29B-0D529DBFD632", "DiagnosticCode":"0x00000000", "DiagnosticText":"Successful" }, "Name":"RequestHandlingPipeline_Download_NoWork", "Value":0 } } What can I check? Thank you!
Autopilot deployment large scale
Hi, My organisation want to check if passing from deploying computer from in house to Autopilot. Has of now i didn't find any R.O.I (return of investment) and time saving analysis. I'm not looking for technical requierements has of now, we are already cloud ready, my back end is of, just need to do a deep analysis of the switch from inhouse to Autopilot. Also i read a lot about the technical part, but didn't see any e-learning, any link that i can check?. thank's for your helps
