Manual Autopilot - Part 5 - User assignment to a device
It important that we assign users to the relevant devices in Intune. There are several reasons for this, these include:
- Intune management - easy to find the devices assigned to specific users
- Company Portal - As part of an Intune deployment we configure a piece of software called Company Portal. We need to either setup a specific user to a device or remove any primary user from the devices for this application to work correctly.
Assign Users to a device
- Open a web browser and navigate to https://intune.microsoft.com
- Login is the relevant school account
- Select Devices
- Select Windows
- Search for the device using the computer name or serial number
- Once the device is selected, click Properties
- To assign a primary user, ie a teachers laptop or a office machine, select Change primary user and perform a search in the search box for that user. Once selected click Save to confirm device Primary user
- To assign no primary user, for example a desktop shared between staff or for student devices in a trolley/suite, select Remove primary user, then click Save to confirm this selection
Part 20 - User assignment to a device
It important that we assign users to the relevant devices in Intune.
There are several reasons for this, these include:
- Intune management: Easy to find the devices assigned to specific users
- Company Portal: As part of an Intune deployment we configure a piece of software called Company Portal. We need to either setup a specific user to a device or remove any primary user from the devices for this application to work correctly.
Assign Users to a device
- Open a web browser and navigate to https://intune.microsoft.com
- Login is the relevant school account
- Select Devices
- Select Windows
- Search for the device using the computer name or serial number
- Once the device is selected, click Properties
- To assign a primary user, ie a teachers laptop or a office machine, select Change primary user and perform a search in the search box for that user. Once selected click Save to confirm device Primary user
- To assign no primary user, for example a desktop shared between staff or for student devices in a trolley/suite, select Remove primary user, then click Save to confirm this selection
Manual Autopilot - Part 1 - What is Autopilot?
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. Windows Autopilot can be used to deploy Windows PCs or HoloLens 2 devices. For more information about deploying HoloLens 2 with Autopilot, see Windows Autopilot for HoloLens 2.
You can also use Windows Autopilot to reset, repurpose, and recover devices. This solution enables an IT department to achieve these goals with little to no infrastructure to manage, with a process that’s easy and simple.
Windows Autopilot simplifies the Windows device lifecycle, for both IT and end users, from initial deployment to end of life. Using cloud-based services, Windows Autopilot:
- Reduces the infrastructure required to maintain the devices.
- Reduces the time IT spends on deploying, managing, and retiring devices.
- Maximizes ease of use for all types of end users.
For more information on Autopilot, please take a look at Microsoft Learn : https://learn.microsoft.com/en-us/autopilot/windows-autopilot
Part 19 - Check OneDrive Sync
One of the final steps is to confirm OneDrive is redirecting correctly.
To do this you need to first check OneDrive is signed in, then checking the Document/Pictures and Desktop redirection is working.
- Logged in as the end user
- Right click the OneDrive icon in the task bar
- You should see that the OneDrive is signed in, we can double check this by clicking on the cog icon
- Check the account details are correct for you user
- Close the OneDrive window we opened
- Open Windows Explorer and check to see where the Documents/Desktop and Pictures redirect too
Part 18 - Copy Google Chrome Data
Some users will still prefer to use Google so we recommend moving old Google browsing data over to the new profile.
NB, no passwords will be copied over. These will be lost.
- In windows, open File Explorer
- Navigate to C:\Users
- Select _OldProfiles
- Open the user folder you created earlier, you maybe be asked to enter administrator permissions to access the folder, do this
- Once the folder opens, open AppData
- Open another Explorer window and open C:\Users and the users current profile folder
- Again open AppData for the new user profile
- Switch back to the _OldProfile file explorer and open the Local then Google folder
- Select the Chrome folder and copy it
- Switch back to the new profile, open Local and then the Google Folder
- Paste the Chrome folder into this folder replacing the existing folder -This will copy over some settings and favourites etc.
Part 17 - Setup Outlook (basic configuration)
The next step is to configure Outlook.
In this scenario, we are only looking at configuring the basic named email account, not anything such as shared mailboxes for Head@ or Office@
- Open Outlook
- Outlook should automatically pick up the users email address
- Click Connect
- Accept any licence pop up
- Untick Set up Outlook Mobile
Outlook should now be configured and email will begin to appear.
Part 16 - Check Microsoft Edge auto sign in
With the configuration settings we push out, we auto login users in to Edge. This is because Edge is the preferred browser for a Microsoft platform.
In this next section we will confirm that Edge has signed in as the user.
- Login as the end user
- Open Edge
- In the top left of the Edge browser click and you should see the user account has been automatically signed in.
Part 15 - Login as user and sync
With this device joined to Entra and Intune, you can now log in as the end user.
NB. It is possible that on your first login, the Intune policies have not applied to your Windows device. You need to perform some initial sync steps.
- Login to the Windows device, you may notice that the domain is not currently shown, this is because policies may not have completely come down to the device.
- When logging in as the user, enter the full domain, for example jbloggs@schoolname.cambs.sch.uk
- Now enter the password (this will be their email password)
- The computer will login for the first time and setup the user's new profile
- Once logged in, open settings
- Select Accounts
- Select Access work or school
- Select the school account and select Info
- Select Sync. Wait for the device to sync.
- Reboot the machine again
Part 14 - Perform initial sync of settings
Before rebooting the device…
It is recommend that you perform an initial sync to help grab some of the settings.
- Open Settings
- Open Accounts
- Open Access work and School
- Expand the school you are connect too
- Select Info
- Scroll down, select Sync
- This can take a few minutes.
- Once completed, reboot the device
Part 13 - Assign device to a security group in Intune
The next step is to switch to InTune to assign the device to the relevant group.
Go to https://intune.microsoft.com on a web browser and assign the device to the relevant group, for the device you are working for.
- Open a web browser on a machine
- Navigate to https://entra.microsoft.com
- Login using the schools admin account for M365
- Select Devices, Overview
- Select All Devices
- Navigate to Devices
- Find the device name of the device you have just added - Make a copy of the name
- Open a new tab and navigate to https://intune.microsoft.com
- Select Groups in the left hand menu
- Select All Groups
- Perform a search for Dev-
- This should list all the Device groups, for example SG-Device-Office/SG-Device-Teaching etc. NB new groups are named DEV, no SG
- Open the relevant group
- Select Members
- Then add the device you have just joined to Entra