This guide will show you the process of enrolling new machines into Intune/AutoPilot.
After various testing and research, we have found it better for the long run to go fully Entra joined machines rather than Entra Hybrid joined. If we did want to go Entra Hybrid then the Machine would always have to be in sight of the DC which kind of defeats the purpose of using AutoPilot. As we want to be able to send a laptop to anywhere and the user can then open the laptop, connect to WiFi, Log in and then our settings can start loading straight away. Also just because we are going Entra Joined only doesn't mean we cannot access any On Premise services such as printers, shares etc. It just means the machine will need to be in sight of the DC by either being in Solar House or connecting to the VPN. No different then a user WFH connecting to the VPN now to access Approvals, Pegasus etc. This will work as we are still using our normal domain accounts to authenticate with these services, its just as they go back to Entra (Entra Connect) we can take advantage of this.
Going forward with this method means we will be ready for the future when we can move our File Storage servers, DC etc to Entra VMs.
Please note though for anyone working in the Accounts team - When logging into laptops, sign in using Password method rather than PIN as the RDP session will not work with PIN.
Also important to note is as the PC is not actually joined to the domain @jcagroup you will need to connect to the servers via IP as it won't resolve the full DNS name. So if someone needs RDP to their Solar Accounts PC then you would make the RDP session as 192.168.0.XXX etc.#
Same with adding any printers, simply map to \\192.168.0.3 , find the printer and right click and click "Connect".
I would say after various testing, Intune can take a while for things to appear such as Devices, Policies etc. so just bear this in mind.
Still adding to this guide - SR 07/11/24
Adding machine HWID into Intune.
This method is needed in order for our users to have a seamless experience when receiving their laptop. In short, we need to add our new Device's HWID into Intune so that it registers with AutoPilot. Once this machine is then imported into Intune, it will assign itself our AutoPilot Deployment Profile (JCA AutoPilot) and then we can assign this device to a user straight away so that when they turn the device on and connect to WiFi, they will be prompted with their Work Email and can log in.
Import HWID into Intune - https://learn.microsoft.com/en-us/autopilot/add-devices
Follow section "Directly upload the hardware hash to an MDM service"
- Boot new laptop to OOBE Screen
- Connect to WiFi
- Open a command prompt window with the keystroke Shift+F10
- Enter powershell.exe
- Enter:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Then Enter:
Install-Script -Name Get-WindowsAutopilotInfo -ForceThen Enter:
Get-WindowsAutopilotInfo -OnlineThis will then import the HWID into AutoPilot. (This step may take 15-45 mins so be patient.
The device will then appear and start assigning the profile
You can now assign a user if you want to so when the user boots the machine it will appear with their name.