Achieving an Out of the Box Experience (OOBE)
Discover how Windows Autopilot can save you time and simplify device provisioning
If you manage IT for a business with hundreds or thousands of employees, you’ll know that device setup and management is a big drain on your resources. Every laptop, desktop and mobile device needs to be configured and to have the correct applications installed, while OS images need to be maintained and applied.
What if there was a better way? Imagine if your users could simply take a new work device out of its box, turn it on and have the right settings, applications and permissions available immediately. The good news is that by using Modern IT Management techniques this Out of the Box Experience (OOBE) is possible right now.
Apple’s Device Enrollment Program (DEP), Android’s Zero Touch (AZT) Program and Samsung’s Knox Mobile Enrollment (KME) Program all provide ways to automate the configuration of end-user devices Microsoft AutoPilot and Intune together to pre-configure settings and to auto-apply them to new devices, for iOS & MacOS, Android and Samsung devices respectively.
In this blog, we’re going to focus on Microsoft’s approach to delivering the OOBE with Windows Autopilot.
What is Windows AutoPilot?
Designed to simplify device provisioning and save IT professionals time, AutoPilot is a system for automatically applying policies and OS customisations to new Windows 10 devices on user sign-in.
The traditional approach has been to unbox every new device that comes into the building, spend time setting it up and making the necessary changes and then shipping it on to the end user. AutoPilot enables you to simply hand new devices to users confident that they’ll work correctly out of the box.
Instead of making changes on each device, you can configure your Azure Active Directory and Microsoft Intune accounts with a series of policies and settings that you want to be applied business-wide. Once a user logs in with their Azure AD-connected email, AutoPilot will automatically configure the device to your specifications without the need for any more IT involvement.
It’s also possible to reset and re-provision devices in a similar way, using AutoPilot to reset a device to your baseline once it’s assigned to a new user. According to Microsoft, it will soon be possible to use AutoPilot to automatically register hardware IDs on provisioning too – keeping an up-to-date log of devices in use within your business – though this feature is a work in progress.
The benefits of this approach are the massive time and cost-savings within your IT teams due to not having to “stage” or “kit” new devices, the productivity gains from getting new employees working more quickly and the improved employee satisfaction that comes from the streamlined and hassle-free set-up process.
Improving your OOBE with Intune
Before AutoPilot can implement your device changes on sign-in, your IT team need to use Intune and Azure AD Premium to detail what a fully-provisioned device should look like.
Firstly, you’ll need to create groups for devices, allowing you to set up multiple profiles to be assigned on different devices for users with different requirements or permissions. Devices can be automatically assigned to a group depending on their device type too.
From there, you can set the OS customizations and policies that you want to apply, the applications that you want installed, and a range of other options, like skipping the typical Windows set-up process (including EULA acceptance), user account creation, language settings and assigning the device as a business one. Important choices can be hidden from users, with the right options chosen in advance by you to prevent user-related mishaps. AutoPilot can even apply corporate branding to a device as part of its set-up process.
Crucially, Intune and AutoPilot can be used to roll out your MDM settings – pushing your security configurations to new devices as standard to dramatically reduce the risk of mistakes being made during the set-up process. Not only does this help with keeping new devices and new users secure, but again cuts down on work and time spent by IT professionals on your team.
For an in-depth guide to configuring your Intune settings, take a look at the Microsoft page here.