โ€œWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ€

IT Operations Manager
Simon Darley
Trusted by industry leaders

Let's Talk

Call us on one of the numbers below, we cover the whole of the UK, so call the nearest office.

BriSTOL HQ & The South West

London & Surrounding Areas

Manchester & the North

โ€œWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ€

IT Operations Manager
Simon Darley
Trusted by industry leaders

Request a Call-back.

First we need a few details.

ENQUIRY - Contact Popup DEPRECIATED (#3)

Keep up to date with the experts

Get insights directly to your email inbox

MAIL LIST - Newsletter, Exit Intent Popup (#13)

Follow us on social

โ€œWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ€

IT Operations Manager
Simon Darley
Trusted by industry leaders

Request a Call

First we need a few details.

ENQUIRY - Popup w/ Captcha for light backgrounds (#21)
Expert Intel

Let Autopilot and Intune do the work.

Published: July 25, 2023
Updated: May 29, 2024
Expert: Lewis Barry
Role: Senior Cloud Engineer
Specialises in: Microsoft 365
What you will learn:
With theย end-of-lifeย date for Windows 10 approaching, now is the time we should become familiar of what the new process looks like โ€“ not just us as the administrator, but our end-users too.
If you are the person in charge of the endpoint build process internally or for your customers, you have earned a certain level of trust to be in that position. You are therefore able to give consultative advice on how to best move forward using the tools at your disposal.

Making the transition to Intune is a big challenge, especially if the way youโ€™ve always provisioned computers has been to image them with MDT or Config Manager.

With the end-of-life date for Windows 10 approaching, now is the time we should become familiar of what the new process looks like โ€“ not just us as the administrator, but our end-users too.

If youโ€™re wondering what Autopilot is and what role it plays, there are dozens of community resources that explain it. Itโ€™ll also be one of the first episodes of any Intune YouTube tutorial, but the TL;DR answer is:

Autopilot governs the Out-of-Box-Experience for a Windows device. As soon as the user signs in, the configurations are coming from Intune.

Autopilot is a user-driven process

I see many discussions within my role and throughout online tech communities about how businesses have transitioned to Autopilot, to begin the configuration of devices with the user-driven method applied.

I have to say, most of them are getting it wrong.

They are still having IT run through Autopilot with the user, or worse, running through the whole experience without the end-user present. The menus and UI are designed for the end-user to run through. The steps the end-user takes are very similar to the ones they take every year or so when they get the latest smartphone. Are you telling me they are incapable of selecting their language and passing the MFA challenge?

(you donโ€™t have to answer thatโ€ฆ)

What is the role of I.T, with tools like Autopilot and Intune?

IT are there to configure Intune and ensure that the device they are about to hand over to the user is Autopilot registered โ€“ If your company puts physical asset tags on the device, do this too.

I used to obsess over having a perfect โ€œGolden Imageโ€ using MDT. I would tweak the task sequence for hours at a time, making the process as slick as possible. If that sounds a bit like you, time to start obsessing over Intune. It can be used to achieve the same goal, but you donโ€™t have to configure multicasting or deployment share paths.

Intune is actually easier to configure than Microsoft Deployment Toolkit and Group Policy Objects. As soon as my employer finds this out, my perceived value will go through the floor!

Communication

It is unrealistic to expect people to suddenly switch what theyโ€™re used to doing without a proper communication strategy. Communication is the thing that can make or break a company. Itโ€™s both the best and worst thing about human interaction.

Itโ€™s often a nice feeling to have your presence requested with the preface that something new is coming. That can be quickly dampened if a tremendous amount of work or laborious process follows.

Luckily, Autopilot is not that.

Getting users involved

Not everyone enjoys internal IT news, but the least you can do is notify them of your intentions. There are also some (often self-labelled) power users who ask us all sorts of questions about what we do.

If youโ€™re an M365 house, think about establishing a channel to communicate updates. That could be by implementing an org-wide MS Team, or by having news posts delivered on a SharePoint Intranet. Stay away from email, because thatโ€™s the inbox of boring stuff no one reads.

Create internal content with screenshots and emojis, people love it. Explain the process, summarise the benefits, and where end-users should go for help. You wonโ€™t get everyone, but action is better than inaction.

โ€œWe do not break user-spaceโ€

This is a direct quote from Linus Torvalds (creator of Linux), and while it has quite a deep technical meaning about the depths of software creation itself, I like to give another meaning to this in my approach to how I configure the end-user experience for Windows via Intune.

It is our job to prevent end-user actions that could harm the business or cause inadvertent mistakes. It is not our job to dictate exactly how the end-user experience should look and feel.

For example, in an earlier role I would lock down the Control Panel, set taskbar pins, create start menu layouts and desktop shortcuts etc. When we configure our Autopilot profile so that users are not Local Administrators, there is little harm they can do to their system. I no longer lock stuff down unless it serves some form of business requirement. Why? Because what I realised was that by disabling the Cortana and Search button on the taskbar, I was preventing people using Windows in a way that might be better for them.

Likewise in Windows 11, Iโ€™ve had requests from customers to realign the taskbar to the left. I ask why. โ€œBecause thatโ€™s what theyโ€™re used toโ€ โ€“ We need to break away from the end-users, and allow them to run their own experience.

Donโ€™t be afraid to set the scene

If you are the person in charge of the endpoint build process internally or for your customers, you have earned a certain level of trust to be in that position. You are therefore able to give consultative advice on how to best move forward using the tools at your disposal.

Question everything about why you build laptops the way you do, youโ€™ll get responses like:

  1. I donโ€™t know
  2. It was like that when X was in charge
  3. Thatโ€™s the way weโ€™ve always done it
  4. Because thatโ€™s what our security team says we should do
  5. Thatโ€™s what framework X recommends
  6. Something might break if we change that
  7. Go away

Not a single one of these things above are actual answers you can work with.

One approach you could take is working out what your end-users need for their job, and build a totally new process and pitch it as โ€œthis is what good looks likeโ€.

If youโ€™re stuck on how to start doing this via Intune, get in touch with us. We’ve developed Intune as a product and have a collection of tried and tested security settings and configurations that act as a solid base for your cloud endpoint management journey. From there, we can tweak it to meet your core business requirements.

Condensing the thoughts

  • Configure Intune to meet the end-user requirement, with all the apps and settings they need
  • Communicate that things change, and youโ€™re there to help
  • Get the end-user to follow the Autopilot user-driven enrolment process
  • Donโ€™t break the user-space unless it meets a real business requirement

Want to know more about how our Microsoft cloud specialists can help transform your business? Get in touch today.