โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
Let Autopilot and Intune do the work.
Making the transition to Intune is a big challenge, especially if the way youโve always provisioned computers has been to image them with MDT or Config Manager.
With the end-of-life date for Windows 10 approaching, now is the time we should become familiar of what the new process looks like โ not just us as the administrator, but our end-users too.
If youโre wondering what Autopilot is and what role it plays, there are dozens of community resources that explain it. Itโll also be one of the first episodes of any Intune YouTube tutorial, but the TL;DR answer is:
Autopilot governs the Out-of-Box-Experience for a Windows device. As soon as the user signs in, the configurations are coming from Intune.
Autopilot is a user-driven process
I see many discussions within my role and throughout online tech communities about how businesses have transitioned to Autopilot, to begin the configuration of devices with the user-driven method applied.
I have to say, most of them are getting it wrong.
They are still having IT run through Autopilot with the user, or worse, running through the whole experience without the end-user present. The menus and UI are designed for the end-user to run through. The steps the end-user takes are very similar to the ones they take every year or so when they get the latest smartphone. Are you telling me they are incapable of selecting their language and passing the MFA challenge?
(you donโt have to answer thatโฆ)
What is the role of I.T, with tools like Autopilot and Intune?
IT are there to configure Intune and ensure that the device they are about to hand over to the user is Autopilot registered โ If your company puts physical asset tags on the device, do this too.
I used to obsess over having a perfect โGolden Imageโ using MDT. I would tweak the task sequence for hours at a time, making the process as slick as possible. If that sounds a bit like you, time to start obsessing over Intune. It can be used to achieve the same goal, but you donโt have to configure multicasting or deployment share paths.
Intune is actually easier to configure than Microsoft Deployment Toolkit and Group Policy Objects. As soon as my employer finds this out, my perceived value will go through the floor!
Communication
It is unrealistic to expect people to suddenly switch what theyโre used to doing without a proper communication strategy. Communication is the thing that can make or break a company. Itโs both the best and worst thing about human interaction.
Itโs often a nice feeling to have your presence requested with the preface that something new is coming. That can be quickly dampened if a tremendous amount of work or laborious process follows.
Luckily, Autopilot is not that.
Getting users involved
Not everyone enjoys internal IT news, but the least you can do is notify them of your intentions. There are also some (often self-labelled) power users who ask us all sorts of questions about what we do.
If youโre an M365 house, think about establishing a channel to communicate updates. That could be by implementing an org-wide MS Team, or by having news posts delivered on a SharePoint Intranet. Stay away from email, because thatโs the inbox of boring stuff no one reads.
Create internal content with screenshots and emojis, people love it. Explain the process, summarise the benefits, and where end-users should go for help. You wonโt get everyone, but action is better than inaction.
โWe do not break user-spaceโ
This is a direct quote from Linus Torvalds (creator of Linux), and while it has quite a deep technical meaning about the depths of software creation itself, I like to give another meaning to this in my approach to how I configure the end-user experience for Windows via Intune.
It is our job to prevent end-user actions that could harm the business or cause inadvertent mistakes. It is not our job to dictate exactly how the end-user experience should look and feel.
For example, in an earlier role I would lock down the Control Panel, set taskbar pins, create start menu layouts and desktop shortcuts etc. When we configure our Autopilot profile so that users are not Local Administrators, there is little harm they can do to their system. I no longer lock stuff down unless it serves some form of business requirement. Why? Because what I realised was that by disabling the Cortana and Search button on the taskbar, I was preventing people using Windows in a way that might be better for them.
Likewise in Windows 11, Iโve had requests from customers to realign the taskbar to the left. I ask why. โBecause thatโs what theyโre used toโ โ We need to break away from the end-users, and allow them to run their own experience.
Donโt be afraid to set the scene
If you are the person in charge of the endpoint build process internally or for your customers, you have earned a certain level of trust to be in that position. You are therefore able to give consultative advice on how to best move forward using the tools at your disposal.
Question everything about why you build laptops the way you do, youโll get responses like:
- I donโt know
- It was like that when X was in charge
- Thatโs the way weโve always done it
- Because thatโs what our security team says we should do
- Thatโs what framework X recommends
- Something might break if we change that
- Go away
Not a single one of these things above are actual answers you can work with.
One approach you could take is working out what your end-users need for their job, and build a totally new process and pitch it as โthis is what good looks likeโ.
If youโre stuck on how to start doing this via Intune, get in touch with us. We’ve developed Intune as a product and have a collection of tried and tested security settings and configurations that act as a solid base for your cloud endpoint management journey. From there, we can tweak it to meet your core business requirements.
Condensing the thoughts
- Configure Intune to meet the end-user requirement, with all the apps and settings they need
- Communicate that things change, and youโre there to help
- Get the end-user to follow the Autopilot user-driven enrolment process
- Donโt break the user-space unless it meets a real business requirement
Want to know more about how our Microsoft cloud specialists can help transform your business? Get in touch today.