MS Endpoint Manager and AutoPilot

Has anyone setup Endpoint with AutoPilot for their laptop deployments?

  • I have not setup either but I did run into a laptop that had autopilot setup on it.  I had to have a motherboard replaced in one of my Thinkpads.  I had bitlocker enabled on the hard drive and didn't think to disable it before the swap so I ended up having to reload it.  When I go to the windows prompt it has info listed for another company and no way around it.  I tried reloading again and got the same thing.  I called support and they told me about autopilot and got the info from the computer so they could clear it.  I had to wait until the next day but it worked fine after that.  I didn't see anyway to get around the autopilot setup, so it appears to be effective. 

  • I have EndPoint and Autopilot setup on my back end, but was using it with Dell systems, and now we user Lenovo. 
    When you it is configured in your tenant, each user needs an Azure Active Directory P2. license and Business 365 Premium /e3 or E5

    You also have a Internet facing URL for device setup and this is what windows users for setup. 

    When you order the laptop with Pro or Ent you can specify the Microsoft tenant and secure ID.

    This registers the device with your tenant and then uses the URL to configure the device. 

    Users open the laptop and then enter the network, or connect to WiFi, then select the keyboard and enter their work email address. The rest is defined by which groups they are members of and what programs you have pushed to those groups.

    This works well for pushing out apps, but you need to keep them up to date. 

  • To set up a computer that was not first registered with Lenovo, you can run through normal setup there are several options.

    I go to Accounts > Work or School and click on Connect. 

    I then Domain Join, and use the users login information. 

    Once we have the PC domain joined, or logged in with the user information. 

    I add the new Desktop to the correct group and then wait it syncs with Entra and starts to push out the applications. 

    When I domain join, I am able to use MDM features like remote wipe, reset and lock. 

    I also pair the devices with Absolute / Smartlock, this helps me know where the devices are at all times. 

  • We have this setup and it has reduced our onboarding time down a good hour, if not more, on new hire machines. That's not to mention the time we save on any machine that needs to be refreshed that is at an end user's location. With employees all over the world, Autopilot has allowed us to drop ship laptops to anywhere without having to touch each machine individually. It does take some knowledge and trial and error to get it setup right so that the process is smooth but there are several Youtube videos that will walk you through step-by-step. I don't recall having to have any sort of public address for the systems to connect to as I believe that is all handled through Microsoft's servers as long as you have Entra AD and yes, the correct licensing. There are multiple different ways to get Intune and Autopilot though so be sure to do your homework there. One company I worked for we had E3 licenses and added on the Enterprise Mobility & Security package for something like $7.00/month and it gave us everything we needed. The company that I'm at now we use mostly Business Premium and add on the Entra Plan 2 and are covered. The one complaint I do have with Lenovo is that they do not offer a place to choose to add auto-pilot option and enter your Tenant ID directly in the order process. At least not from any order I have submitted and not that our sales rep is aware of. I always have to wait until the order is shipped and email our sales rep and she has to manually add it on and charges a small fdee. If someone has actually done this and has a different experience, please let me know because its a huge pain point for me currently. If you don't want to go the fully automated way you can still enroll any machine in autopilot but it is a process and needs to be done from OOBE. Just google "enroll autopilot powershell online oobe". Hope this helps!

  • Great to know Josh. It's on my list of things to investigate. Unfortunately, my list is long and it's on the lower priority, but this helps a lot.