Windows Intune: Deployment Profiles

**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody else.

IntuneRecently I wrote about some of the benefits of Windows AutoPilot (Windows AutoPilot: Let’s get started). I showed you how to register your device in Windows Intune for Autopilot deployment. In this article I will show you how to create a Deployment Profile to standardize your Windows 10 configuration.

I was first introduced to Windows deployment technologies in 2006, and started teaching them shortly thereafter. Through the magic of the Microsoft Deployment Toolkit, System Center Configuration Manager, and the Windows Automated Installation Kit I was able to dazzle and amaze my audiences with how easy it was to create a light-touch or zero-touch deployment infrastructure. It was during these sessions that I started using the famous Arthur C Clarke quote: “Any sufficiently advanced technology is indistinguishable from magic.” I would stand in front of a user group audience (I used to speak to a lot of user groups) and, over the course of a 90 minute session, I would build the entire deployment infrastructure, deploy Windows Vista (and later Windows 7) to a fresh PC, and then show how we could use the same tools to upgrade an existing system running Windows XP to the newer OS, install the latest versions of the necessary applications, all the while retaining all of the data from pre-existing user profiles. It really did look like magic.

When I was first introduced to Microsoft Intune (sometime in mid-2011) I was astounded by its power, and how it seemed to be on its way to becoming SCCM in the cloud. I remember saying at the time that the only thing it would never really be able to do was to deploy an operating system to a new computer. While this is still true for computers with clean hard drives, with Windows AutoPilot we are able to do a lot of the LTI and even ZTI magic that I was so enthralled with all those years ago.

In place of the Task Sequences we used to create with MDT and SCCM, we have Deployment Profiles. These are designed to customize the Windows Autopilot provisioning experience and make the experience as seamless as possible. Let’s go ahead and create one.

First, connect to your Microsoft Endpoint Manager console (https://endpoint.microsoft.com). In the navigation pane, click Devices, then in the Devices | Overview screen click Enroll devices (under Device enrollment).

In the Enroll devices | Windows enrollment screen click Deployment Profiles.

image

In the Windows Autopilot deployment profiles screen click the chevron next to  + Create profile. Select Windows PC.

image

1) Basics

On the Basics tab, enter a name (required) and a description (optional). You should also select whether to Convert all targeted devices to Autopilot This will not affect other devices until they go through the Windows Out of Box Experience (OOBE). Click Next.

image

2) Out-of-box experience

On the Out-of-box experience (OOBE) tab, select the choices for your environment. In my demo, I I making the following selections:

Deployment mode: User-Driven

Join to Azure AD as: Azure AD joined

Microsoft Software License Terms: Hide

Privacy settings: Hide

Hide change account options: Hide

User account type: Standard (Let’s be clear… in my environment, I will always want to be an Administrator… but I never want that for my users!)

Allow White Glove OOBE: No

Language (Region): Operating system default (I spend a lot of time helping customers in the United States with a single language requirement. I also spend a lot of time helping customers in Canada, Europe, and Asia with multi-language requirements, so I do not select a single language for my profiles).

Automatically configure  keyboard: Yes

Apply device name template: Yes
             Enter a name: BHK-%RAND:3%

What this will do is rename the device with a name of BHK-### (the :3 denotes a three-digit random number).

Click Next

3) Assignments

On the Assignments tab, add the groups you want to apply this profile to. You can select All devices, or add specific device groups. Click Next.

4) Review + create

On the Review + create tab, check to make sure you did everything right, and then click Create.

image

There is a lot more going on with Autopilot, but we will cover those in upcoming articles.

Conclusion

Windows Autopilot is not able to deploy an operating system to a device without an existing installation of Microsoft Windows 10. However most devices do come with an OS installed, and Autopilot lets you take those devices to the next level by deploying your corporate policy to them. It also allows you to reach out and reset devices back to the clean corporate image when needed. It may not be pure zero-touch installation, but it is as close as we are going to get from the cloud…  at least, for now!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s