Solution Spotlight: Microsoft Intune Autopilot
Providing insight into what Hightower can deliver.
Under our Contracting and Consulting umbrella we offer a wide variety of services that can be leveraged by all of our clients. Our goal with these spotlights is to provide more upfront knowledge to organizations looking for more targeted solutions.
A balancing act.
Managing organization-owned machines becomes a significant time commitment for many businesses. As you expand, the demand to deploy, support, replace, and refresh hardware often results in a dedicated team handling these repetitive tasks. This division of resources can diminish the organization's overall capacity to support existing users and streamline processes. Alternatively, organizations might choose to bolster their technology teams by increasing headcount, which, in turn, amplifies direct spending. It's a delicate balance between resource allocation and efficiency that organizations must navigate as they scale.
No single solution.
Throughout our collective careers, our team has garnered diverse experiences, having worked at numerous organizations. Much like the majority of individuals in the IT field, we started as boots on the ground, offering support to internal teams and clients. A substantial aspect of our early work, and a persisting component, revolves around device lifecycle management. Over the years, we've encountered various forms of device deployment, each accompanied by its own set of advantages and disadvantages. These experiences have enriched our understanding and equipped us with valuable insights.
-
Referring to a dedicated support process, individual, or team specifically structured to manage the entire device onboarding, support, and offboarding for the organization. However, this approach comes with the condition that it necessitates a well-defined process with appropriately allocated resources.
The potential bottleneck in resource availability poses a risk, potentially resulting in a decline in support services or an upsurge in spending. Careful consideration and strategic resource allocation are imperative to maintain the efficiency and cost-effectiveness of manual deployment procedures.
-
The creation of a machine snapshot is seamlessly extended to multiple devices. This process can be executed through USB tools or a network solution. Utilizing images offers a swift means of deploying devices, establishing a standardized baseline inclusive of updates, software, and configurations.
However, it's important to note that managing images requires a level of overhead to ensure their proper organization and maintenance. Implementing robust lifecycle management is imperative to prevent the IT team from using multiple image variants and to ensure that the images themselves stay consistently current and effective.
-
Remote Monitoring and Management (RMM) tools serve as agent-based solutions proficient in executing device configuration and facilitating image deployment.
Typically, these solutions necessitate the device to be powered on and configured with an agent. It's crucial to note that this process introduces an additional layer of overhead to manage images and configuration policies, contingent upon the variety of solutions integrated within the RMM tool. Careful consideration and effective management are key to optimizing the benefits of RMM tools while efficiently handling associated configurations and images.
-
Collaborating directly with device vendors and partner sellers empowers you to integrate your deployment process at an earlier stage in the device life cycle.
Vendors and partners responsible for device configuration often request images adhering to specific guidelines. Some service agreements may impose restrictions on the software that an organization can include in images, particularly alongside the operating system and its version. In such cases, careful management of the image life cycle becomes pivotal, as vendors may limit the number of images they can process from customers per month or year. Failing to navigate this effectively could potentially leave your devices in a vulnerable state.
-
Engaging a service partner offers organizations a versatile solution for streamlining device management. Such partners are capable of delivering a comprehensive array of services, ranging from the seamless onboarding of newly acquired devices to overseeing the entire life cycle — from onboarding to offboarding.
The scope of services provided by service partners is tailored to the specific level of management requested by the organization. These partners typically operate under their own service level agreements (SLAs), which are aligned with the services they offer. While service fulfillment remains a primary focus for partners in this domain, the nuances of their SLAs play a key role in ensuring the effective delivery of the intended solutions.
Our proposed solution: Intune Autopilot
The capacity to swiftly deploy and refresh in an automated, unattended manner enables organizations to reallocate resources efficiently, enhancing their ability to meet the support and project requirements of the organization. This streamlined process establishes clear expectations, ensuring a seamless and expedited workflow.
Autopilot provides the ability to connect a fresh device to the internet and deploy configurations on baseline with all existing devices during initial configuration.
Your organization unboxes the device, connects it to an ethernet port with access to the internet and presses the Windows Key 5 times on immediate launch of the device.
The device will enter the autopilot setup stage and will perform the initial configuration.
Once complete, the device can then be boxed back up and placed on a shelf or shipped to the end user.
Users receive their device and immediately enter the OOBE(Out of Box Experience).
Users are immediately greeted with their organization branding and are prompted to login after connecting to their local internet.
Upon entering their desktop after seeing the “Getting things setup” screen, the device will enter secondary configuration. System configurations, security policies, and software are deployed.
The user is able to log onto Office 365 to carry out any initial onboarding communication simultaneously while the device is being configured, but we generally tell our clients to have users step away and grab some coffee or beverage of choice so that they can come back to a fully configured device.
Existing devices can also take advantage of this process.
Existing devices can be enrolled into Autopilot.
Once enrolled, the device can perform a reset from their company portal and the process can be repeated by a trusted end user or the technology staff.
We generally ask clients to perform a swap of devices in this instance if inventory is available.
Depending on the multiple variables listed below, configuration of the device can be as quick as 10 minutes, with the most extreme case being an hour.
Software count
Configuration settings
ISP speed limits
The solution isn’t perfect.
While we wholeheartedly advocate for this solution, our approach is rooted in transparency. We don't endorse it blindly; rather, we strive to present the complete picture. The essence of autopilot lies in effectively bundling multiple processes and policies into a streamlined package for swift execution.
Initial configuration of autopilot can be performed over WiFi if the setting in bios is active, but we recommend over ethernet to ensure expected behavior. This means access to an ethernet hub provides the highest success and speed.
Organizations should look to shift their purchasing of devices to a vendor partner for a more streamlined experience. An upside is that you can partner will multiple vendors in the event you require different hardware for different internal verticals or user needs.
This allows devices purchased to be pre-registered to your tenant and ready to begin the process.
With existing devices you will need to configure an auto-enroll policy with existing devices and push it to them.
Devices that have been purchased but have never been configured, they will need to either be signed into once and added to the Intune environment to deploy the registration configuration or you will need to manually import their hardware hashes into autopilot.
Organizations will need to invest time into determining if their devices meet the standard for deployment when injecting existing devices into the autopilot suite.
Organizations that rely on utilizing legacy OS or unsupported OS versions will not be able to utilize this solution.
This solution will not span Mac devices if your organization utilizes a mixed environment. We offer Jamf expertise in scenarios with mixed environments of Mac and Windows.
The ROI of it all.
Ultimately, a solution's viability hinges on its ability to deliver tangible outcomes for the investment. Whether you hold the position of Director of IT, CTO, or IT manager, your organization seeks immediate benefits from the implementation of this solution.
-
Traditionally, members of the technology team invest considerable time in configuring individual machines or sets of machines. The conventional deployment process typically takes around 2 hours per machine. By leveraging imaging, organizations can significantly reduce this time to approximately 1 hour.
However, with autopilot, the entire process—unboxing, enrolling, and packaging up the machine—requires only about 10 minutes from a member of the technology team. This translates to a remarkable time-saving of approximately 85%.
-
The significant time savings achieved through streamlined processes empower organizations to reallocate resources effectively, leading to more streamlined projects and enhanced support services. This, in turn, facilitates a swift return to business as usual for employees. By ensuring the allocation of proper time and leveraging experienced resources, organizations not only optimize their operational efficiency but also realize monetary benefits. This strategic use of resources ensures a seamless and efficient business ecosystem.
-
Embracing this device delivery model fortifies an organization's cybersecurity posture by guaranteeing that all devices dispatched to users consistently adhere to the organization's baseline policies, configurations, and software standards. Any adjustments made to these parameters seamlessly propagate across all devices, ensuring swift and uniform updates that align with the latest security measures. This approach not only enforces compliance but also provides a proactive strategy for maintaining a robust cybersecurity stance across the organization's device landscape.