TEXAS A&M UNIVERSITY
Autopilot Onboarding by TechHub
Purpose
This ITAP outlines the process for manually enrolling devices into Windows Autopilot by the TechHub team when vendor-based zero-touch enrollment has not occurred. It ensures consistency, compliance, and minimizes provisioning delays.
Table of Contents
- Purpose
- Scope
- Intent
- Essential Core Knowledge
- Procedure and Guidelines
- Additional Notes and References
- Examples
- Responsibilities
- Approval
Scope
Applies to all Windows devices acquired and distributed by the TechHub group at Texas A&M University where OOBE is not TAMU branded, indicating absence from Autopilot via vendor provisioning.
Intent
Ensure devices are properly enrolled into Autopilot through a manual sync process when needed, facilitating seamless provisioning for end users and maintaining TAMU device management standards.
Essential Core Knowledge
- Microsoft Intune and Windows Autopilot overview: Microsoft Docs
- Dynamic group membership rules in Entra ID
- OOBE screen identification and TAMU branding recognition
- Device wipe and reset protocols in Intune
Procedure and Guidelines
Manual Enrollment Process
-
Verify Autopilot Status
- Power on the device and observe the OOBE screen.
- If TAMU branding is present, the device has been vendor-enrolled and is ready for end-user distribution.
- If branding is absent, continue with the manual process.
- You can also verify the Autopilot enrollment status by searching for the device's serial number in the Autopilot-enrolled devices list in Intune (https://intune.microsoft.com > Devices > Windows > Windows enrollment > Devices).
-
Sign in to Device
- Use the Device Enrollment Manager service account to sign into "work or school account" option and initiate enrollment into Intune.
-
Wait for Dynamic Group Enrollment
- Allow up to 24 hours for the device to be picked up by the dynamic group and enrolled into Autopilot automatically.
-
Manual Sync Option (To avoid waiting)
- Open a browser and sign into Microsoft Intune (https://intune.microsoft.com) using a secondary NetID account (not the service account).
- Navigate to Devices > Windows > Windows enrollment > Devices.
- Click Sync to manually trigger the Autopilot profile assignment.
- Note the manual sync can take 15 minutes or several hours, depending on the cloud service workload
-
Initiate Device Reset
- Once the device appears in Autopilot, issue a wipe command via Intune:
- Go to Devices > Windows > [Device Name] > Wipe.
- Alternatively, use the Company Portal app on the device to perform a wipe.
- Once the device appears in Autopilot, issue a wipe command via Intune:
-
Device is Ready for End User
- After wipe and restart, confirm that the OOBE screen now shows TAMU branding.
- Device is now Autopilot-enabled and can be handed over.
Additional Notes and References
Examples
Scenario: A Lenovo laptop is received with no TAMU branding at OOBE. TechHub uses the Device Enrollment Manager service account to sign in, waits for the device to show in Intune, triggers sync with a secondary NetID, then wipes the device once Autopilot profile appears.
Responsibilities
- Current Team Owners: TechHub IT Operations
- Original Author(s): Platform Engineering
- ITAP Contributors: Platform Engineering, TechHub IT Operations
- Reviewers: TechHub IT Operations
Approval
- Approved By: Platform Engineering
- Date of Approval: [Insert Approval Date]
- Date of Implementation: [Insert Implementation Date]