MicrosoftOnly for user-driven enrollment? What is even the point of this feature? Please implement it for pre-provisioning, what large enterprises are actually using, or do you really think we get our users to wait for an hour or 2 when onboarding them by using the user-driven enrollment? Of course not.
MicrosoftThis option provides a few benefits. While the end user may need to wait 20-40 minutes (based on our private preview testing, and dependent on many variables) extra, they are much less likely to have the device download and install an update after first login, and a reboot on the first day or two... so less background processing unless they go through OOBE on the Monday before patch Tuesday, of course. This also means admins can count on the devices being up to a minimum level when first accessing the devices, potentially tightening up grace periods and compliance rules, protecting corporate resources.
You are right, there are some advantages to applying the updates during pre-provisioning and we are hoping to add that capability as well.
-David
Hi David, as I mentioned in another post, pre-provisioned devices have a key limitation: the user only gets one chance to complete their flow when the computer powers on for the first time after being resealed. Microsoft warns about this behavior https://learn.microsoft.com/en-us/autopilot/tutorial/pre-provisioning/azure-ad-join-technician-flow:
The enforced OOBE update and its reboot during the user flow can break the process and leave the device stuck at the DefaultUser0 login screen. Ideally, OOBE CU updates would either be applied before pre-provisioning begins. It could also automatically reset the autologin count for DefaultUser0 so the user can continue after the update, or simply be skipped when a device has been pre-provisioned.
Unfortunately, none of these safeguards were in place when this was enabled in our tenant, before Intune’s ESP settings UI added controls for managing it.
