Forum Widgets
Latest Discussions
AutoPilot Time Zone configuration and policy settings
All computers deployed via AutoPilot, AutoPilot Reset, or manual reset (settings, recovery, reset this PC) are deployed with the computer time zone being set to PST (Pacific Standard Time). We are working with national and international customers that require AutoPilot computers being shipped globally but we are trying to deliver the “Zero Touch” Out of the Box experience to the end user. In order to maximize security our standard AutoPilot deployment profile sets “User Account Type = Standard”. Therefore when a computer is delivered, the recipient is unable to update their time or time zone without contacting support. Additionally, if we try to assist the user with traditional web tools such as “MS Quick Assist” or 3rd Party tools, such as ConnectWise, Screen Connect, or TeamViewer the connection is established with the user’s credentials. The moment the change is attempted MS User Access Control (UAC) kicks in and we are unable to see or assist with the dialogue box to enter alternative administrative credentials. Our position is that we should be reducing software on computers to reduce the attack surface. We should not have any administrative accounts on a local computer to reduce the attack surface. We need to be able to set the clock automatically in Intune. We also need it to be able to be changed/updated for travelling users in a Zero Touch manner. How much revenue/pipeline for your company is this impacting? This issue isn’t about revenue generation but is about reducing support expense, loss of productivity time, and time inaccuracies effect almost every aspect of computing from logs to file time stamps. Everyone in the organization, except those individuals in the Pacific Time Zone, are effected. Even those people in the PST are effected when they travel to any other time zone. How many users total do you anticipate this impacts? Every one in the company is affected. Since we support multiple companies, I can safely say that this effects all users in all companies that use Intune deployments at some point. Is this blocking the use of autopilot completely? No, the inaccurate time stamp does not block the user of AP completely but unless corrected the issue has a severe negative impact on users. The workarounds that I have attempted so far are described here: I uncovered an article by Microsoft MVP, Peter van der Woude, from the Netherlands. He developed a Custom Device Configuration Profile using and OMA-URI setting that can set the time zone for a user at the time of deployment. This saves the user from having to set their Time Zone. However, it is a one-time setting and the user cannot change their TZ without admin support. If traveling the user would need to manually change the setting to a new local time and again require admin support. https://www.petervanderwoude.nl/post/configure-time-zones-via-windows-10-mdm/comment-page-1/?unapproved=89325&moderation-hash=9de6ea58c25259cc52d3eeb667f350ef#comment-89325 (Note about this fix is that when I opened a ticket with MS support, I was offered this as solution as a work around.) Another work-around suggestion is to create and send a PowerShell script to the computer (see below) Set-TimeZone -Id “Central Standard Time” Start-Service W32Time Restart-Service W32Time Finally - Nickolaj Andersen from MSEndPointMgr.com developed PowerShell scripting using Windows 10 location services and Azure Maps that can get Time Zones working but would also incur Azure charges. The author notes that it currently works but if Windows code changes in anyway, it scripting can break and there would be no one to support the problem at that point. https://msendpointmgr.com/2020/05/20/automatically-set-time-zone-for-devices-provisioned-using-windows-autopilot/ Ultimately, we would like to see a native solution in Intune which just works. Any help getting us toward that solution would be greatly appreciated!Welcome to the AMA for Managing Android Devices with Microsoft Endpoint Manager
To submit a question, click "Start a new conversation" in theMicrosoft Endpoint Manager AMA space--and do this for each new question.This will enable us to easily identify and answer your questions. If you want to keep an eye on the questions being asked by your peers, simply stay on theMicrosoft Endpoint Manager AMA space--and refresh the page from time to time. Ask us your tough questions, your detailed questions, your simple questions--or, share your feedback (your experience to date, features you'd like to see, etc.). After the event, we will make a summary of this AMA and post it to the group. Let's get started! Please introduce yourself as a reply below!Welcome to the Windows Autopilot AMA!
To submit a question, click "Start a new conversation" in theMicrosoft Endpoint Manager AMA space--and do this for each new question.This will enable us to easily identify and answer your questions. If you want to keep an eye on the questions being asked by your peers, simply stay on theMicrosoft Endpoint Manager AMA space--and refresh the page from time to time. Ask us your tough questions, your detailed questions, your simple questions--or, share your feedback (your experience to date, features you'd like to see, etc.). After the event, we will make a summary of this AMA and post it to the group. Let's get started! Please introduce yourself as a reply below!Autopilot ESP "Account setup" phase speed
The Autopilot ESP "Account setup" phase in certain scenario's may hang on "Identifying" for a long time. As an end-user or IT admin it is hard to see what's going on behind the scenes. Are there any plans on improving performance during ESP (specifically the "Account setup" phase) and/or show more detailed progress?
Autopilot Hybrid Join from anywhere/VPN availability?
I'm REALLY interested to get testing the Autopilot Hybrid-Join over VPN/from anywhere option. This has long been the gold coin in this solution and endless organisations are waiting on this as it's easily the most awaited Autopilot feature. Any such information on what VPN providers are supported or this scenario and more importantly when this can be achieved would be very welcome. Thanks
Use Autopilot with Windows Home for Devices entitled to Education Licences already
A very common scenario in the Education space is to purchase devices with Windows 10 Home OEM to get the lowest cost and then change to Windows Education or Enterprise using the already purchased licenses via EES. When people where reimaging devices this didn't present a problem but with COVID and WFH , now more than ever Autopilot is something we and many other institutions want to use but as Windows Home is not compatible with Autopilot it stops us from doing so. Do you know of any technique that would enable the many schools and universities that would require this to get around this without manual changes on the devices - i.e. maintaining the ability to ship straight to user , have them start OOBE on a Windows Home devices but have it checkin with Autopilot, upgrade to Education/Enterprise and install register as normal? Currently the answer I tend to get given is "buy Pro license" which seems crazy that we would be forced to pay out additional money for a product we are already paying twice to licence! This seems to be a real oversite that will effect a huge sector and stop them from using autopilot. I think ideally something like the ability to perform a key sequence (like for whiteglove) during a Windows Home boot and chose - checkin/ auto upgrade with my Education establishment , or something like that would be a way forward. It is an additional step beyond the normal autopilot procedure but if it is a way to solve the problem it would be great.Autopilot/ESP App install progress and app names?
During Autopilot installs there is just a simple "Installing App (1/10)". it would be very nice to have some actual application names there. Often when the process is taking a long times it looks like the process may be stuck. If I can see it is Office 365 ProPlus currently installing this may help to understand that the process is meant to be taking longer right now. Also if something fails, the user could directly tell helpdesk personal: "hey the process stopped during Installing App Xyz..."AutoPilot Bring Your Own VPN Public Preview
We spoke withMichael Niehausin a recent episode on Intune.Training (https://youtu.be/ej8C-3xSjMU). He mentioned that "Bring your own VPN" was in private preview and expected "Next month" meaning June. Do we have an ETA on this feature? On the various forums and social media platforms, this has been one of the most requested features. With many companies still expecting to be working from home, BYOVPN has the potential to increase AutoPilot adoption by enabling more organizations to build Hybrid Azure AD Joined devices without having to rely on ConfigMgr Task Sequences or MDT to build them.
