Forum Discussion

timjeens's avatar
timjeens
Copper Contributor
Apr 30, 2025

Moving from MDT/WDS to Autopilot – Real-World Lessons, Wins & Gotchas

Hi all, We’ve been moving away from an ageing WDS + MDT setup and over to Windows Autopilot, and I thought I’d share a few key lessons and experiences from the journey. In case anyone else is work...
Autopilot
azu
AzureAD
EntraID
Intune
mdt
ninjaone
radius
wds
WiFi
rbritton69's avatar
rbritton69
Copper Contributor
May 05, 2025

Thanks for sharing this. We are about to begin our pilot of Autopilot. We use Intune for iPhones/Tablets today. Haven't configured Intune for use with Windows Devices at all. Blank Canvas.

We are a hybrid org, mostly on prem, traditional MDT/WDS imaging, local domain joining, GPOs, login scripts, all the traditional bells and whistles. We do use O365 heavily and do a partial AD->Entra Sync, mostly for user objects RE: Exchange Online, Teams, et al. Most of our org resources are still legacy (on prem)...think DCs, File & Print, NPS, et al.  WE use WSUS, and Endpoint Central now, along with GPOs for device & configuration management.  Our WPA2/3 is using NPS->DCs for RADIUS/AAA. 

So it would seem we are in a place where you were before your initiative to adopt Intune for WIndows Endpoint Management. 

We'll need to evaluate whether it makes sense to go pure cloud managed devices. I've done it before at another org. Pros/Cons. 

Later this month, we'll begin to setup Intune for device enrollment and see what we see. Love to go pure cloud managed, but so much of our infrastructure is legacy still. It'll be a much larger project to plan out all layers of the infrastructure which would need to be touched to lean more cloud vs hybrid on prem. 

GOing to be interesting to figure out our way forward.

  • timjeens's avatar
    timjeens
    Copper Contributor
    May 06, 2025

    Thanks for that, that sounds exactly where I was a while ago. Don’t worry about going full cloud. We are still hybrid, and it’s likely it will remain that way for a while, it has its benefits having both ways.

    and moving Radius I have found is not possible, other than just having a windows server in azure with it on..

    with the GPOs there is a handy import function where you can import your existing policies, and then it will tell you if you can migrate them or not, and tells you what can’t be..

     

    I started with syncing all users over to entra, and migrated my local exchange users all over to exchange online. It was scary turning off the on site exchange, but it was running all online for a while before I did that and verified the on site was not in the path for email flows.

    you can PM me if you want any advice, or reply here and I will reply, so others can see the journey.

    good luck

     

Resources