Forum Discussion

shockotechcom's avatar
shockotechcom
Brass Contributor
Jul 28, 2023

Windows Autopilot and Configuration Management Client Installation Methods

I'm using Windows Autopilot to build my machines with AzureAD hybrid join. Currently as part of the ESP we deploy the configuration manager client and our VPN software (both Win32 apps) to them so we can get them co-managed ASAP.  We also do this in ESP as blocking apps to control the device availability to users until they are completed. Our implementation partner advised us to install the Configuration Manager client in this manner to speed up co-management.

 

Autopilot works (albeit slow at _ 60 mins).

I am confused though on whether or not adding the configuration manager client into the autopilot build in this manner is supported? Reading this (Co-manage internet-based devices - Configuration Manager | Microsoft Learn) it states:

 

You can't deploy the Configuration Manager client while provisioning a new computer in Windows Autopilot user-driven mode for hybrid Azure AD join. This limitation is due to the identity change of the device during the hybrid Azure AD-join process. Deploy the Configuration Manager client after the Autopilot process. For alternative options to install the client, see Client installation methods in Configuration Manager.

 

So reading this it seems what we are doing is invalid. So question 1:

 

  1. Is it incorrect/unsupported to install the configuration manager client as a Win32 app during autopilot (ESP or otherwise)?


Furthermore I read here (Co-manage internet-based devices - Configuration Manager | Microsoft Learn) that it appears there is no longer a need to to deploy configuration manager client as an app at all but it can simply be configured in it via Home -> Device -> Enroll Devices -> Windows Enrollment > Co-management Authority

 

You no longer need to create and assign an Intune app to install the Configuration Manager client. The Intune enrollment policy automatically installs the Configuration Manager client as a first-party app. The device gets the client content from the Configuration Manager cloud management gateway (CMG), so you don't need to provide and manage the client content in Intune.

 

 

Is this method only valid post autopilot?

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    Is you AP provisioning dependent on anything getting installed from ConfigMgr under Co-management? If not, then you can install the ConfigMgr agent right at the end by assigning to a user based group. Alternatively, since the device is being Hybrid joined, you can push the agent either using a GPO startup script or automatic push through ConfigMgr (Will depend on your current configuration of course).
    • SweJorgenMVP's avatar
      SweJorgenMVP
      MVP
      I do the same as the suggestion above in the few times we use AutoPilot for Hybrid Join one of the reasons is your question here. We add the CM client using a startup script as we don't want to make the autopilot time longer.
      Moved all required apps to Intune added then as blocking apps in ESP.
      Regards,
      Jörgen
      • fjansson's avatar
        fjansson
        Copper Contributor
        As a GPO startup script? Have you tried deploying it through Intune somehow? I'm about to try adding it as a script in Intune that creates a scheduled task that triggers at logon. Would be nice having the deployment in Intune if possible 🙂

Resources