Event banner
Event details
38 Comments
- With the current abilities of Autopilot we have the option of setting the local user as an admin on the device or a standard user. Will there be future options to allow for a local admin account to be created or allowing specific Azure accounts to have local admin on the devices since they are Azure AD joined. As with I am sure other organizations we do not want to grant end users admin on their devices but it seems Autopilot orphans the device with no admin as the built in local admin account is disabled if we set the Autopilot configuration so the user has standard privileges. This is then a gap from a support perspective.
- Jason_Sandys
Microsoft
Welcome back ChrisWilliams
and thank you again for the question. There are no specific capabilities within Autopilot or AAD for this, however, we've continued to iterate on the built-in CSP for managing local admin permissions on managed devices. Here's a fabulous blog (non-Microsoft but written by a excellent Microsoft resource): Managing Local Administrators with Azure AD and Intune – Jeff Gilbert's Cloud. Please let me know if this doesn't fully address your challenge(s) though.- Thanks again for the reply and I will review Jeff's blog in detail which may answer some of those issues we have been experiencing.
Welcome to the Windows Autopilot Ask Microsoft Anything (AMA)! This live hour gives you the opportunity to ask questions and provide feedback to the engineering and product teams building Windows. Introduce yourself by replying to this thread. Post each question in the Comment on this event… box above.
Here's who's on deck today to answer questions about preparing for Windows Autopilot:
Heena Macwan
Steve Thomas
Joe Lurie
Jason Sandys
Hung Dang
Jon Andes
Eric Huang
Nandhini Prasad
Liz Cox
Kevin Mineweaser
Daniel Chavez Zayas
Deepika Wadhwa- 1. Are there any plans to extend Autopilot to Teams Rooms and Surface Hub? 2. it would be nice to have applications and scripts deployed in a specific order by autopilot. Similar to a task sequence
- Joe_LurieThanks for the question. Windows Autopilot is currently available for Windows 10 and Windows 11 (when its released), and HoloLens. We are investigating other devices where it makes sense to include Autopilot, so thanks for that feedback!
- When we acquired laptops, our equipment team loaded them (back in April 2021) in Autopilot so they are ready to be enrolled by users once we ship the laptops to them. However, we noticed that the entire batches loaded during April, are now marked as disabled in Azure AD Devices, which results in users unable to enroll the device. Is there a setting somewhere that would cause loaded but unused computers, to be disabled automatically? Thank you in advance.
Heena MacwanHello Sonia, Can you please create a support ticket on this topic with us, also can you please add more information on whether the devices were registered in Autopilot or not, and more details on what profiles were targetted to the devices and what specifically happens once the device is turned on? Thanks, Heena- Hello Heena, thank you for answering. The devices were loaded into Autopilot with serial number and hash, but were not assigned any profile as we didn't know yet if they would be targeted to representants or employees, which is a different autopilot profile in our environment as both groups need specific rights, applications and other things. I will ask my colleague to open a ticket for me as I am new in the team and have never done it, but we were wondering if there is such a setting first so we can look into it before opening the ticket.
- We have recently implemented Autopilot but our CISO has turned off the WS-trust protocol due to reported attacks. As a result we’re dead in the water with the product. Are others reporting this kind of difficulty and if so what can we do about it?
- Hung_DangMDM enrollment on Windows requires the WS-Trust protocol (as does a lot of other features on Windows). Could you clarify how you've disabled the protocol exactly? e.g., disable a port or something?
- Heena MacwanHello Iain-755, can you please add more details on how Autopilot is related to the WS-trust protocol?
