cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Set Up New Laptop with M365

Sean Huggett
Copper Contributor

‎Nov 14 2018 10:11 AM

‎Nov 14 2018 10:11 AM

Set Up New Laptop with M365

Hi all

Forgive me for asking a noddy question, as I'm not a skilled admin. I run a small business and have hired my first employee. I'm using M365 with standard policy settings applied. In truth, I haven't learned all the bells and whistles yet, but I like the ability to remote lock and wipe, apply information protection etc.

 

When setting up Win 10 for my new employee, I'm being asked to authenticate with a mobile (which I've yet to provide to the employee), to set a PIN number and then set a password for Bitlocker (as I like to apply FDE on laptops).

 

Is there a way I can link his laptop to my 365 environment, download office for him and set up files shares but then require him to set up the end factor for authentication, his preferred PIN and his preferred password for Bitlocker? 

 

At present I'd be setting it all up with a PIN and passwords I choose and then getting him to change them later. I'm assuming there must be a more elegant way to handle this using M365 tools that I've not mastered yet?

 

Thanks for your help in advance!

 

Sean

14.8K Views
0 Likes
3 Replies
Reply
3 Replies
David Bjurman-Birr

‎Nov 14 2018 10:19 AM

‎Nov 14 2018 10:19 AM

Re: Set Up New Laptop with M365

Hi Sean,

 

Yes!  You simply need to enroll the device in Microsoft 365 Business.  Please check out my training deck, Deploy and manage Windows 10 in this post here.

 

The first step is to make sure you complete the configuration wizard and get the policies turned on.  Next, you'll want to join your device to Azure AD.

 

If it's a new device, you simply sign in with your Microsoft 365 Business credential to attach it to your tenant during the Out Of Box Experience.  It will inherit the policies you created.

 

If it's an existing device, you would attach it to your Microsoft 365 Business tenant via the 'Set up a work or school account' action in Settings on your laptop.  It looks like the image below.  Be sure to select 'Join this Device to Azure Active Directory' as highlighted in red.

 

joinAAD.JPG

 

Hope this helps!

 

David

0 Likes
Reply
Sean Huggett

‎Nov 14 2018 11:39 AM

‎Nov 14 2018 11:39 AM

Re: Set Up New Laptop with M365

Hi David

Thanks for the speedy reply and the links - there's some great information in there.

 

From what I'm seeing, my new employee effectively self provisions. They provide their M365 U/N and P/W which links the device to Azure AD - which in turn applies the policies. These can be set to oblige them to download O365 and implement Bitlocker, so once the user logged in these are 'pushed'. 

 

Assuming that's right  - is there the option for me to do all of this for him in advance - by which I mean, be able to download Office for him, set it up, download the Teams App, set it up, and confirm everything is good before his start date or do I have to give him a new laptop with Win 10 and let him sort it from the point of OOBE onwards?

 

Apologies if I missed this somewhere in the slides.

 

Thanks again

 

Sean

0 Likes
Reply
David Bjurman-Birr

‎Nov 14 2018 01:09 PM

‎Nov 14 2018 01:09 PM

Re: Set Up New Laptop with M365

Hi Sean,

For new PC’s (or recycled PCs) you can use autopilot to pre-enroll devices by importing their hardware ID before the OOBE is run. This method is primarily designed for mass deployments where the hardware vendor ships new devices directly to end users.

To set up devices in advance on a small scale, the simplest solution is to log onto the device as the end user (for new users) and then require them to change password and enroll MFA at first sign on. For existing users, you can log on as yourself to enroll device and get policies and the Office client installed.

David
0 Likes
Reply