Jul 02 2021 03:22 AM
Hey everyone, maybe someone could help. We have hybrid AD (on-premises + azure). I'm trying to configure always on VPN to work without user interaction during autopilot deployment. When user deploys his new notebook at home and autopilot just finished (it is offline domain-joined to on-premises AD), he need to login to the system using domain account. But unfortunately at home it is impossible without VPN. I found that it can be fixed with device tunnel - always on VPN (https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always...) and tried to configure NDES service (https://msendpointmgr.com/2018/06/19/certificate-deployment-for-mobile-devices-using-microsoft-intun... )
Unfortunately when autopilot has finished at the Intune side for this computer there are device configuration profiles in pending state: SCEP certification request and deploy always on VPN profile.
When user goes to the office, autopilot finish the configuration (creates device certificate and deploys VPN profile), but at home there are two tasks always in pending state. Do you have any idea what could be wrong?
Jul 02 2021 06:28 AM
Jul 02 2021 06:33 AM
@Rudy_Ooms_MVP thank you for your response. In Windows Autopilot deployment profile the setting Skip AD connectivity check (preview) is set to Yes.
Jul 03 2021 12:19 PM
Jul 08 2021 06:10 AM
Jul 09 2021 06:41 AM
Jul 09 2021 01:09 PM