User flow is failing after Technician flow completes successfully (Device is already enrolled error)
Hello! Just finished setting up a new O365 tenant with an Autopilot deployment profile and I am running into this issue. I managed to get the Technician (pre-provision) flow to complete successfully, but when a user signs in to initiate the User flow, an error appears saying the device is already enrolled (error 8018000a). Well, the deviceisalready enrolled because going through the pre-provisioning process enrolls the device, but there is no Primary user and the 'Enrolled by' field is blank on the Intune object. The weird thing is, when the user receives this error, if they wait 10 minutes and try again it will succeed. What seems to be happening is that the error triggers Intune to delete the object associated with that device. Once it is deleted, the user can sign in and the User flow can be completed. I know a potential work around may be assigning the device to a user ahead of time, but I want to have the devices configured so they can be handed out to any user and the first one to sign-in enrolls the device. Any help on how to resolve this issue when the Technician and User flow are separated would be greatly appreciated. TL;DR: When technician flow and user flow are separated, user receives 'Device already enrolled' error when signing in.Third party MFA challenge when enrolling device with Windows Autopilot
Hi everybody, Last week I encountered a challenge while enrolling a device with Windows Autopilot. The issue was that our customer uses a third-party MFA/Federation solution that's having issues during enrollment (white screen during authentication problem). I've worked out a solution with Temporary Access Pass and Windows Hello for Business and wrote it down in this blog. Maybe it can be useful in the future, in case you encounter a similar issue. Third-Party MFA Challenge: Seamless Device Enrollment and Authentication with Microsoft Intune (nickydewestelinck.be) Any feedback or remarks are welcome! Thanks!
How To Remotely Autopilot Laptops via -Online switch
I have existing remote laptops that I want to autopilot but how do I submit HWID using the -online which requires intune admin credentials? Is there a Just-in-time permission and/or single use password protected with MFA that can allow user to submit HWID on behalf of company? My understanding was that "convert all targeted devices to Autopilot" meant the HWID would be submitted automatically for these existing devices. If this is not the case my only roadblock is not having physical access to laptop to enter my intune admin credentials. I would run sysprep application to trigger oobeUAC during OOBE (after switching from Admin to Standard user in Windows Autopilot)
We switched settings in Windows Autopilot to make the user a standard user instead of an admin. Now, during OOBE I am asked multiple times to execute a PowerShell script as an admin. What causes this behavior and how to prevent?Autopilot requires three logins
Hi all, during the project phase for setting up our AutoPilot process, I noticed that Autopilot requires three (!)logins. The first one at the welcome screen The second at the local login The third when connecting to the Azure AD We expect our users to log in, walk away, and come back a few minutes later to find their computers ready to use. After all, that's supposed to be the big advantage and point of AutoPilot. Now it looks like they have to log in again when they come back to complete the account setup. Are these steps intentional or is there a configuration anomaly in my setup as this causes additional difficulty for the user. Is there a way to resolve this issue?Windows Autopilot device(s) could not be imported
I ran the Get-WindowsAutopilotInfo.ps1 on two computers, one was a VMware VM and the other was a Dell Laptop. The VMware VM .csv file imported with no problems, but the Dell laptop stopped with the error in the subject. Any ideas why? I checked the headers of both files and they are correct along with the comma's in the right place. No other characters in the hash like "".
Autopilot Pre-Provisioning Issue
We have an issue when attempting to pre-provision devices on our corporate network to ensure we aren't blocking any of the endpoints we have created a separate VLAN that is fully open on port 80 and 443 however provisioning still fails on the ESP. We receive different error messages each time but the most common is: Setup could not be completed (Installation Time Limit exceeded). Please try again or contact your support person for help. We do not want to disable the ESP as this is ensuring we have our security required apps installed mainly Zscaler. Has anyone else experienced this or managed to work around it.
Problem with Windows Autopilot deployment
Hello everyone! I'm currently using Intune Plan 1 trial period, testing MDM for the company where I work. I am using a corporate-owned device, which has been used before, as a testbed. A few months ago I've done a complete factory reset. I wanted to implement Windows Autopilot in order to test the setup capabilities of Intune. I've followed these two tutorials and I've done all the necessary steps. https://www.youtube.com/watch?v=t6RLxsGCM6A https://www.youtube.com/watch?v=X2S0I84fTcU However, upon turning on the computer, it does not proceed to the Windows Autopilot and continues to a regular first-time setup instead. I consider these two reasons as to why this is happening, although I'm not certain: The device has been reset to factory settings, therefore requires a regular setup for security reasons. I haven't linked the device to a proper Microsoft Account. My planned actions are to setup a Microsoft Account and create a link to the device. I'll try to see if it would work. Have you ever had experience with this kind of problem? Please let me know in the comments. Thank you!Windows Autopilot - OEM and User-Driven Mode
We currently have Autopilot User-Driven mode working for Hybrid join and co-management. The problem is to get the system ready with all configuration and software from Intune and MECM takes 90 mins and the user has to wait this long for their device to be ready from the time they unbox it to the time everything is complete. Pre-provisioned deployment allows for an OEM or IT function to add software before shipping to the user thus reducing the time at the user end before the system is fully ready. The problem for us is that it is in public preview so we cannot use it in production as it's against our policy. So I was wondering the following: Q: What is (or would be) preventing us using a single (or multiple) generic IT accounts to drive user-driven deployments. For example: OEM or IT admins sign-in into the devices with these generic accounts and kick off autopilot by signing into AzureAD with MFA etc. Cloud management gateway used to delivery most of the software to the SYSTEM as we don't really use pre-user apps Once complete we ship to the user The only issue I see out front maybe Bitlocker and where to store the recovery keys.
