Provision Windows devices from anywhere to support a mobile workforce


In this, our second chapter of the Enabling Remote Work for IT Pros web series, we focus on practical tips to help you effectively provision Windows devices from anywhere. We walk through a variety of strategies, from simple to complex, to help you better understand how to leverage Azure AD Join with Microsoft Intune, or Configuration Manager co-management and task sequences. We then present you with a clear list of the steps you can take now, start soon, or work on in the future.



Learn more

Here are links to the resources mentioned in this session:

While not mentioned specifically in this session, here are some additional resources you might find helpful:

Frequently asked questions

Q: For Hybrid Azure AD join, if we have a line of sight with the domain controller, is the Intune connector required?

A: Yes, it’s what gathers an offline domain join blob from your domain controller.


Q: Is there a way to define the complete computer name for devices provisioned via Windows Autopilot?

A: For Azure AD Join devices, yes, there is a graph API. For Hybrid Azure AD devices, no, there is only the ability to prefix something onto the name.


Q: Is there a list of supported VPN clients?

A: We don’t have a supported list because we don’t support the configuration of third-party VPN clients. Customers will need to figure out if your VPN works in this scenario. The real question to ask is ‘does your VPN support pre-logon/start before logon auth?’ or some sort of AOVPN.  If so, it will work.  These are some of the VPN providers we expect to work:

  • Cisco AnyConnect (Win32 client): “Start before Logon”
  • Pulse Secure (Win32 client): “Credential Provider”
  • GlobalProtect (Win32 client): “Pre-logon”
  • Checkpoint (Win32 client): “Auto Connect/Always Connected”
  • Citrix NetScaler (Win32 client): “Always on”
  • SonicWall (Win32 client): “NetExtender on Startup”

Note: We do not document or support how you configure your VPN as it is a third-party configuration.


Q: Is there a way to get the device enrolled in Windows Autopilot remotely?

A: The only way is if it’s currently managed through Intune. You can assign a Windows Autopilot profile with the “Convert devices to Autopilot” option enabled, and the hardware has will be automatically harvested at the next check in.


Q: Are there any alternatives to enroll multiple devices, already deployed, besides Windows Autopilot and Bulk enroll using provisioning package files (PPKG)?

A: All of the possibilities are documented here:


Q: Is there a way to use White Glove deployment with standard applications without pre-assigning the device to a particular user?

A: If you target your applications to devices, then you don’t need to. If the apps are assigned to users, then you need to assign a user.


Q: Are we able to deploy the provisioning package files through Intune?

A: No, this is not currently supported.


We hope you find this session useful. We'd love your feedback and ideas for future sessions so please fill out this short survey. Thank you!



0 Replies