Windows Autopilot: Adventures of the Shrinking Network Perimeter

The Continuing Adventures of the shrinking network perimeter

Microsoft recently announced Windows Autopilot. Interestingly for me, it came at the end of a week spent taking a customer down a very similar path – on the road to Autopilot, if you will.

This customer is a supply chain business, with remote users scattered around the United States. Most of these users seldom connect to the corporate VPN – and by extension to systems management, Group Policy, and of most import to their users: flushing of the password cache on the local PC after a password reset.

Password Reset for Remote PCs

Because remote PCs do not regularly communicate with domain controllers, a third-party password reset tool is in use. For users off the corporate network, actual domain passwords can diverge from the cached passwords on the remote PCs when changed through this tool. Users now needed to not only remember two passwords for the same account, but be cognizant of where in their workflow they are when entering each password. Not an ideal user experience.

To solve this issue, we did what Microsoft has announced with Autopilot, without all the features. This is what I worked on a few weeks back – not the Autopilot, but Windows 10 devices directly joined to Azure AD, automatically enrolled in Intune (to support Conditional Access), and almost instant installation of O365 Pro Plus. This was all from the Out of Box Experience (OOBE – opening a brand-new PC) and all from the cloud – ‘nothing but Net’. Only a single reboot in the process and less than 20 minutes to being productive.

It All Comes Together

The first time we opened Office 365 after joining with the user’s account to Azure AD, single sign-on worked with no interaction. This was a revelation to them because their current STS is, in many cases, having them present credentials twice for each authentication.

The expression on the IT Pro’s face when he saw all that work together was worth a week away from home. Watching a brand-new Dell XPS 13 go through the process was cool. They’ll still need to touch PCs to put Enterprise Edition on them, but then they can ship them out to users without the manual process that they were previously using. And it will provide a better end-user experience, which is a big part of our goal.

The next pieces that Autopilot provides and this blog post announces; automatic upgrade to Enterprise edition, a reset and rebuild without the user’s interaction, and a program that sounds similar to Apple’s DEP program to keep those corporate-owned devices in your control, will be welcome additions.

At OCG, we are committed to providing the most effective solutions for our customers, and are of course staying on top of the new developments as they emerge.

For assistance with Windows Autopilot and other issues around security and mobile device management, please contact Oxford Computer Group at info@oxfordcomputergroup.com.