Windows AutoPilot: Add Devices and go for it!

A lot of information has been published around Microsoft’s Windows AutoPilot. Very briefly, Windows AutoPilot is a cloud service and aims for a zero touch, personally customized experience when deploying new Windows 10 devices. Below you will find 2 video’s which explains AutoPilot:

A more detailed video can be found here.

An important step, a requirement for AutoPilot is to add the devices, pre-deployment, to the customer’s Microsoft Store for Business. The idea is that the hardware manufacturer will do this step for customers but to be able, right now, to test AutoPilot, you need to upload a .csv file with details about the hardware, like: Device Serial Number, Windows Product ID and Hardware Hash. This part took me a couple of hours to figure out. I’m not a Powershell guru and you need Powershell to get the required info. Below the steps to make the magic happen! And, you can test AutoPilot with VM’s!

  1. Firstly, there are a couple of requirements: You need a Azure tenant, Intune, a Microsoft Store for Business linked to it and Windows 10 devices, 1703 of higher and the devices can be VM’s,
  2. Create 1 or 2 Windows 10 VM’s. Install them, update them, shut them down and take a snapshot,
  3. Start the VM again and create a folder in the root: c:\temp, as an example,
  4. On your host machine- not VM, open Notepad and type the following:
  5. On your VM, start Powershell, Run as Administrator, and go to your folder:
  6. In the Poweshell Gallery, there is a script to get all the required info you need for your .csv file. More details here,
  7. To get the script, run the following command- enter “y” 3 times to accept: 
  8. In my case, to execute the script (you only downloaded and installed it), I needed to adjust the Execution Policy on my VM. You can use the following command to do that- also here, enter “y” 1 time to accept,
  9. Now, execute the script. In the follwing command, you will execute the script, and save the outcome to a .txt file with a specific width. The width makes sure you will see the complete Hash,
  10. Output text file contains the Hash, Windows Product ID and Serial, in that order,
  11. Copy/paste the info in your Notepad document, like the example above,
  12. Save the document as a .csv file and open your Microsoft Store for Business,
  13. Under “Manage” you will see “Devices-Add Devices”,
  14. Import your .csv file,
  15. Create a new AutoPilot Profile:
  16. Attach it to your machine,
  17. If you haven’t already done so, Sysprep your VM, snapshot it and turn it on. You will see a customized login prompt with your tenant name. AutoPilot is working!

Don’t let legacy apps block you from Windows 10 modern management.

Windows device management is changing enormously and possibilities are huge. One of the reasons is because Windows 10 is completely different than its predecessors, and is considered to be more of a mobile Operating System. Also, the broader devices environment is changing as we all know. You most likely have seen the “old vs new management style” of Windows devices in organizations. The old school consists of:

  • Corporate owned devices, most of them Windows desktops, Active Directory joined, Group Policies, SCCM managed, on-premises, locked down, business only purpose,

The new school consists of:

  • A mix of corporate and personal devices (Choose your Own/Bring Your Own), a mix of Windows/IOS/Android devices, Azure AD joined (where possible or necessary), managed via an Enterprise Mobility Management solution, on- and off-premises, more open/light way management, mix of business and personal use.

EMM vendors see a huge opportunity for their products to play a big part in Windows management within organizations, and they are right in doing so in my opinion. With EMM you can check all the boxes of the new way of management: 1 platform for managing different flavours of devices, corporate and personal owned, light way management, most times offered as a SaaS service etc. Bottom line, less device management, more app and data management for different kind of devices.

So, what’s keeping you from going to the bright side, the new school, the modern way of management? Many customers are using or investigating EMM products for the traditional mobile device- and application management, many customers are looking at content/data security but some customers are hesitant to use EMM for the Windows desktop/laptop devices, even though the world is changing, as mentioned before. Maybe they would like to use it but apparently there is a blocker (besides that change always is scary : ) That blocker, in my opinion is : legacy Windows apps.

Legacy Windows app can be difficult to manage. Most times they are 32-bit also or even worse, 16 bits, you deal with manual patches, difficult configs, multiple MSI’s etc. Tools like SCCM can be used to deploy those apps, just fine. Another way, maybe even additionally to SCCM, to optimize the desktop and/or app management, customers have been moving/looking at Server Based Computing and VDI. With those platforms you make management better, easier and maybe more efficient for some use cases. However, you don’t deal with the real problem: the apps themselves.

EMM tools are for light way/light touch device and app management. They cannot do all the fancy things SCCM can (MSI chaining, prioritizing order of install, pre- and post scripts), and they shouldn’t. The new way of management is just different. Take a good look at your legacy apps. There are may options nowadays: app vendors also have SaaS services, or a hybrid solution like Office365, or, change your apps/vendors and go for a competitor. I’m aware it isn’t easy but I remember a customer who mentioned an app, used by 5 users, 16-bit, no new versions, hard to manage and keeping them from upgrading their standard OS. An incredibly expensive app. Rip off that band aid, go through the first pain and in the end, life will be better. Seek the solution where the problem is. Maybe switching to a modern approach is a great moment to evaluate your app landscape. I am a firm believer in the modern management way with physical mobile devices managed by EMM. I believe that way will save a lot of management time and cost (imaging-apps-user setting solutions) and will increase user experience. SBC and VDI are great solutions to specific use cases but can be slowing you down in modernizing your apps and in worst case, keeping you from moving to Windows 10 and modern management.

Windows 10 Creators update: Office Mobile App Management happiness!

In my previous post, I discussed one of the great possibilities in Intune: managing the mobile Microsoft Office apps on Android and IOS. I truly like this feature and immediately I was thinking; what if….what if this would be possible on Windows 10 as well?! What I totally missed was an official blog post from Microsoft discussing the Windows 10 Creators update. Among many cool updates, there will be a great new feature: Mobile App Management for the Office apps on Windows 10. All the features I discussed i the previous post for IOS and Android will apply for Windows 10 as well. You won’t need to enroll your personal Windows machine anymore to access corporate resources/data in a secure way. The MAM policies will give you a great experience, setting up the apps and accessing emails and data and providing security for corporate data. Do check out the clip.