Intune Standalone – Part 2 – Enrol from OOBE

In this series:

Intune Standalone–Part 1

In Part 1 of this series, I enrolled a device that in an post-OOBE state, had it in workgroup mode and finished the setup.

Here’s a brief run through on what it looks like to manually enrol a device that is sitting at the first prompt of Windows OOBE [2].

I’m enrolling a Windows 10 Build 1709 Operating System, with unmodified media.

We will at some point in the series modify the media, so that we can fine tune the configuration of Windows 10, before it is on-boarded into Intune.

Let’s punch in our Intune administrator credentials:

image

Tap in your password:

image

Some authentication is carried out, and the on-boarding to Intune Standalone begins:

image

We’ve now setting up the device:

image

This phase of setup could be automated, click around and select Accept

image

Ok the device is being readied up for the user to login:

image

image

In Part 1 I setup 2fa and enrolled a device, there were more dialogs to fill in then than now as a result, we’re now having policy enforced from Azure\Intune so as to setup a PIN for this device:

image

Tap in the verification code sent to you by whatever means you selected for 2fa notification delivery:

image

Now we get to set the pin, make sure it is memorable:

image

Cool, and now we’re …

image

We now see this new device showing up in the Intune Portal:

image

image

image

Very simple process.

As I said in the preamble, you can tweak the installation media a bit to configure how Windows 10 will deploy, a custom unattended file for example, then ship equipment to users who can enrol the device themselves using their Intune credentials, or, if you have AD Connect to plumb your on-premise AD to AAD, along with a bit more wiring, they can login with whatever account they use, and get the device enrolled into Intune.

Right, that’s another client to use for testing during this evaluation of Intune.