Skip to end of banner
Go to start of banner

Endpoint Manager - Enrollment into MEM and Autopilot

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

This page will go through the steps of enrolling a device into Endpoint Manager and Autopilot.

You must bind the device being enrolled to the on prem AD Domain

Adding a Device record to Group Membership in Azure Active Directory

To access Azure Active Directory you can chose the Admin Tile within Office 365 or follow this LINK. After clicking on the link you will need to select Azure Active Directory.

  1. To get to the main options for Azure AD click the Azure Active Directory on the left panel

  2. First, let’s make sure that the device is in Azure AD after being bound to the on prem AD domain

  3. Under the Manage selections chose “Devices”

  4. Search for the computer name of the device we want to enroll

  5. Click on “Azure Active Directory” on the left to go back to the original set of options

  6. Select “Groups” from the panel to the right.

  7. Search for the ManualAutoPilot group

  8. Click on the ManualAutoPilot group to open up the options for that group

  9. We want to add the device that is enrolling to this group so you will select “Members”

  10. After selecting “Members” you should click the “+ Add Members”

  11. Search for the computer name or Azure ID of the device you want to add to the group

  12. Click on the device and then click on the blue “Select” button

  13. You are ready to reset the device.

Reset the Device using Windows 10 Reset Options

  1. Clicking the start button you can search Reset this PC.

  2. Under Reset this PC, click Get started.

  3. Follow the instructions on the screen.

    1. You will want to “Remove Everything”

    2. Chose Local Reinstall when applicable

Enrollment - First Login To Assigned User

You do not need to assign the user account to any special group anymore

The user assigned to the device should be the first to login to the device

  1. After the device resets you will be at an Out Of Box Experience (OOBE). Select the following options:

    1. Yes - United Stations (Region)

    2. Yes - US (Keyboard Layout)

    3. Skip - Skips the setup for a second keyboard layout

    4. Accept - Accepts the Win 10 license

  2. You should see one of the following screens:

  3. For the first picture you will select “Set up for an organization”.

  4. The Assigned User will login with their @co.ssd.k12.mo.us user account.

  5. When you select "Next" it should go to the SSD Organizational sign in page

  6. The Assigned User will put in their SSD Password.

    The next screen should look like this:

  7. Device Setup will begin. The page with the three stages is called the "Enrollment Status Page" 

    1. Device Preparation - Hardware Checks, Network Check, Registering with Endpoint Manager, Joining Azure AD

    2. Device Setup - Computer/Computer Group based security, certificate and application installs/setup 

      1. A restart of the device may take place after this step

    3. There's a Privacy Setting screen that may appear next. Select "Accept"

    4. In some cases the system will present a generic Win 10 login screen

      1. The Assigned User will need to sign in with their @co.ssd.k12.mo.us account again

    5. User Setup - User/User Group based security, certificate and application installs/setup

    6. You should see a "Continue anyway" button at the bottom right of the screen. The User may select this to go into Windows 10.

      1. If this is selected there's still setup taking place that may cause the system to restart.

    7. The device will log into Windows 10 after completion if you did not chose the "Continue Anyway" button.

    8. There are some cases where a User may need to "Sign Out" and "Sign Back In" this is a normal operation linked to Credential Manager adding user authentication information.

Changing the Name of the Device

You will be working within Endpoint Manager. You can access Endpoint Manager through the Admin Tile in Office 365 or through this LINK.

  1. Once you’re in Endpoint Manager you will select “Devices”

  2. Select “Windows” as the platform

  3. Search for the device by its serial number. In most cases (as of July 2021) it’ll show up as Desktop-RANDOMSTUFF

  4. Select the device you’re working on. You should see a screen with the following information

  5. To change the name select the three “…”'s to find a “Rename Device” selection

  6. A new pane will open and you can type in SSD-SERIALNUMBER

  7. Select “Yes” for restart after if you are with the system otherwise leave this option as “no”

  8. If everything worked correctly you should see a Restart and Rename “Complete” Status in the device record

Add Device record to Autopilot via the ManualAutoPilot Group

  1. Only add the Device record when the name change has completed and Azure Active Directory and Endpoint Manager displays the correct name. If either name is wrong then sync has not completed between the two and the Autopilot profile will not work correctly

    1. Checking accuracy in Endpoint Manager - Under Devices → Windows you can search for the serial number of the device and see if the name is SSD-SERIALNUMBER

    2. Checking accuracy in Azure Active Directory - Under Devices you can search for SSD-SERIALNUMBER. Because we are a Hybrid AD setup you should see two records that match.

      1. If you see more than two you will need to stop and figure out where the rogue records came from.

      2. If you only see one record then the device’s name update has not sync’d with Azure.

  2. You will want to add the Endpoint Manager system to the ManualAutopilot group

  • No labels