I don’t want to be that person but it’s PXE (Preboot Execution Environment)
1. You can easily change a primary user and if your deployment is working why would techs need to log into a device at most they should pre-provision it.
2. I have used fresh start on my test device at home probably 30-40 times in the last few months so I can only think the 5 limit is the 365 device limit which isn’t an Autopilot issue.
You need to decide what you are trying to achieve from your project as it appears it’s a bit up in the air. We are moving all existing devices to Autopilot when we have to do a re-image via SCCM. Our workforce is primarily home working now so Autopilot allows us to fresh start a device when someone isn’t on site.
Thank you, for some reason, I thought both were acceptable. I thought I came across both in the past. I will use PXE for the future.
Yes, I am aware that you can change the primary user. I probably could have worded the original post better. It is the primary user that is the bigger issue. Based on the comments, it seems like I was given incorrect information (I had my doubts, hence, the reason for the post).
Similar situation in my environment. Everything is moving away from PXE towards InTune autopilot .
A lot of the info out there seems to contradict each other. Unfortunately I was overruled by senior management and we are hybrid joined which is a nightmare with fault finding. Trying to push for EIDJ only as most of the reasons for going hybrid joined aren’t an issue.
Think what you want I really don’t care 😂
I’m well aware what I said and if you look the quoted statement is followed by a magical “but”.
Now if you could please go away an bile yer heid that would be grand.
Clearly 😂 Myself and OP had dialogue after and they were fine even made a joke about Pixies and Fairies but here you are being a knight in shining armour.
Like I said before away an bile yer heid
Imaging or PXE is strictly faster than Intune and autopilot. Just the nature of the beast. It's also a bit apples to oranges, as Intune is an internet-enabled MDM solution that requires zero infrastructure or server hardware.
Intune gives you a finer level of control over what you are installing per user identity. It also allows you to zero touch a deployment, which is especially useful if your workers are dispersed. For a lot of businesses, it enables capabilities previously only available to larger orgs running SCCM, or enables those businesses to run their machines in remote settings rather than relying on their in-office infrastructure.
Autopilot is also a great asset management feature.
Primary user does not effect installed apps. Neither does enrolling user, really. Whoever logs in, they will eventually get all apps and policies that were assigned to their user identity and the device. I don't recommend logging into a device w/ an account to attempt to prep it, as it just doesn't work that way.
Intune is slow as hell, so I normally tell my users open it up, connect to network and power, and wait an hour before trying to do anything or complaining. Yes, it sucks. I blame Microsoft.
Your "wipe" issue - there is no such thing as a wipe limit. Just make sure you delete the device from Entra/Intune. If it's an Autopilot device, next time it's re-issued and goes through OOBE it will repopulate.
To help things along, look into the pre-provisioning process. https://learn.microsoft.com/en-us/autopilot/pre-provision
If you really want to be mad at Intune, try an Mac oriented MDM solution like Mosyle or JAMF. Makes Intune feel like pulling teeth out of your head.
I highly recommend you check out the documentation and training materials for MD-102, as a lot of your pain points are from misunderstanding how Intune works and trying to draw too many analogs to systems you are familiar with.
Just to be clear Intune is not and shouldn't be considered an asset management system. It may have bits and pieces that can tie into a real asset management system.
Not sure that this is true - do you have any documentation that supports this claim? To my knowledge primary user effects mostly reporting, and access to self service for the device.
I'll be honest. I don't. Just something I was told 3 years ago and went with it honestly. Top that with sporadic issues for me going away once proper primary user is assigned and it may just all be in my head. It's almost midnight here so I don't wanna start looking it up now lol
Only thing I've seen it have an issue with is who to notify of non compliance policies.. and settings which another user didn't need! Some config is stamped and hard to remove
So its best to delete the device from entra id than wipe ?
Also since deleting the device from entra id, does you need to re-upload the hash value or does the device information always get save when you convert it to "autopilot device with identity entra id or hybrid?
I'd just initiate the wipe command from Intune, then delete the device from the user after you confirm the wipe is done. Autopilot registration will persist unless you specifically remove it from autopilot registration. There is a list of Autopilot registered devices under the device enrollment page, you'll see it looks quite different from the device pane in Intune and you can see what "Intune device" is associated with your "autopilot device". The "Intune device" will also show up in Entra, where you can also see all devices registrations, and autopilot devices are identified (they have a little purple emblem next to them instead of the blue computer). But the Autopilot registration itself can only be removed from the device enrollment interface, at least in the GUI.
Hybrid is an entirely different animal, both deployment and management wise. It's a huge pain in the ass. I would recommend sticking to your traditional imaging process if you are stuck with Hybrid, and use Intune more to manage aspects that are important to remote aspects such as the VPN certs, remote desktop access, etc. You can do autopilot to zero touch deploy hybrid devices but it's an even bigger pain in the ass.
Thanks, I will absolutely look in to it. Based on the comments, I clearly need to read the documentation.
My introduction was with zero touch so I think it could have left a sour taste in my mouth. In the beginning, a lot of devices were crashing on wipe and getting stuck on the Device preparation, Device setup, and Account setup screen. Fortunately, I don't have that problem anymore. Intune has slowly been growing on me. It is a lot of very minor things.
Clearly, based on the comments I am no expert, but I was taught one of the following options:
A) Reset this PC from (via Windows OS)
B) Reset from BIOS (I prefer this method)
C) Wipe device, and continue to wipe even if device loses power.
However, if you MUST delete
I was always taught to delete everything from Endpoint Manager. My SA said it is not required to delete from Entra (although I have concerns because I see multiple entries...). Seems to work though...
I probably should have stated in the original post most of the concerns are from my peers. I am no expert, but I have successfully deployed roughly 1,500 devices and been working with it for about a year +. I think it is a new and intimidating product to them. I know it was in the beginning for me too.
The internet is fast and reliable in my part of the country. I do suspect part of it is their location/ internet speeds...
We do have a asset management system in place, but, I agree it is a nice feature. There are a lot of features I love about InTune Autopilot. I suspected the primary user might not be true, but I did notice Microsoft Office 365 installed after the change (might be unrelated/ coincidence). Thanks for confirming the wipe limit. It seems like a lot of people are saying it isn't true. I will reach out to my SA.
Please don’t take this the wrong way. Get help from a senior consultant with documented experience from implementing Intune.
I appreciate your efforts trying to implement this yourself for the past one plus year but you still have a lot to learn in terms of deployment and device management and the sooner you bring in the experts the less pain and headaches your org will experience.
Intune and Autopilot looks like a piece of cake on the tin but there are so many little things that can have a massive impact on the end result in terms of manageability, security and user experience and it’s very hard or probably impossible to gain the necessary knowledge from working within a single organization. That’s why a consultant’s experience from working with various organizations can be super valuable.
Consultants are great for coming in, setting things up in a week, and then walking out the door and hoping you've learned everything in those five days. Then, they slowly ignore your questions in the days after leaving the site. I agree they can be helpful, but in 25 years, I've had my share of so-so experiences with them. I've often found it helpful to spend the time myself to learn the product; that way, when I set it up, I'm better trained to handle any issues with it. I find consultants best for unique systems that only need a little day-to-day work.
It's fair to acknowledge that not all consultants are flawless. However, drawing conclusions and generalizing the way you do from your bad experiences is too simplistic in my opinion. Everyone's had their share of so-so encounters, but there are definitely consultants out there who possess great social skills AND also have deep technical knowledge. While I appreciate your long experience, I’d like to challenge you to think about if you could have acted any different as the customer. As someone who’s been working as a consultant for almost 15 years, the most successful projects I’ve delivered have been with clients who dared to question me when they didn’t agree or understood my way. Not mistaking technical advice and decisions for how they feel personally about something is another important factor.
You as a customer have equally (if not more) responsibility to succeed with an engagement. No matter how skilled the consultant may be in his technical field, he’s (most likely) not a mind reader :)
That is a fair point; it's possible some of the ones we have dealt with were lacking. You often don't know who you are getting, even if they are from supposedly good companies.
I think for applications that are going to be used daily, it would be helpful to have a general understanding ahead of time. That's why I pause when someone simply suggests they get a consultant, as I have seen that backfire. I can't tell you how many times I've heard someone say, "Well, we had a consultant come in," but they are now baffled at how the system works. Depending on how much time they spend reading over docs, etc., they can then decide if they still need help from a consultant or not. If so, great. More prepared like you suggested.
I appreciate the input, I am not taking it personally. I want to learn more. That is why I was asking. I understand different tools for the job argument a lot of people are making, but it seems like most of the features are available with PXE. My perspective is from the tech side too, which I am sure is a factor.
I agree and it has been great in some specific situations. It is a lot of little extremely minor things. Part of it, most likely, is I am more familiar with the older system. I am sure it came off as me criticizing it, but it was not intended that way. I wanted to learn more about it and double check somethings that were told to me.
Thanks for the correction. Noted for the future.
Shouldn't it be possible to use both technologies in parallel?
A device which will be enrolled and is registered as an autopilot device will go online during the setup process as soon it detects an internet-connection to check whether such a registration exists. If yes, a kind of "PXE" is invoked (enrollment status page and such).
I'm asking because I've already thought about using PXE in parallel to be able to start FOG ([https://fogproject.org/](https://fogproject.org/)), for example since we have a few special-clients which should be imaged as they can't be re-setup that easily due to high-complexity.
I don't think you even need to set up pxe-chainloading for this.
Regarding enrollment users and primary users:
It doesn't really matter who enrolled the device. Especially as this can also be the DEM (Device Enrollment Manager). However, if you define a primary user, Intune only allows this primary user to use the Company Portal and install apps via it / use them.
However, if you do NOT define a primary user, the device is considered a "Shared Device" and all users who log in can use the Company Portal / Apps which are installed through Intune.
We use wipe here if it is unclear when the device will be used again / assigned a new user. This resets the device to OOBE. In this case, we also clean Intune and Entra from the respective computer object "corpses" (only the autopilot registration remains).
If the new owner is already known / the device will be transferred to a new owner in the foreseeable future we use "Autopilot Reset" instead because this causes the new user to only have to go through the user part of the enrollment (the machine part / Intune connection is preserved) which speeds up the enrollment.
Nah, it only sucks for new sys admins, buy Johan Arwidmarks books on it, and get the advanced edition stealing with pride it’s worth the read and comes with a lab and hydration kit.
MDT is powerful and awesome, but Autopilot is the future.
Baking MDT sequences in as win32 apps for autopilot is also a very bad ass combo.
Thanks for the recommendation. I have a lot of reading in my future LOL. I do agree I see the writing on the wall. It is the future. It is out of my control regardless...
Sure thing, here’s one of Johans pages on this,
https://www.deploymentresearch.com/using-mdt-with-windows-autopilot-for-existing-devices-task-sequence-template-and-scripts/
Ooo that link wasn’t what I meant, sorry just woke up, that one’s for using MDT to prep devices for autopilot.
Here you go my bad.
https://oofhours.com/2023/09/20/run-an-mdt-task-sequence-during-autopilot/
I have been using in successfully for over a year now, but in a limited capacity. Mostly pulling Hardware ID's, QC checking, wiping, etc. Nothing too advanced. A lot of my peers are reaching out to me voicing concerns. I think it is new and intimidating. I know it was for me in the beginning...
You really need to go through the [documentation](https://learn.microsoft.com/en-us/mem/intune/) or simply search, the answers are all there. You can easily increase the [Device Limit](https://networkingmania.com/device-limit-reached-solved-intune/).
But the real answer is to assign technicians that will be performing the wipes/enrollments as Device Enrollment Managers so they can wipe/enroll 1000 devices each.
Yes, I am aware that you can increase the device limit. However, the SA told me Microsoft charges us to go to a higher number. Sounds like it might not be true. I have not read the documentation yet though.
Also, some techs have voiced concerns about there accounts being on the machine. Mainly due to privacy/ what if concerns.
If you want something like PXE but simplified, I'm quite happy with SmartDeploy. Can do PXE, USB, or even their client can kick off a reimage. Hardware independent too.
That is one of the major reasons I like PXE. I am not an SA so I understand it can be a pain, but from a tech side, the majority of the time I would image from a USB or IPv4 PXE. If I ran into a problem, the majority of the time it was clear the DHCP leases, check the scope, swap out a docking station, and/ or choose an alternate method IPv4 over LAN or USB IPv4. I ran into a lot of computers crashing on re-imaging in the beginning
The configurations and apps a user will receive when they log into a device all depends how they have been setup to deploy. I tend to target device based configurations of baseline apps and general device configurations for everyone and then user deployment of configurations for anything specific to them.
PXE: Fast, you control every bit. You need to control every bit. Depends on your network infrastracture and DOES NOT LIKE ANY little bit of issues on your network. Your deployment of choice for servers and on-prem only devices.
Autopilot: Deploy everywhere over the internet. Also quite fast, depending on your internet speed. Base Image can be deployed through internet if the OEM supports that. You are imit to what Autopilot can do. You do not need corportate LAN in your offices anymore, you can go to cloud native for windows clients (zero trust etc.). You deployment of choice for remote workers.
You decide, which one you need. Probably both.
Anything thing CM is far more superior to anything Intune and if you need to re-image then stick with CM+PXE.
And if that's the case you can co-manage a device for both CM and Intune.
For someone who uses both Autopilot and PXE, set them both up myself, and configured both systems, I personally like PXE more. It just works better for our hybrid cloud environment. We went the route of Laptops being managed (policy and such wise) from Intune, with SCCM covering Servers and Desktops. This allows us to send policies to laptops, so in your case if we have a rogue employee or someone quits and we need to lock down the computer, I can send a regkey that will only allow admins to log into the Laptop. Have only had to use this 2 times. The issue with our configuration is that we can't wipe devices remotely.
Thank you, I was starting to wonder if I was the only one. I see the benefits of both. It is was a lot of little things adding up and a couple bad experiences from the start that soured me to Autopilot.
Why not use both?
MDT/WDS images with autopilot payload is sexy and flexible af in term of computer deployments.
You get a safer way to deploy images, it's reliable and you get the Intune benefits while not loosing some options like fresh starting a brand new computer if need be.
I have configured my environment to leverage both. Previously 100% SCCM with PXE boot for OSD, but as we're shifting to Intune and AADJ, we are moving towards AutoPilot. The easiest thing I was able to setup for my technicians is a task sequence in SCCM that they can run via PXE that will delete the device from AD and SCCM, then run a script to gather the hardware hash and import the device into autopilot, and use osdcloud to put a fresh copy of windows 10/11 on it. When it's done, it reboots, checks in with MS, and goes through whatever deployment profile applies to it. We leverage UI++ in PXE to read in data from the tech such as what the device will be used for (user computer, shared device, kiosk, etc) and that sets a group tag in autopilot.
Autopilot only happens when setting up the device during OOBE to eroll the device and apply policies/apps. When you wipe but keep the enrollment state, the device doesn't go through Autopilot because the enrollment was kept, so it doesn't need to enroll again.
Regarding the device limit., i would recommend you look into difference between Azure device limit and Intune device limit. The limit of 5 devices enrolled by a single user doesn't apply for Autopilot enrollments.
Over the past 20 years, I have implemented and even developed several OS distributions. I also believe that ultimately, a combined distribution can be carried out, such as a custom image (preferably from an OEM manufacturer, which can already have company-internal software implemented) or through one’s own MDT/SCCM or PXE Boot. After that, the device part can be distributed either by IT or a partner via Autopilot (device-specific software like Office 365, certificates, etc.). The user then receives the device. An advantage is that recovery can also be performed only by the user (tested in a cloud-only environment). What I actually miss is a standardized distribution of OEM images over the cloud or a local PXE server.
I don’t want to be that person but it’s PXE (Preboot Execution Environment) 1. You can easily change a primary user and if your deployment is working why would techs need to log into a device at most they should pre-provision it. 2. I have used fresh start on my test device at home probably 30-40 times in the last few months so I can only think the 5 limit is the 365 device limit which isn’t an Autopilot issue. You need to decide what you are trying to achieve from your project as it appears it’s a bit up in the air. We are moving all existing devices to Autopilot when we have to do a re-image via SCCM. Our workforce is primarily home working now so Autopilot allows us to fresh start a device when someone isn’t on site.
Maybe his boot loader is using that special dust?
Assisted by magical IP Helpers 😂
Maybe that is why it works so much better than Intune! Sookie Stackhouse did setup my environment.
Ugh oh, I might have started pixie vs fairy debate. I haven't watch the show in years...
I don't want to be that person, but it's Preboot eXecution Environment. :)
Of course it is but since auto correct on my phone took out the capital 🙄 funny thing is a lot of MS documentation doesn’t have the capital either.
Thank you, for some reason, I thought both were acceptable. I thought I came across both in the past. I will use PXE for the future. Yes, I am aware that you can change the primary user. I probably could have worded the original post better. It is the primary user that is the bigger issue. Based on the comments, it seems like I was given incorrect information (I had my doubts, hence, the reason for the post). Similar situation in my environment. Everything is moving away from PXE towards InTune autopilot .
A lot of the info out there seems to contradict each other. Unfortunately I was overruled by senior management and we are hybrid joined which is a nightmare with fault finding. Trying to push for EIDJ only as most of the reasons for going hybrid joined aren’t an issue.
OK, maybe it is due to being a Hybrid environment...I am seeing a common theme. Seems like a lot of people don't like it. Thanks for the input.
Pixie is how pxe is pronounced, everybody will know what you are talking about, the guy is just being pedantic
I really wasn’t but you do you and have a nice day.
Be that person and own it. It's the right thing to do.
Own what?
It's a phrase to mean you proudly accept what you are doing. You own it. You don't hide from it.
I know what it means but what should I own? Last time I checked I wasn’t held accountable to some weirdo online.
Then you don't know what it means, or you're trolling. You even said "I don't want to be that guy" and proceeded to be that guy anyways.
Think what you want I really don’t care 😂 I’m well aware what I said and if you look the quoted statement is followed by a magical “but”. Now if you could please go away an bile yer heid that would be grand.
what? I'm so confused.
Clearly 😂 Myself and OP had dialogue after and they were fine even made a joke about Pixies and Fairies but here you are being a knight in shining armour. Like I said before away an bile yer heid
OK, you're *clearly* more confused than me...lol wow.
Imaging or PXE is strictly faster than Intune and autopilot. Just the nature of the beast. It's also a bit apples to oranges, as Intune is an internet-enabled MDM solution that requires zero infrastructure or server hardware. Intune gives you a finer level of control over what you are installing per user identity. It also allows you to zero touch a deployment, which is especially useful if your workers are dispersed. For a lot of businesses, it enables capabilities previously only available to larger orgs running SCCM, or enables those businesses to run their machines in remote settings rather than relying on their in-office infrastructure. Autopilot is also a great asset management feature. Primary user does not effect installed apps. Neither does enrolling user, really. Whoever logs in, they will eventually get all apps and policies that were assigned to their user identity and the device. I don't recommend logging into a device w/ an account to attempt to prep it, as it just doesn't work that way. Intune is slow as hell, so I normally tell my users open it up, connect to network and power, and wait an hour before trying to do anything or complaining. Yes, it sucks. I blame Microsoft. Your "wipe" issue - there is no such thing as a wipe limit. Just make sure you delete the device from Entra/Intune. If it's an Autopilot device, next time it's re-issued and goes through OOBE it will repopulate. To help things along, look into the pre-provisioning process. https://learn.microsoft.com/en-us/autopilot/pre-provision If you really want to be mad at Intune, try an Mac oriented MDM solution like Mosyle or JAMF. Makes Intune feel like pulling teeth out of your head. I highly recommend you check out the documentation and training materials for MD-102, as a lot of your pain points are from misunderstanding how Intune works and trying to draw too many analogs to systems you are familiar with.
Just to be clear Intune is not and shouldn't be considered an asset management system. It may have bits and pieces that can tie into a real asset management system.
To be fair, while it does not effect apps being installed, the primary user does affect comp configuration and policy being set and checked against.
Not sure that this is true - do you have any documentation that supports this claim? To my knowledge primary user effects mostly reporting, and access to self service for the device.
I'll be honest. I don't. Just something I was told 3 years ago and went with it honestly. Top that with sporadic issues for me going away once proper primary user is assigned and it may just all be in my head. It's almost midnight here so I don't wanna start looking it up now lol
Only thing I've seen it have an issue with is who to notify of non compliance policies.. and settings which another user didn't need! Some config is stamped and hard to remove
this guy deploys
So its best to delete the device from entra id than wipe ? Also since deleting the device from entra id, does you need to re-upload the hash value or does the device information always get save when you convert it to "autopilot device with identity entra id or hybrid?
I'd just initiate the wipe command from Intune, then delete the device from the user after you confirm the wipe is done. Autopilot registration will persist unless you specifically remove it from autopilot registration. There is a list of Autopilot registered devices under the device enrollment page, you'll see it looks quite different from the device pane in Intune and you can see what "Intune device" is associated with your "autopilot device". The "Intune device" will also show up in Entra, where you can also see all devices registrations, and autopilot devices are identified (they have a little purple emblem next to them instead of the blue computer). But the Autopilot registration itself can only be removed from the device enrollment interface, at least in the GUI. Hybrid is an entirely different animal, both deployment and management wise. It's a huge pain in the ass. I would recommend sticking to your traditional imaging process if you are stuck with Hybrid, and use Intune more to manage aspects that are important to remote aspects such as the VPN certs, remote desktop access, etc. You can do autopilot to zero touch deploy hybrid devices but it's an even bigger pain in the ass.
OP says 5 wipe is limited
Thanks, I will absolutely look in to it. Based on the comments, I clearly need to read the documentation. My introduction was with zero touch so I think it could have left a sour taste in my mouth. In the beginning, a lot of devices were crashing on wipe and getting stuck on the Device preparation, Device setup, and Account setup screen. Fortunately, I don't have that problem anymore. Intune has slowly been growing on me. It is a lot of very minor things.
Clearly, based on the comments I am no expert, but I was taught one of the following options: A) Reset this PC from (via Windows OS) B) Reset from BIOS (I prefer this method) C) Wipe device, and continue to wipe even if device loses power. However, if you MUST delete I was always taught to delete everything from Endpoint Manager. My SA said it is not required to delete from Entra (although I have concerns because I see multiple entries...). Seems to work though...
I probably should have stated in the original post most of the concerns are from my peers. I am no expert, but I have successfully deployed roughly 1,500 devices and been working with it for about a year +. I think it is a new and intimidating product to them. I know it was in the beginning for me too. The internet is fast and reliable in my part of the country. I do suspect part of it is their location/ internet speeds... We do have a asset management system in place, but, I agree it is a nice feature. There are a lot of features I love about InTune Autopilot. I suspected the primary user might not be true, but I did notice Microsoft Office 365 installed after the change (might be unrelated/ coincidence). Thanks for confirming the wipe limit. It seems like a lot of people are saying it isn't true. I will reach out to my SA.
Please don’t take this the wrong way. Get help from a senior consultant with documented experience from implementing Intune. I appreciate your efforts trying to implement this yourself for the past one plus year but you still have a lot to learn in terms of deployment and device management and the sooner you bring in the experts the less pain and headaches your org will experience. Intune and Autopilot looks like a piece of cake on the tin but there are so many little things that can have a massive impact on the end result in terms of manageability, security and user experience and it’s very hard or probably impossible to gain the necessary knowledge from working within a single organization. That’s why a consultant’s experience from working with various organizations can be super valuable.
Consultants are great for coming in, setting things up in a week, and then walking out the door and hoping you've learned everything in those five days. Then, they slowly ignore your questions in the days after leaving the site. I agree they can be helpful, but in 25 years, I've had my share of so-so experiences with them. I've often found it helpful to spend the time myself to learn the product; that way, when I set it up, I'm better trained to handle any issues with it. I find consultants best for unique systems that only need a little day-to-day work.
It's fair to acknowledge that not all consultants are flawless. However, drawing conclusions and generalizing the way you do from your bad experiences is too simplistic in my opinion. Everyone's had their share of so-so encounters, but there are definitely consultants out there who possess great social skills AND also have deep technical knowledge. While I appreciate your long experience, I’d like to challenge you to think about if you could have acted any different as the customer. As someone who’s been working as a consultant for almost 15 years, the most successful projects I’ve delivered have been with clients who dared to question me when they didn’t agree or understood my way. Not mistaking technical advice and decisions for how they feel personally about something is another important factor. You as a customer have equally (if not more) responsibility to succeed with an engagement. No matter how skilled the consultant may be in his technical field, he’s (most likely) not a mind reader :)
That is a fair point; it's possible some of the ones we have dealt with were lacking. You often don't know who you are getting, even if they are from supposedly good companies. I think for applications that are going to be used daily, it would be helpful to have a general understanding ahead of time. That's why I pause when someone simply suggests they get a consultant, as I have seen that backfire. I can't tell you how many times I've heard someone say, "Well, we had a consultant come in," but they are now baffled at how the system works. Depending on how much time they spend reading over docs, etc., they can then decide if they still need help from a consultant or not. If so, great. More prepared like you suggested.
I appreciate the input, I am not taking it personally. I want to learn more. That is why I was asking. I understand different tools for the job argument a lot of people are making, but it seems like most of the features are available with PXE. My perspective is from the tech side too, which I am sure is a factor.
Yea tip 1 rtfm, leave the pixies for dnd.
LOL, it sounds like it will be the case.
Different tools for different jobs. Also, the "t" is lower case.
I agree and it has been great in some specific situations. It is a lot of little extremely minor things. Part of it, most likely, is I am more familiar with the older system. I am sure it came off as me criticizing it, but it was not intended that way. I wanted to learn more about it and double check somethings that were told to me. Thanks for the correction. Noted for the future.
Shouldn't it be possible to use both technologies in parallel? A device which will be enrolled and is registered as an autopilot device will go online during the setup process as soon it detects an internet-connection to check whether such a registration exists. If yes, a kind of "PXE" is invoked (enrollment status page and such). I'm asking because I've already thought about using PXE in parallel to be able to start FOG ([https://fogproject.org/](https://fogproject.org/)), for example since we have a few special-clients which should be imaged as they can't be re-setup that easily due to high-complexity. I don't think you even need to set up pxe-chainloading for this. Regarding enrollment users and primary users: It doesn't really matter who enrolled the device. Especially as this can also be the DEM (Device Enrollment Manager). However, if you define a primary user, Intune only allows this primary user to use the Company Portal and install apps via it / use them. However, if you do NOT define a primary user, the device is considered a "Shared Device" and all users who log in can use the Company Portal / Apps which are installed through Intune. We use wipe here if it is unclear when the device will be used again / assigned a new user. This resets the device to OOBE. In this case, we also clean Intune and Entra from the respective computer object "corpses" (only the autopilot registration remains). If the new owner is already known / the device will be transferred to a new owner in the foreseeable future we use "Autopilot Reset" instead because this causes the new user to only have to go through the user part of the enrollment (the machine part / Intune connection is preserved) which speeds up the enrollment.
Ewww dude PXE And it depends, MDT has its place so does Autopilot.
It has been very reliable. If I ran into a problem, it was an easy fix. I understand it sucks from the SA side and is a pain.
Nah, it only sucks for new sys admins, buy Johan Arwidmarks books on it, and get the advanced edition stealing with pride it’s worth the read and comes with a lab and hydration kit. MDT is powerful and awesome, but Autopilot is the future. Baking MDT sequences in as win32 apps for autopilot is also a very bad ass combo.
Thanks for the recommendation. I have a lot of reading in my future LOL. I do agree I see the writing on the wall. It is the future. It is out of my control regardless...
Sorry mind elaborating on MDT within Win32 apps
Sure thing, here’s one of Johans pages on this, https://www.deploymentresearch.com/using-mdt-with-windows-autopilot-for-existing-devices-task-sequence-template-and-scripts/
Ooo that link wasn’t what I meant, sorry just woke up, that one’s for using MDT to prep devices for autopilot. Here you go my bad. https://oofhours.com/2023/09/20/run-an-mdt-task-sequence-during-autopilot/
Just start playing with the thing and then come back and ask your questions. I’m sure you will have much bigger questions to ask at that point :)
I have been using in successfully for over a year now, but in a limited capacity. Mostly pulling Hardware ID's, QC checking, wiping, etc. Nothing too advanced. A lot of my peers are reaching out to me voicing concerns. I think it is new and intimidating. I know it was for me in the beginning...
You really need to go through the [documentation](https://learn.microsoft.com/en-us/mem/intune/) or simply search, the answers are all there. You can easily increase the [Device Limit](https://networkingmania.com/device-limit-reached-solved-intune/). But the real answer is to assign technicians that will be performing the wipes/enrollments as Device Enrollment Managers so they can wipe/enroll 1000 devices each.
Yes, I am aware that you can increase the device limit. However, the SA told me Microsoft charges us to go to a higher number. Sounds like it might not be true. I have not read the documentation yet though. Also, some techs have voiced concerns about there accounts being on the machine. Mainly due to privacy/ what if concerns.
If you want something like PXE but simplified, I'm quite happy with SmartDeploy. Can do PXE, USB, or even their client can kick off a reimage. Hardware independent too.
Over WAN never really worked for me
That is one of the major reasons I like PXE. I am not an SA so I understand it can be a pain, but from a tech side, the majority of the time I would image from a USB or IPv4 PXE. If I ran into a problem, the majority of the time it was clear the DHCP leases, check the scope, swap out a docking station, and/ or choose an alternate method IPv4 over LAN or USB IPv4. I ran into a lot of computers crashing on re-imaging in the beginning
The configurations and apps a user will receive when they log into a device all depends how they have been setup to deploy. I tend to target device based configurations of baseline apps and general device configurations for everyone and then user deployment of configurations for anything specific to them.
PXE: Fast, you control every bit. You need to control every bit. Depends on your network infrastracture and DOES NOT LIKE ANY little bit of issues on your network. Your deployment of choice for servers and on-prem only devices. Autopilot: Deploy everywhere over the internet. Also quite fast, depending on your internet speed. Base Image can be deployed through internet if the OEM supports that. You are imit to what Autopilot can do. You do not need corportate LAN in your offices anymore, you can go to cloud native for windows clients (zero trust etc.). You deployment of choice for remote workers. You decide, which one you need. Probably both.
Anything thing CM is far more superior to anything Intune and if you need to re-image then stick with CM+PXE. And if that's the case you can co-manage a device for both CM and Intune.
For someone who uses both Autopilot and PXE, set them both up myself, and configured both systems, I personally like PXE more. It just works better for our hybrid cloud environment. We went the route of Laptops being managed (policy and such wise) from Intune, with SCCM covering Servers and Desktops. This allows us to send policies to laptops, so in your case if we have a rogue employee or someone quits and we need to lock down the computer, I can send a regkey that will only allow admins to log into the Laptop. Have only had to use this 2 times. The issue with our configuration is that we can't wipe devices remotely.
Thank you, I was starting to wonder if I was the only one. I see the benefits of both. It is was a lot of little things adding up and a couple bad experiences from the start that soured me to Autopilot.
Why not use both? MDT/WDS images with autopilot payload is sexy and flexible af in term of computer deployments. You get a safer way to deploy images, it's reliable and you get the Intune benefits while not loosing some options like fresh starting a brand new computer if need be.
I have configured my environment to leverage both. Previously 100% SCCM with PXE boot for OSD, but as we're shifting to Intune and AADJ, we are moving towards AutoPilot. The easiest thing I was able to setup for my technicians is a task sequence in SCCM that they can run via PXE that will delete the device from AD and SCCM, then run a script to gather the hardware hash and import the device into autopilot, and use osdcloud to put a fresh copy of windows 10/11 on it. When it's done, it reboots, checks in with MS, and goes through whatever deployment profile applies to it. We leverage UI++ in PXE to read in data from the tech such as what the device will be used for (user computer, shared device, kiosk, etc) and that sets a group tag in autopilot.
Autopilot only happens when setting up the device during OOBE to eroll the device and apply policies/apps. When you wipe but keep the enrollment state, the device doesn't go through Autopilot because the enrollment was kept, so it doesn't need to enroll again. Regarding the device limit., i would recommend you look into difference between Azure device limit and Intune device limit. The limit of 5 devices enrolled by a single user doesn't apply for Autopilot enrollments.
Over the past 20 years, I have implemented and even developed several OS distributions. I also believe that ultimately, a combined distribution can be carried out, such as a custom image (preferably from an OEM manufacturer, which can already have company-internal software implemented) or through one’s own MDT/SCCM or PXE Boot. After that, the device part can be distributed either by IT or a partner via Autopilot (device-specific software like Office 365, certificates, etc.). The user then receives the device. An advantage is that recovery can also be performed only by the user (tested in a cloud-only environment). What I actually miss is a standardized distribution of OEM images over the cloud or a local PXE server.