Maintaining business as usual while IT workers are at home can be challenging, but with some innovative solutions it doesn’t need to be: Sam Newman, Managing Director of OGEL IT LTD explains how
A common challenge for our customers recently has been how to provision new or replace faulty devices for staff working from home with no access to office locations to build and deploy devices on the network.
Innovative solutions for IT workers
The answer to this conundrum according to Microsoft is Autopilot; a collection of technologies to facilitate the configuration of devices sent directly from the manufacturer to end-user with only an active internet connection and an Azure AD user account for that out-of-box experience (OOBE). In our case, this has been partly true, we’ve been looking closely at Autopilot for the last few years waiting for the solution to mature to a level we feel comfortable with. “So is it ready?” I hear you ask, well, depending on your requirements the answer is now more frequently a ‘yes’ rather than ‘no’ or ‘not quite’.
For organisations with no Active Directory, strict security requirements and who haven’t invested in SCCM, it can be an excellent fit. All you need is an Office 365 tenant with a suitable license to manage the devices with Intune; Microsoft 365 Business, Microsoft 365 E3/5 or Enterprise Mobile & Security E3/5 to get started. It’s a cost-effective solution to provide organisations with a platform to enrol devices direct from the manufacturer, whilst maintaining configuration and control without the need to develop a gold image and deploy it to every device before sending to the end-user.
For those organisations still invested in on-premises or hosted management platforms, there are options to leverage Autopilot as an initial stepping stone to providing a full corporate-managed device using your on-premises Active Directory and SCCM infrastructure whilst providing the end-user with that nice OOBE they are looking for. Oh, and the added bonus is that they can rebuild their own device if they experience a fault from home at any time!
Microsoft has recently added the Hybrid Azure AD join functionality to Autopilot which does support on-premises Active Directory joins, but it doesn’t retain the self-service windows OOBE, it requires intervention from administrators and on-premises network connectivity to complete the process. We have found it is possible to replicate the desired user experience by leveraging Autopilot to handle some initial configuration of the devices after which we can establish a VPN connection to complete the domain join, registration with the desired software/endpoint management platforms and any other tasks usually completed within an office with network connectivity.
OGEL IT LTD solutions
Our solutions use a combination of Microsoft Autopilot and Fortinet FortiClient to enable our customers to ship devices direct to staff who turn the device on, the configuration process automatically starts and runs through until the users are prompted to login. Users are notified of what’s happening throughout the process until they complete their logon using their standard credentials. At this point, a secure VPN connection is established, and the device performs some final configuration to ensure the device operates like any other corporate device they are used to. Just as if your friendly deskside engineer has handed it over to you with all the software you need to be installed and ready to go!
Reference:https://www.openaccessgovernment.org/it-workers/100139/
