elitego logo dark

EliteGo IT

How to Setup Windows Autopilot V1 in Microsoft Intune

Leave a Comment / Autopilot, Intune /

Autopilot automatically configures your laptops and computers with all the necessary software and settings. It even integrates with manufacturers like Dell, allowing you to order a brand-new device and have it shipped directly to the end user. When they receive the laptop, all they need to do is connect it to the internet, enter their Microsoft 365 username and password, and all the applications and settings will be applied. It’s seamless and efficient. You might think this sounds expensive, but it’s not. All you need is an Entra ID Plan 1 license. Or, if you follow my recommendation, a Microsoft 365 Business Premium license, which includes Autopilot. Support Platform Platform Supported Editions Windows 11 Pro Pro Education Pro for Workstations Enterprise Education Windows 10 Pro Pro Education Pro for Workstations Enterprise Education Now, let’s dive into the demo. First, we’ll prepare by creating Entra ID groups to organize the devices and look at company branding to personalise the experience. Sign in to the Entra Admin Center. Navigate to Devices > All devices > Device settings. Set Users may join devices to Microsoft Entra to All. For setting up device conditions, use the following query to filter Windows devices based on OS type and version: Copy code(device.deviceOSType -eq “Windows”) and ((device.deviceOSVersion -startsWith “10.0.1”) or (device.deviceOSVersion -startsWith “10.0.22”)) This filter applies to devices running Windows with OS versions starting with 10.0.1 or 10.0.22. Company branding settings allow you to customize the Out-of-Box Experience (OOBE) for users. You can display your company logo and tailor the colors to align with your organization’s theme, ensuring that users enrolling their devices feel connected to the correct organization. Sign in to the Entra Admin Center: Entra Admin Center. Navigate to User experiences > Company branding: Company Branding Settings. Edit the Default sign-in configuration and review all the tabs to adjust the user experience according to your needs. 4. Complete the Sign-in Form and click Review + save to finalize your settings. Create an Autopilot Deployment Profile The next step is to create an Autopilot deployment profile, which customizes the Out-of-Box Experience (OOBE) and deployment mode for end users. This profile controls how devices are configured when users first power them on. You can create up to 350 deployment profiles in a single Intune tenant. To create an Autopilot deployment profile, follow these steps: Sign in to the Intune Admin Center. Navigate to Devices > Windows > Windows enrollment > Deployment Profiles. Click on Create Profile at the top. Select Windows PC as the profile type. Enter a profile name (e.g., “Sales Department Profile”) and click Next. Configure the Out-of-Box Experience (OOBE) settings: Deployment mode: Choose between User-driven or Self-deploying. For most cases, selecting User-driven means the user will enter their credentials during setup. Join to Microsoft Entra ID: Choose Microsoft Entra joined to automatically join devices to your Entra ID. If you’re in a hybrid environment, you can select Hybrid Azure AD Join instead. Microsoft Software Licensing Terms and Privacy Settings: Choose whether to Hide these during setup for a smoother user experience. User account type: Set to Standard to prevent users from having administrative rights on their devices. Allow pre-provisioned deployment: You can choose No to skip this step, or Yes if you want to pre-configure devices. Region and language settings: Choose the appropriate region (e.g., English United Status) to ensure the device’s region matches your needs. Device template name: Set a naming convention for your devices (e.g., Autopilot-XXX, where “XXX” is a random string of numbers). Assign groups: Add the groups you created earlier to the profile, and select any groups you want to exclude if necessary. Click Next and then Create to finalize the deployment profile. Once created, you can go back to Devices > Windows and refresh the device list to check the profile assignment status. It may take a few minutes for the profile to be assigned. Add Hardware Hash to Intune It’s time to load the hardware hashes into Intune. A hardware hash is a unique identifier for each laptop or computer. If you’re purchasing devices directly from manufacturers like Dell, you can set up a relationship with them to provide the hardware hashes of the devices you’re buying, which can then be loaded into Intune. There are a couple of ways to add hardware hashes into Intune. The first method is through a PowerShell script that generates a CSV file containing the hardware hash, stored on your C drive. You can then navigate to the folder and view the hardware hash of the computer you’re working on. For the Demo i just using powershell ISE but you can use powershell administrator only  PowerShellCopy [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 New-Item -Type Directory -Path “C:HWID” Set-Location -Path “C:HWID” $env:Path += “;C:Program FilesWindowsPowerShellScripts” Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv Once you have the hardware hash, you need to upload it to Intune via the Microsoft 365 Admin Center. In Endpoint Manager, go to Devices, then Device Onboarding and Enrollment, and navigate to Windows Autopilot. You can import the hardware hash CSV file here, and after a few minutes, your device will appear in Intune. Its another way to upload the Hardware Hash  Directly upload the hardware hash to an MDM service Directly uploading the hardware hash to an MDM service such as Microsoft Intune can be done on any device, but it’s especially useful for a device currently undergoing Windows Setup and OOBE. To directly upload the hardware hash for a device: On a device that is: Currently undergoing Windows Setup and OOBE: At the sign-in prompt after OOBE starts, open a command prompt window with the keystroke Shift+F10. In the command prompt window that opens, start PowerShell by running the following command: Windows Command PromptCopy powershell.exe Already undergone Windows Setup and OOBE: Sign into the device. Open an elevated Windows PowerShell prompt. At the PS PowerShell command prompt, run the following PowerShell commands: PowerShellCopy [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo -Force Get-WindowsAutopilotInfo -Online If prompted to do so, agree to

How to Setup Windows Autopilot V1 in Microsoft Intune Read More »

How to Deploy Custom Wallpapers via Intune Using a Win32 Package

Leave a Comment / Intune /

Customizing wallpapers and lock screens on company devices can significantly enhance your brand presence and ensure a consistent visual experience across your organization. For enterprises with Windows Enterprise licenses, this customization is straightforward using Intune’s Settings Catalog or local Group Policy Objects (GPOs). However, companies using Microsoft 365 Business Premium licenses face some limitations as these customizations aren’t directly available. Thankfully, there’s an effective workaround: deploying wallpapers using Win32 packages with Intune. This guide will walk you through the process of deploying custom wallpapers on Windows 10 and 11 devices using Intune and a prepared Win32 package. Why Use a Win32 Package? Using a Win32 package to set wallpapers offers several advantages: No Web Server Required: You can include your image files directly within the package, eliminating the need for external hosting. Flexibility: Easily update or change wallpapers by modifying the package. Control: Ensure that the wallpapers cannot be changed by end-users once deployed. Prerequisites Windows 10/11 Enterprise License: While this method can work on devices without Enterprise licenses, advanced customization through Intune’s Settings Catalog requires Enterprise. Admin Access: To deploy apps via Intune, you need administrative privileges within your Microsoft Intune portal. Step-by-Step Guide 1. Prepare Your Wallpaper Package I’ve created a PowerShell script to automate wallpaper deployment. You can find the script in my GitHub repository. Here’s how to customize it: Include Your Images: Add your desired image files (JPG or PNG) to the package. Ensure they are named appropriately and placed in the “Wallpaper” folder. Modify the Script: Open Install.ps1 and update line 5 with the correct name of your wallpaper image. Follow the structure shown in the example folder images: Image-1: Folder structure Image-2: Data Folder Image-3: Install script Image-4: Uninstall script Image-1: Folder structure Image-2: Data Folder Change the install script wallpaper image name as your retirements Image-3: Install script Change the uninstall script wallpaper image name as your retirements Image-4: Uninstall script 2. Convert the Package to a Win32 App To deploy via Intune, you need to convert your package into an Intunewin file using the Microsoft Win32 Content Prep Tool. Follow these steps: Download the Tool: Obtain the latest Microsoft Win32 Content Prep Tool. Run the Tool: Open IntuneWinAppUtil.exe. Provide Paths: Source Folder: Point to your package folder. Setup File: Specify install.ps1. Output Folder: Choose where the .intunewin file will be saved. Command: IntuneWinAppUtil.exe -c “Source file” -s “install.ps1” -o “Output-Destination” Image-5 3. Upload the Win32 App to Intune Now, upload the generated .intunewin file to Intune: Navigate in Intune: Go to Intune > Apps > Windows apps > +Add. Configure Basic Information: Enter the app name, description, and publisher. These are mandatory fields. Program Settings: Installation Command: %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .install.ps1 Uninstallation Command: %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .uninstall.ps1 Set the installation behavior to “System”. 4. Define Requirements and Detection Rules Requirements: Ensure all target devices are compatible. Detection Rules: Upload the script install.ps1 to verify if the wallpaper is correctly applied. 5. Assign the App Skip dependencies and supersedence configurations. Assign the app to the desired groups in your organization. Further Steps Follow the Images below Action Command Install Command  %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .install.ps1 Uninstall Command %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .uninstall.ps1 Successfully Implemented!!!  Result in Windows 10 Result in Windows 11 Thumbs up and follow my Linkedin: https://www.linkedin.com/in/nnifan/

How to Deploy Custom Wallpapers via Intune Using a Win32 Package Read More »

Use Case Scenario – Device Exclusion from Intune Policy

Leave a Comment / Intune /

Today, I faced a request involving a policy that was applied broadly across the organization to all devices. One user needed to be excluded from this policy. In this post, I’ll walk you through how I resolved the issue. The initial request was regarding a user who was unable to change the screen sleep settings, which were managed by an Intune policy. Because of this policy, users were unable to make any changes to the power management settings on their devices (refer to Image-1). Image-1: Screen Sleep Settings Managed by Intune Policy This policy controls power management settings, preventing users from changing computer and display settings on their own (refer to Image-2). Image-2: Power Management Settings We can’t simply edit this policy to exclude a device; instead, we need to use a feature called Filters. Filters allow us to target specific devices or exclude them from certain policies (refer to Image-3). Image-3: Using Filters in Intune Steps to Exclude a Device from an Intune Policy Using Filters Create a filter Sign in to the Intune admin center. Select Tenant administration > Filters > Create. Select Managed devices Image-4 Image-4: Creating a Filter in Intune 2. Define Filter Properties In the Basics section, enter the following details: – Filter name: Enter a descriptive name for the filter. For example, “Windows OS Version Filter”. – Description: Enter a description for the filter. This step is optional but recommended. – Platform: Choose the appropriate platform, such as Windows 10 and later (refer to Image-5). Image-5: Selecting the Platform 3. Create a Rule for the Filter In the Rules section, you can create a rule using the rule builder or manually entering the rule syntax. Using the Rule Builder: – And/Or: After adding an expression, you can expand it using “and” or “or”. – Property: Select a property for your rule, such as device or operating system SKU. – Operator: Choose an operator, like “equals” or “contains”. – Value: Enter the value for the expression. For example, enter 10.0.18362 for the OS version or “Microsoft” for the manufacturer. – Click Add expression after setting the property, operator, and value (refer to Image-6). Image-6: Rule Builder in Intune Using Rule Syntax: – You can also manually enter the rule expression in the rule syntax editor. Select Edit in the Rule Syntax section (refer to Image-7). Image-7: Rule Syntax Editor – The expression builder will open. Manually enter expressions, such as (device.osVersion -eq “10.0.18362”) and (device.manufacturer -eq “Microsoft”) (refer to Image-8). Image-8: Manual Rule Expression Image-9 4. Apply the Filter to the Policy After creating the filter, go to the Power Management Policy and edit it to include the newly created filter (refer to Image-10). Image-10: Adding the Filter to the Policy 5. Sync the Policy on the Device Go back to the device and sync the policy to apply the changes (refer to Image-11). Image-11: Syncing the Policy on the Device 6. Verify the Policy Update After the policy update, verify that the exclusion has been successfully applied (refer to Image-12). Image-12: Policy Update Verification I hope this guide helps you understand the process of excluding a device from an Intune policy using filters. Let me know if you have any questions 🙂

Use Case Scenario – Device Exclusion from Intune Policy Read More »

How to Connect a Server or PC to a Domain Controller Using PowerShell

Leave a Comment / Uncategorized /

PowerShell offers a powerful and efficient way to manage your Active Directory domain. One key task is adding new servers and PCs to the domain. This blog post will guide you through the process of using PowerShell to seamlessly integrate machines into your domain structure. Prerequisites: A computer with Windows PowerShell (run powershell -version to check) Local administrator privileges on the machine you’re joining Domain administrator credentials (or an account with privileges to join machines) Joining the Domain: We’ll use the Add-Computer cmdlet to perform the domain join. Here’s the basic syntax: PowerShell Add-Computer -DomainName <domain_name> -Credential <domain_credentials> Replace <domain_name> with the actual name of your domain (e.g., contoso.com). Replace <domain_credentials> with the username and password of a domain account authorized to join machines. An alternative is to use a PSCredential object created with Get-Credential. Here’s an example with a prompt for credentials: PowerShell Add-Computer -DomainName contoso.com -Credential Adding a Restart and Specifying an OU (Optional): Use the -Restart parameter to automatically restart the machine after a successful join (recommended for most cases). To place the joined computer in a specific Organizational Unit (OU) within your domain structure, use the -OUPath parameter followed by the OU path (e.g., -OUPath “OU=Sales,DC=contoso,DC=com”). Example with Restart and OU Placement: PowerShell Add-Computer -DomainName contoso.com -Credential (Get-Credential) -Restart -OUPath “OU=Sales,DC=contoso,DC=com” Remote Domain Joins (For Administrators): PowerShell can also join remote computers to the domain. This requires enabling Remote Powershell (PSRemoting) on the target machines. Here’s the syntax with the -ComputerName parameter specifying the remote machine: PowerShell Add-Computer -DomainName contoso.com -Credential (Get-Credential) -ComputerName “server01” Success and Beyond! Once you run the Add-Computer cmdlet with the appropriate parameters, PowerShell will handle the domain join process. Upon successful completion, the machine will be integrated into your Active Directory domain. Remember: It’s important to use a domain account with sufficient permissions to join machines. Double-check the domain name, credentials, and OU path (if applicable) for any typos. For remote joins, ensure PSRemoting is enabled on the target machines. By leveraging PowerShell’s Add-Computer cmdlet, you can streamline domain joins and efficiently manage your network infrastructure. For further exploration, refer to Microsoft’s documentation on Add-Computer https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/add-computer?view=powershell-5.1 for more advanced options and troubleshooting tips. Happy automating!

How to Connect a Server or PC to a Domain Controller Using PowerShell Read More »

A Beginner’s Guide to Microsoft’s Cloud Platform

Leave a Comment / Uncategorized /

  Ever heard of cloud computing but feeling a bit lost? Intrigued by Microsoft’s Azure but unsure where to start? You’re not alone! Azure offers a vast range of tools, and navigating it can be daunting for beginners. But fear not, this guide will break down Azure’s core concepts into easy-to-understand terms. What is Azure? Imagine a giant online toolbox filled with resources for building and running anything from simple websites to complex applications. That’s essentially Azure. It’s a cloud computing platform developed by Microsoft that lets you access a broad selection of services – storage, compute power, databases, and more – all delivered over the internet. Why Use Azure? There are several reasons why Azure is a popular choice: Scalability: Need more processing power for your website during peak traffic? With Azure, you can easily scale resources up or down as needed, keeping costs in check. Flexibility: Azure offers a wide range of services, so you can choose only what you need for your project, from building mobile apps to analyzing data. Security: Microsoft prioritizes security, and Azure benefits from their expertise. Your data is stored securely in Microsoft’s data centers. Cost-Effectiveness: With Azure’s pay-as-you-go model, you only pay for the resources you use, making it a budget-friendly option for businesses of all sizes. Getting Started with Azure Microsoft offers a free Azure account with a credit limit, allowing you to experiment with various services without upfront costs. Here’s a roadmap to get you started: Create a Free Account: Head over to Microsoft Azure’s website and sign up for a free trial. Explore Services: Azure offers a wide range of services. Start by exploring categories like compute, storage, databases, and web. Tutorials and Documentation: Microsoft provides excellent tutorials and documentation to guide you through using Azure services. Beyond the Basics As you become more comfortable with Azure, you can delve deeper into its vast capabilities. Here are some exciting possibilities: Build Web Apps: Develop and deploy web applications of all shapes and sizes using Azure’s App Service. Data Analytics: Harness the power of Azure’s data analytics tools to gain insights from your data and make informed decisions. Artificial Intelligence: Azure offers AI and machine learning services to add intelligence to your applications. Conclusion Azure is a powerful cloud platform that can empower businesses of all sizes. With its user-friendly interface, free trial, and extensive resources, it’s an excellent choice for beginners. So, take the plunge, explore Azure, and unlock the potential of cloud computing for your projects!

A Beginner’s Guide to Microsoft’s Cloud Platform Read More »

Unlocking the Potential of Azure: A Roadmap for Success

Leave a Comment / Uncategorized /

Ahoy, cloud adventurers! Today, we’re setting sail on a voyage of discovery through the azure seas of Microsoft Azure. Whether you’re a seasoned captain or a fresh-faced deckhand, there’s always something new to explore in this vast ocean of possibilities. So batten down the hatches and prepare to embark on a journey to unlock the true potential of Azure! First mate on deck: What exactly is Azure, and why should you care? Well, my friend, Azure is more than just a cloud platform – it’s a gateway to innovation and transformation. With Azure, you can harness the power of the cloud to build, deploy, and manage applications with ease. From virtual machines to AI and machine learning services, Azure offers a treasure trove of tools to help you navigate the ever-changing seas of technology. But how do you chart a course for success in Azure? Fear not, fellow sailors, for I have a roadmap to guide you on your journey.  Step 1: Set Sail with Azure Fundamentals Every great journey begins with a single step, and in Azure’s case, that step is mastering the fundamentals. Start by familiarizing yourself with the core concepts of Azure, including virtual machines, storage, and networking. Dive into the Azure Portal and explore its myriad features, from resource creation to monitoring and management. Step 2: Navigate the Azure Ecosystem Once you’ve got the basics down, it’s time to set your sights on the wider Azure ecosystem. Explore the diverse array of services and solutions available, from AI and machine learning to IoT and blockchain. Whether you’re building a web application, analyzing big data, or deploying a mobile app, Azure has the tools you need to succeed. Step 3: Embrace Continuous Learning The world of technology is constantly evolving, and Azure is no exception. Stay ahead of the curve by embracing a culture of continuous learning. Dive into Azure’s extensive documentation, enroll in online courses and certifications, and connect with fellow sailors in the Azure community. By staying curious and adaptable, you’ll be well-equipped to navigate the azure seas of Azure. Step 4: Chart Your Course for Success With the wind at your back and the stars as your guide, it’s time to chart your course for success in Azure. Whether you’re a developer building innovative applications, an IT professional managing complex infrastructure, or a business leader driving digital transformation, Azure offers endless opportunities to achieve your goals. So there you have it, fellow adventurers – a roadmap for unlocking the potential of Azure. Whether you’re embarking on your maiden voyage or setting sail for new horizons, Azure is your faithful companion on the journey ahead. So raise the anchor, unfurl the sails, and set course for the azure skies of Microsoft Azure. Fair winds and following seas await!

Unlocking the Potential of Azure: A Roadmap for Success Read More »

Partner with Us for Comprehensive IT
 

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Whatsapp us at: +94 777 64 62 11
Your benefits:
  • Client-oriented
  • Independent
  • Competent
  • Results-driven
  • Problem-solving
  • Transparent
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Schedule a Free Consultation

Your Trusted Partner for IT Support, Freelancing, and On-Demand Solutions

Facebook-f X-twitter Linkedin

Service

Managed IT Services

Cloud Solutions

Web Development & Support

Remote IT Support

Useful Links

Terms of Service

Privacy Policy

Disclosures

Colombo, Sri Lanka

[email protected]

+94 76 77 27 137

© 2024 EliteGo IT. All rights reserved.

Get A Quote
Get A Quote