Secure devices remotely with Windows Autopilot in Microsoft Endpoint Manager

Published on April 20, 2022

Table of Contents

Many companies have shared their desires to continue working in a hybrid model. Google announced last year that their employees would primarily work three days in the office and two wherever they work best. At Experteq, we have taken a similar approach by allowing our staff to choose the days they come into the office and which days they work from home. As few people operate primarily out of the office, I continue seeing the need for solutions that manage all of these endpoints. Though we have solutions, such as Microsoft Intune, to monitor and protect the devices in our organisations, enrolling new devices from a distance has become a new imperative.

What is Windows Autopilot?

Windows Autopilot is a service that allows you to set up and manage new devices without any involvement from your IT department. It leverages cloud-based services to configure and enroll devices connected to your organisation. You can use Windows Autopilot to onboard, reset or restore, and update devices with the latest security and feature updates. It supports the entire device lifecycle, from initial deployment to ongoing management and eventual retirement. Windows Autopilot enables you to pre-configure and pre-deploy new Windows devices, getting them ready for use right out of the box. One of the great features of Windows Autopilot is no-touch enrollment. You can deploy Windows devices without IT coming into contact with the device or entering any information manually. No-touch enrollment is ideal for organisations with large numbers of devices, or for devices leveraged by people that work only work remotely. To get started with no-touch enrollment, you will need to create a device profile in the Microsoft Endpoint Manager admin centre. Your profile contains all the settings and configurations you want to apply to corporate devices. Once you have created the profile, you can assign it to any number of devices. When users turn on the device and connect it to the internet, they will automatically begin the enrollment process. Once enrollment is complete, the devices will be ready for use with all the settings and configurations you specified in your Microsoft Endpoint Manager profile. Each device that you want to leverage Windows Autopilot for will need the following requirements:
  • The Windows operating system preinstalled
  • Registered to your organisation
  • Internet connectivity
  • Microsoft Intune or another mobile device management service
  • Your organisation must have Azure Active Directory

Why you need remote device enrollment

Some people within your organisation may live close enough to visit the office when they need IT’s assistance. Others may dial in from locations further out. Even people who can visit the office may not always find it convenient. For this reason, you need a solution that supports remote device enrollment. In this case, it is not even wholly about your staff. Your IT department may be unable to physically enroll devices from the office as they might also operate from their home office. Furthermore, incorrectly deploying devices comes with a lot of risks, including:
  • Devices used for personal and corporate activities may not adhere to the company policies.
  • Devices that do not adhere to company policies put your data at risk.
  • Some users may have unnecessary access to sensitive files or documents.
Without remote device enrollment, you need to access each device to apply security policies, install updates, and configure settings. I am sure you agree this is a difficult and time-consuming exercise, especially considering the number devices in your organsiation.

How does a user enroll the device remotely?

Of course, not everyone in your team will be an IT expert with in-depth knowledge about setting up endpoint management. So, Microsoft’s endpoint management solutions provide a straightforward out-of-the-box set-up experience that requires very little from the user to initiate the enrolment process. When a user receives a brand new device, no one in the organisation will have handled it. Enrolling new users is as simple as ordering the devices you need, and the vendor delivers them to the users. Once users receive their device, they can complete the set-up in a few steps:
  • Register the device by creating an account with their name and email address.
  • Set up the device’s security with a password and two-factor authentication (2FA).
  • Connect the device to a Wi-Fi network so enrolment can begin and the user can start working.
When users receive their device, it will already have the Windows operating system and the business apps they need. The new device will also join the Azure Active Directory domain when the user first signs in to the account on their new device. Then, Windows Autopilot will automatically install policies and apps without the IT team ever needing to handle the device themselves. When a user no longer needs their device (such as when they leave the company), you can reset their device and prepare it for set up by another user. You can continue this cycle until the device reaches its end of life.

Experteq is your partner in remote device enrolment

You can no longer rely on in-office IT functions to enroll new devices to your endpoint manager. For this reason, remote and automatic enrolment via Microsoft Endpoint Manager is essential to the modern workplace. Experteq is your partner in remote enrolment. We ensure you have the devices you need and that you can ship them to end-users with automatic enrolment ready to go and your business apps pre-configured. Alongside Microsoft, our solutions deliver three pre-set user device profiles – standard, sensitive, and power – so you can customise settings for each person across your organisation. We understand the unique endpoint management needs of the healthcare, government and financial services industries. We can advise you on choosing a solution, implementing it for you and providing ongoing support. Visit our Data Security Management page for more on our capabilities.

Table of Contents

Viraj Joshi
Associate Product Manager
Related posts

Enter your details to subscribe

Get Experteq exclusive monthly thought leadership, insights, latest trends, and customer spotlights directly in your inbox.

Subscriber form

Please enter your details to download

Web download

Enjoy your read?

Subscribe and get Experteq exclusive monthly thought leadership, insights, latest trends, and customer spotlights directly in your inbox.

Subscriber form