This article provides an overview of new features which have been added to NHSmail Intune recently in order to enhance user experience and / or the security of the platform. This article will be updated periodically as and when additional new features are added.
Autopilot Manufacturer Provisioning:
Autopilot Manufacturer Provisioning is now available to organisations on the Intune platform, that use Dell and Insight devices.
This means that organisations can import new devices that have been procured from the OEM (original equipment manufacturer).
Desktops and Laptops can be provisioned for:
- Microsoft Surface
- LENOVO
- HP
- DELL
- AUSUS
- ACER
Note:
In up-coming releases, further vendors/manufacturers will become supported by the Autopilot provisioning process.
To request a new OEM/VAR vendor to be added to support your organisation, please raise a service request to the NHSmail Intune team.
Key Changes for organisations
Autopilot Pre-Provisioning, formerly known as ‘white glove’, is a process that helps organisations provision devices by using a custom preinstalled OEM Image. The provisioning process is split between the OEM and the end user. The end user completes a few necessary settings and policies and can begin using their device. The time-consuming tasks can be actioned by IT, partners, or OEMs.
From the Local Admin perspective, the only interaction required from the end user is to connect to a network and verify their credentials. Everything beyond that is automated.
From the user’s perspective, it only takes a few simple operations to make their device ready for use.
What is the process for pre-provisioning a device?
When you purchase devices from an OEM, that OEM can automatically register the devices with the Windows Autopilot. Reference information to provide to your OEM for Autopilot registration, can be found here
Device Requirements:
- The Device Hardware OEM or VAR must be registered on the NHSmail Intune tenant. Please check with the NHSmail Intune team to validate that your manufacturer or VAR is supported.
- A supported version of Windows 11 or Windows 10 semi-annual channel is required to use Windows Autopilot.
Note:
Azure-AD Join deployment profiles are supported (Hybrid Join via Autopilot is not supported on the NHSmail Intune instance).
Note:
Existing devices can also quickly prepare a new user with Windows Autopilot Reset. The Reset capability is also useful in break/fix scenarios to bring a device back to a readiness state quickly.
Supporting guidance is available in the NHSmail Intune LA Operations Guide, here.
Google zero-touch
Zero-touch enrolment is a streamlined process for Android devices to be provisioned for enterprise management. On the first boot, devices check to see if they’ve been assigned an enterprise configuration. If so, the device starts the fully managed device provisioning method and downloads the correct device policy controller app, which then completes the setup of the managed device.
Google zero-touch is supported in Intune for corporate-owned, fully managed user devices and corporate-owned dedicated devices.
Pre-requisites:
To use zero-touch enrolment, the following requirements must be met:
- A device running Android Pie (9.0) or later, a compatible device running Android Oreo (8.0), or a Pixel phone with Android Nougat (7.0) purchase from a reseller partner.
- A zero-touch account created by an authorized zero-touch reseller partner
Devices eligible for zero-touch enrolment need to be purchased directly from an enterprise reseller or Google partner and not through a consumer store.
What if my device reseller is not an authorised zero-touch reseller?
You can request your device reseller to register for the Android Enterprise Partner Program where they can then apply to become a zero-touch reseller.
Take a look at the LA ops guide for more details on Google zero-touch, here.
