outdated technology
ALL INSIGHTS

Stop Provisioning Devices the Old- Fashioned Way

Share:

Microsoft first introduced Intune back in 2010, with modern Autopilot features and portal experience launched in 2017. So why is it that most organizations have still not taken advantage of these features and realized an end to end direct to user, zero touch experience for device deployment?

The most common reasons tend to be simple:

1. Lack of knowledge/documentation – many engineers, especially in larger more established organizations have been imaging laptops the same way for years. They often are not aware of the capabilities or if they are the configuration and testing seem too daunting. It doesn’t help that Microsoft if almost constantly releasing new features or tweaking the UI. While it is terrific to see new functionality released the associated documentation is often lacking or requires significant effort to locate.

2. It works fine now… “If it’s not broken don’t fix it” – This mantra can be the detriment of many organizations, but this reason comes up particularly often when discussing automated provisioning. The process works, new users get their equipment and there is little concern or interest in optimizing. This is unfortunate and short-sighted as this is often a significant opportunity for cost savings and efficiency within organizations. Zero touch deployment can reduce duplicate shipping costs, supplier configuration fees and labor costs for IT resources to image or complete setup.

3. It is too complex – this is often the case in large organizations with tens of thousands of devices. Taking the initial leap simply seems too complex – they may still have a hybrid AD setup or very diverse device/model types however, as with anything complex you begin by taking small bites or baby steps. By pursuing a zero-touch deployment model for new employees it can force or drive overall maturity. All new users can be setup right and ready for the new future.

preconfiguration device enrollment automated setup

What is zero-touch deployment anyway?

Zero-touch deployment is the method of utilizing the Microsoft Autopilot functionality to fully automate the entire new device provisioning process. Imagine everything from HR extending the offer letter to that resource reading their first email occurring without any manual interaction. This means that everything from notifying your equipment supplier to registering the device with Microsoft as well as configuring and customizing can be automated.

Why is this of interest?

1. Focus resources on more important projects – device provisioning is really a necessary evil. Automation and efficiency can free up your time, resources, and capital on transformational projects. If your current provisioning process includes imaging endpoints, maintaining a “golden image” or requires IT teams to login to a new device to complete setup – there is an opportunity to better utilize your team.

2. Cost savings – organizations can commit a significant amount of time, resources, and capital to their legacy device provisioning process. Whether an organization is having their desk side support team boot from a USB to image equipment or paying their supplier to image prior to shipment; there is a cost.

Unfortunately, many leaders do not understand the full cost to provision a new device for a user. In some cases, they may be paying their supplier to image the equipment, but still requiring the device to ship to a corporate location for additional set-up. In these situations, organizations are paying for 2-3 touches before the device even makes it to the intended end user.

3. Spark innovation and automation – with so many organizations already subscribing to M365 licenses for their users this zero-touch provisioning capability is something they already have access to and could configure at no additional cost. If your organization is not taking advantage of these included features, what other gaps exist in your organization? Often by taking on a zero-touch deployment model, it sparks innovation or automation in other areas.

For example, once all new devices are being registered by your provider in Intune you can integrate Intune with your ITSM or Asset Management platform to automate endpoint asset management. Once all the endpoints are in your ITSM system, you can associate to users and automatically present this information to your service desk or make it available to a chatbot to offer self-service automation. There truly is a snowball effect when it comes to automation.

4. Improve Security – it is still quite common to come across IT teams that have their deskside support logging in on behalf of a new user using pre-defined credentials such as Welcome1 . By utilizing Intune/Autopilot and Microsoft’s Self Service Password Reset (SSPR) functionality this can be done in a much more secure manor. Having new users use their mobile device to setup Multi-Factor Authentication (MFA) and login for the first time; all without having to share a pre-defined or standard password.

Another common security gap seen in legacy device deployment models is users not receiving the latest patches, software versions or security updates until fully authenticated and in some cases securely connected to VPN. This poses a security risk, particularly in our post-COVID world with so many resources working remotely. Utilizing Autopilot and the Out Of the Box Experience (OOBE) security patches and updates can be applied to the system prior to use ensuring all of the latest security controls are in place.

5. Improved Employee Experience – how many times are new employees waiting on equipment, or they have the device but do not have the correct software or access to hit the ground running? The power to improve your new employee experience with zero-touch deployment should not be overlooked. This is often the first experience a new employee has with an organization, making it quick, seamless, and successful for them sets the tone for the organization and will improve employee satisfaction.


Bottomline, if your current provisioning process includes imaging, maintaining a “golden image” or requires IT teams to login to a new laptop to complete setup…you’re living in the past. It’s time to stop provisioning devices the old-fashioned way.

Download Full Article