At the beginning of the pandemic many enterprise workers did not have the equipment they needed to work from home and this led organizations to purchase new devices for their employees but unfortunately it proved difficult to set them up remotely using Windows Autopilot.
Up until now, provisioning new devices into an existing Azure Active Directory (AD) environment required that the devices themselves be connected to to an organization’s network in order to complete the process. At the office, this would have been simple but while working remotely, organization’s couldn’t set up new devices for their employees.
Microsoft has now removed this restriction and enterprise organizations can now send new devices directly to end users who can set them up on their own. However, businesses will need to leverage a Win32-based VPN client to do so.
Provisioning new devices
In order to provision new Windows devices remotely, a new “Skip AD connectivity check” option has been added to the Windows Autopilot Hybrid Azure AD Join profile.
When enabled, a device will go through the entire provisioning process up to the point where a user needs to sign into Windows for the first time without needing any corporate network connectivity.
As part of device enrollment status page (ESP) tracking, Windows Autopilot and Intune can ensure that the needed VPN configuration to sign onto a company’s corporate network remotely is put in place before a user needs to sign in. However, depending on the VPN client’s capabilities, this could be automatic or a user might have to initiate the connection before logging on directly from the Windows logon screen.
Being able to provision new devices quickly and add them to a company’s Azure Active Directory will make the whole process of working remotely easier for both employees as well as for IT admins.