Using Windows Autopilot to deploy PCs in the middle of a pandemic

A year ago, who would have thought that so many people would still be working from home because of COVID-19? That a pandemic response would lead to such a huge impact on the way we live? That we’d be having discussions about the future role of the office?

Lots of things changed in 2020. Some of them may never change back.

Changes to PC operating system deployment methods

There is a saying (attributed to the Greek philosopher, Heraclitus) that the one constant in life is change…

Over nearly 30 years working in IT, I’ve worked on a lot of PC rollouts. And the technology keeps on changing:

  • Back in 1994, I was using Laplink software with parallel cables (so much faster than serial connections) to push Windows for Workgroups 3.11 onto PCs for the UK Ministry of Defence.
  • In 2001, Ghost (which by then had been purchased by Norton) was the way to do it. Working with a a Microsoft partner called Conchango, my team at Polo Ralph Lauren rolled out 4000 new and rebuilt PCs. We did this across 8 European countries, supporting languages and PC hardware types with just two images.
  • By 2005, I was working for Conchango and using early versions of the Microsoft Business Desktop Deployment (BDD) solution accelerator to push standard operating environment (SOE) images to PCs for a UK retail and hospitality company.
  • By 2007, BDD had become Microsoft Deployment. Later, that was absorbed into System Center Configuration Manager.

After this, the PC deployment stuff gets a bit fuzzy. My career had moved in a different direction and, these days, I’m less worried about the detail (I have subject matter experts to rely on). My concerns are around the practicalities of meeting business requirements by making appropriate technology selections.

Which brings me back to the current day.

A set of business requirements

Imagine it’s early 2021 and you’re faced with this set of requirements:

  • Must deploy new Windows 10 PCs to a significant proportion of the business’ staff.
  • Must comply with UK restrictions and guidance in relation to the COVID-19 novel coronavirus.
  • Should follow Microsoft’s current recommended practice.
  • Must maintain compliance with all company standards for security and for information management. In particular, must not impact the company’s existing ISO 27001, ISO 9001 or Cyber Essentials Plus certifications.
  • Should not involve significant administrative overhead.

A solution, built around Windows Autopilot

The good news is that this is all possible. And it’s really straightforward to achieve using a combination of Microsoft technologies.

  • Azure Active Directory provides a universal identity platform, including conditional access, multifactor authentication.
  • Windows Autopilot takes a standard Windows 10 image (no need for customised “gold builds”) and applies appropriate policies to configure and secure it in accordance with organisational requirements. It does this by working with other Microsoft Endpoint Manager (MEM) components, like Intune.
  • OneDrive keeps user profile data backed up to the cloud, with common folders redirected so they remain synced, regardless of the PC being used.

What does it look like?

My colleague, Thom McKiernan (@ThomMcK), created a great unboxing video of his experience, opening up and getting started with his Surface Pro 7+:

(I tried to do the same with my Surface Laptop 3 but unboxing videos are clearly not my thing.)

Why does this matter?

The important thing for me is not the tech. It’s the impact that this had on our business. To be clear:

We deployed new PCs to staff, during a national lockdown, without the IT department touching a single PC.

For me, it took around 10 minutes from opening the box to sitting at a usable desktop with Microsoft Teams and Edge. (What else do you need to work in 2021?)

That would have been unthinkable a few years ago.

It seems that, on an almost daily basis, I talk to clients who are struggling with technology to allow staff to work from home. It always seems to come back to legacy VPNs or virtual desktop “solutions” that are holding the IT department back.

So, if you’re looking at how your organisation manages its end user device deployments, I recommend taking a look at Windows Autopilot. Perhaps you’re already licensed for Microsoft 365, in which case you have the tools. And, if you need some help to get it all working, well, you know who to ask…

[This is an edited version of a post that was originally published at markwilson.it]

About the author