LogoLogo
Get CIPPJoin Discord
  • ☕CIPP Documentation
  • 🦸Setup
    • Self Hosting Guide
      • Prerequisites
      • Installation
      • Run From Package Mode
      • Post-Install Configuration
      • Configuring Automatic Updates
      • Updating Versions
      • Migrating to Hosted CIPP
      • Self-hosted API Setup
    • Service Account Setup
      • GDAP's Importance in CIPP
      • Creating the CIPP Service Account
      • Conditional Access best practices
      • Recommended Roles
    • Configuring CIPP
      • Adding users to CIPP
      • Executing the SAM Setup Wizard
      • Tenant Onboarding
      • Adding Tenants & Consenting the CIPP-SAM Application
      • User Roles in CIPP
      • Adding a custom domain name
      • I want to manage my own tenant
    • Implementing CIPP
      • Recommended First Steps
      • Standards Setup
    • Resources
      • Professional Onboarding Services
      • Sponsor Quick Start
  • 🙋User Documentation
    • Shared Features
      • Menu Bar
        • Tenant Select
        • Display Mode
        • 🔍Search
        • Bookmarks
        • User Preferences
      • Table Features
      • Speed Dial
      • Keyboard Shortcuts
    • CIPP Dashboard
    • Identity Management
      • Administration
        • Users
          • Bulk Add
          • Invite Guest
          • Add User
          • View Individual User
            • Edit User
            • Exchange Settings
            • Compromise Remediation
            • Conditional Access
        • Risky Users
        • Groups
          • Add Group
          • Edit Group
        • Group Templates
          • Add Group Template
          • Deploy Group Templates
        • Devices
        • Deleted items
        • Roles
        • JIT Admin
          • Add JIT Admin
        • Offboarding Wizard
      • Reports
        • MFA Report
        • Inactive Users
        • Sign-in Report
        • AAD Connect Report
        • Risk Detections
    • Tenant Administration
      • Administration
        • Tenants
          • Edit Tenant
          • Tenant Groups
            • Add Tenant Group
            • Edit Tenant Group
        • Alert Configuration
          • Add Alert
        • Audit Logs
          • View Audit Log
        • Enterprise Applications
        • Secure Score
        • App Consent Requests
        • Authentication Methods
        • Partner Relationships
      • GDAP Management
        • Relationships
          • Relationship Summary
        • Role Mappings
          • Map GDAP Roles
        • Role Templates
          • Add Template
        • Invites
          • New Invite
        • Onboarding
        • Offboarding
      • Configuration Backup
        • Backups
          • Restore Configuration Backup
          • Add Configuration Backup Task
      • Standards
        • List Standards Templates
        • Add Standards Template
        • Compare Tenant to Standard
        • Best Practice Analyser
          • Best Practice Templates
          • Custom Reports
        • Domains Analyser
      • Conditional Access
        • CA Policies
          • Deploy CA Policies
        • CA Vacation Mode
          • Add Vacation Schedule
        • CA Templates
        • Named Locations
          • Add Named Location
      • Reports
        • License Report
        • Sherweb License Report
          • Add Subscription
        • Consented Applications
    • Security & Compliance
      • Incidents & Alerts
        • Incidents
        • Alerts
      • Defender
        • Defender Status
        • Defender Deployment
        • Vulnerabilities
      • Reports
        • Device Compliance
    • Intune
      • Applications
        • Applications
          • Add Application
            • Add MSP App
            • Add Store App
            • Add Choco App
            • Add Office App
        • Application Queue
      • Autopilot
        • Autopilot Devices
        • Add Autopilot Device
        • Profiles
          • Add Profile
        • Status Pages
        • Add Status Page
      • Device Management
        • Devices
        • Configuration Policies
        • Compliance Policies
        • Protection Policies
        • Apply Policy
        • Policy Templates
        • Scripts
      • Reports
        • Analytics Device Score
        • Work from Anywhere
    • Teams & SharePoint
      • OneDrive
      • SharePoint
        • Add Site
        • Bulk Add Sites
      • Teams
        • Teams
          • Add Team
        • Teams Activity
        • Business Voice
    • Email & Exchange
      • Administration
        • Mailboxes
          • Add Shared Mailbox
        • Deleted Mailboxes
        • Mailbox Rules
        • Contacts
          • Add Contact
          • Edit Contact
        • Quarantine
        • Tenant Allow/Block Lists
          • Add Entry
      • Transport
        • Transport Rules
          • Deploy Transport Rule Template
        • Transport Templates
        • Connectors
          • Deploy Connector Templates
        • Connector Templates
      • Spamfilter
        • Spamfilter
          • Deploy Spamfilter
        • Spamfilter Templates
        • Connection filter
          • Deploy Connection Filter
        • Connection filter templates
      • Resource Management
        • Rooms
          • Add Room
          • Edit Room
        • Room Lists
      • Reports
        • Mailbox Statistics
        • Mailbox Client Access Settings
        • Anti-Phishing Filters
        • Malware Filters
        • Safe Link Filters
        • Safe Attachment Filters
        • Shared Mailbox with Enabled Account
        • Global Address List
    • Tools
      • Tenant Tools
        • Graph Explorer
        • Application Approval
        • Tenant Lookup
        • IP Database
        • Individual Domain Check
      • Email Tools
        • Message Trace
        • Mailbox Restores
        • Message Viewer
      • Dark Web Tools
        • Tenant Breach Lookup
        • Breach Lookup
      • Template Library
      • Community Repositories
        • View Repository Templates
      • Scheduler
        • Add Job
    • CIPP
      • Application Settings
        • Permissions
        • Tenants
        • Backend
        • Notifications
        • Partner Webhooks
        • Licenses
        • CIPP Backup
        • Global Variables
      • Logbook
      • SAM Setup Wizard
      • Integrations
        • Integration Sync
        • CIPP-API
        • Sherweb
        • Gradient
        • Halo PSA Ticketing
        • NinjaOne
        • Hudu
        • Password Pusher
        • Have I Been Pwned?
        • Cloudflare
        • GitHub
      • Custom Data
        • Directory Extensions
          • Add Directory Extension
        • Schema Extensions
          • Add Schema Extension
        • Mappings
          • Add Mapping
          • Edit Mapping
      • Advanced
        • Super Admin
          • Tenant Mode
          • Function Offloading
          • Custom Roles
          • SAM App Roles
          • SAM App Permissions
        • Exchange Cmdlets
        • Timers
        • Table Maintenance
  • 📂Troubleshooting
    • Error codes
    • Troubleshooting instructions
      • Refreshing a Specific Tenant's Permissions via CPV API
    • Frequently Asked Questions
      • I got a "Potential Phishing page detected" alert. What do I do with that?
  • 🔐Security
    • CIPP Security and Compliance
      • Security Policy
      • Security reports
    • CIPP Community Vulnerability Disclosure Policy
  • 👩‍💻👩💻 Dev Documentation
    • CIPP Dev Guide
      • Setting Up for Local Development
      • Executing Local Development
      • Project Structure
      • Development Tips
      • CIPP v7 Developer Brief
    • Contributing to the Code
    • Contributing to the Documentation
  • ⚙️API Documentation
    • Setup & Authentication
    • Endpoints
  • 🧰MSP Adoption Toolkit
    • Building a CIPP Business Case
  • ☕Sip & CIPP
    • Conditional Access
    • Autopilot & Intune
  • CIPP New Interface Release Candidate 2 (rc2)
Powered by GitBook
On this page
  • Session Abstract
  • Learning Objectives

Was this helpful?

Edit on GitHub
Export as PDF
  1. Sip & CIPP

Autopilot & Intune

Dive deep into Autopilot: Enrollment methods, features, setup challenges, and key settings' impact using CIPP.

PreviousConditional AccessNextCIPP New Interface Release Candidate 2 (rc2)

Last updated 1 year ago

Was this helpful?

View the recording here:

Session Abstract

The second Sip & CIPP event provided an in-depth exploration of Microsoft Autopilot configurations within CIPP. This session offered valuable insights into balancing the use of CIPP with M365 functionalities, effectively managing Autopilot profiles, and the nuances of device addition methods. The event was capped off by an interactive Q&A session, addressing real-world challenges and sharing practical advice.

Learning Objectives

  1. Understand the integration and balance between CIPP and Microsoft 365 functionalities.

  2. Learn the methods and challenges of adding devices to Microsoft Autopilot.

  3. Gain insights into Autopilot profile management and user experience optimization.

  4. Explore practical solutions to common challenges in device setup and management.

Detailed Topic Coverage

Introduction to Microsoft Autopilot:

  • Comprehensive overview of Autopilot features, highlighting its complexity and scope.

  • Discussion on the importance and benefits of Autopilot in managing device deployment and configuration.

Device Addition Methods in Autopilot:

  • In-depth exploration of various methods for adding devices, including using product key IDs, manufactured device models, device serial numbers, and hardware hashes.

  • Insights into the challenges and nuances associated with each method, and how CIPP facilitates these processes.

Managing Autopilot Profiles:

  • Detailed discussion on the creation and management of Autopilot profiles for different deployment scenarios.

  • Coverage of Low Touch Installation (LTI) and Zero Touch Installation (ZTI) approaches, and their impact on the user experience.

  • Exploring the role of profiles in Device/User Experience Settings Page (ESP), and their significance in the overall setup process.

Integration with Microsoft 365:

  • Understanding the interplay between CIPP and Microsoft 365, focusing on how they complement each other in an IT environment.

  • Discussing specific features within Microsoft 365 that are crucial for Autopilot setups, like conditional access policies.

Practical Challenges and Solutions in Device Setup:

  • Addressing real-world challenges in device setup, including configuration issues, user-specific app installations, and troubleshooting common problems.

  • Sharing practical advice and solutions, backed by real-life examples and experiences.

Chat FAQ

Q: Can the Windows Product Key ID inclusion be random, and is it available on invoices?

A: Yes, the inclusion of the Windows Product Key ID can be random. Recent changes in CIPP allow identification of the tenant a device is registered to using this ID. The extent of manufacturer involvement varies, and this information may also be available on invoices.

Q: Is a temporary access pass recommended for installing user-specific apps?

A: Yes, a temporary access pass is advised for installing specific apps on individual users. However, the longevity of the pass affects the duration of the refresh token.

Q: Does the Temporary Access Pass work with hybrid AD join?

A: Temporary Access Pass works with hybrid AD join, but its use is generally discouraged in favor of AD sync and Intune. Hybrid Azure AD join is not recommended by Microsoft except for specific cutover situations.

Q: What are the alternatives if I don't want on-prem devices registered in Entra?

A: For alternatives to registering on-prem devices in Entra, the resource was referenced for more information.

Q: Can CIPP notify users when a temporary access pass is created?

A: No, CIPP currently does not have a feature to notify users when a temporary access pass is created. This functionality may be considered for future updates if there's enough demand.

Q: Is CIPP compatible with Immy.BOT for deploying user-specific configurations?

A: Yes, CIPP is compatible with Immy.BOT for rolling out user-specific configurations, and they can be used concurrently with Intune.

Q: Are there any issues with White Glove OBE differing between WiFi and LAN connections

A: No issues have been encountered with White Glove OBE between WiFi and LAN connections in the speaker's experience. Environment-specific factors might influence this.

Q: Will Autopilot profiles and status pages become part of CIPP standards?

A: Autopilot profiles and status pages can currently be deployed to all clients using the All Tenants option. Making them standard in CIPP depends on user interest, and feature requests are encouraged.

Q: Will CIPP replace Chocolatey with Winget?

A: No, CIPP currently offers both Chocolatey and Winget (called App Store Application within CIPP), with no plans for replacement.

Q: Does CIPP support M365 Multi-Geo configurations?

A: Yes, CIPP supports M365 Multi-Geo configurations without any known limitations.

Resources Shared
  • : In-depth information on Autopilot and Intune

  • Microsoft EMS Community: resources and community for Microsoft EMS.

  • Autopilot Hash CSV: A for Autopilot hash CSV by CIPP contributor rvdwegen.

  • : Detailed comparison and insights from WinAdmins.

  • : Information on Intune pricing and plans from Microsoft.

  • : Guide on deploying Windows Hello for Business in a cloud Kerberos trust scenario.

  • : Guidance on naming and structuring CA policies from the Azure Architecture Center.

☕
https://youtu.be/xNMSImgfQmQ
Hybrid AD Join vs AAD Join
Call4Cloud
YouTube
Discord
GitHub repository
Hybrid AD Join vs AAD Join
Microsoft Intune Plans and Pricing
Windows Hello for Business
Conditional Access Framework