Secure Storage MDM Enrollment
Zero-Touch deployment is a new method for provisioning College-issued, primary-user PC computers. This method of deployment replaces the need for an ITS staff member to prepare computers before they are deployed to the client. With Zero-Touch, a computer can be delivered directly to a client without ever needing to be physically handled by ITS.
How does it work?
Microsoft has a pair of programs, Autopilot and Intune, which allow organizations to register devices to automatically receive software and policies over the internet. When a registered computer is turned on for the first time, it checks Microsoft's Autopilot servers to determine any intial settings to apply. Middlebury machines then provide a streamlined Out of Box Experience (OOBE) and prompt for Middlebury user credentials.
These credentials are used to join the device to our authentication domain (Azure Active Directory) as well as enroll it in Intune, our Mobile Device Management (MDM) service. Intune will install required software (such as Antivirus) and enforce essential policies (such as drive encryption). It will also install the "Company Portal", providing a streamlined interface for optional software you may want installed (such as Firefox, Zoom, Office 365, etc...).
You will go through a customized version of the Windows 10 "Out Of Box Experience". If you have purchased and setup your own Windows PC, most of this will look familiar. For the most part, this is simply a matter of getting your computer connected to the internet, clicking "Next" multiple times and logging in with your Middlebury email address and password. Here are the steps and screens you can expect to see.
First, unbox and plug your computer into a wall power outlet. Connect directly to your network via an ethernet cable if possible and power on the computer. If you are connected to ethernet and the device is running the latest version of Windows, it will automatically go to step 8.
- MFA Note: the MFA prompts will not appear if you are performing setup on campus.
- Choose the region. This defaults to the United States, so you can simply press "enter" or click "Yes".
#Choose your keyboard layout. This defaults to a US keyboard, so you can simply press "enter" or click "Yes".
#Unless needed, skip adding a second keyboard layout.
#A hard-wired ethernet connection is best, but you are welcome to connect via WiFi if that is the only internet connection available.
#Once connected, confirm you want to allow network discovery (click yes).
#Click “Next” after the connection is complete.
#The computer will reboot.
#Enter your Middlebury email address (complete with “@middlebury.edu”). This setup phase links your computer to Middlebury resources and makes you a local administrator.
#Enter your Middlebury password.
#Complete the MFA (multi-factor authentication) process if you are off-campus. This step will not happen if you are connected to the Middlebury campus network.
#Your computer will now automatically install settings from Middlebury. This can take between 5-25 minutes depending on your internet speeds. The computer will reboot once or twice during this phase while it installs essential apps like Antivirus and OneDrive.
#Login, allow initial account setup to complete, and complete the MFA prompt a second time if you are off-campus. The MFA prompt will not appear if you are connected to the Middlebury campus network.
#It will now show the setup screen again while it installs user specific applications and settings. Unless the computer is connected to the Middlebury Ethernet or wireless networks during setup, you should NOT click “Continue anyway”, as there may be another sign in request prompt (and that will not appear once you are logged in).
#You are now logged in and ready to access Middlebury apps and other resources. You may install your preferred browser and other apps now.
#To access the “Company Portal” for many Middlebury provided apps, go to the start menu and click on “Company Portal”. You can also search in the taskbar search field.
#Here you can install apps like Microsoft Office, Pulse VPN, and Jabber.
From here you can download and install whatever applications you need, including Zoom, third party browsers, or any other specialized software. We are constantly working on streamlining the process, so you can expect to find more apps present in the Company Portal over time.