Middlebury

Difference between revisions of "Zero-Touch Deployment for PCs"

Line 1: Line 1:
  
=== <span style="font-size:larger;">'''What is Zero-Touch?'''</span> ===
+
=== <span style="font-size:larger">'''What is Zero-Touch?'''</span> ===
  
 
Zero-Touch deployment is a new method for provisioning College-issued, primary-user&nbsp;PC computers. This method of deployment replaces&nbsp;the need for an ITS staff member&nbsp;to prepare computers before they are deployed to the client. With Zero-Touch, a computer can be delivered directly to a client without ever needing to be physically handled by ITS.
 
Zero-Touch deployment is a new method for provisioning College-issued, primary-user&nbsp;PC computers. This method of deployment replaces&nbsp;the need for an ITS staff member&nbsp;to prepare computers before they are deployed to the client. With Zero-Touch, a computer can be delivered directly to a client without ever needing to be physically handled by ITS.
  
=== <span style="font-size:larger;">'''How does it work?'''</span> ===
+
=== <span style="font-size:larger">'''How does it work?'''</span> ===
  
 
Microsoft has a pair of programs,&nbsp;Autopilot and Intune, which allow&nbsp;organizations to register devices to automatically receive software and policies over the internet.&nbsp;When a registered computer is turned on for the first time, it checks Microsoft's Autopilot servers to determine any intial settings to apply. Middlebury machines then provide a streamlined Out of Box Experience (OOBE) and prompt&nbsp;for Middlebury user credentials.&nbsp;
 
Microsoft has a pair of programs,&nbsp;Autopilot and Intune, which allow&nbsp;organizations to register devices to automatically receive software and policies over the internet.&nbsp;When a registered computer is turned on for the first time, it checks Microsoft's Autopilot servers to determine any intial settings to apply. Middlebury machines then provide a streamlined Out of Box Experience (OOBE) and prompt&nbsp;for Middlebury user credentials.&nbsp;
Line 10: Line 10:
 
These credentials are used to join the device to our authentication domain (Azure Active Directory) as well as enroll it in Intune, our Mobile Device Management (MDM) service. Intune will install required software (such as Antivirus) and enforce essential policies (such as drive encryption). It will also install the "Company Portal", providing a streamlined interface for optional software you may want installed (such as Firefox, Zoom,&nbsp;Office 365, etc...).
 
These credentials are used to join the device to our authentication domain (Azure Active Directory) as well as enroll it in Intune, our Mobile Device Management (MDM) service. Intune will install required software (such as Antivirus) and enforce essential policies (such as drive encryption). It will also install the "Company Portal", providing a streamlined interface for optional software you may want installed (such as Firefox, Zoom,&nbsp;Office 365, etc...).
  
 +
&nbsp;
  
 +
&nbsp;
  
 
+
=== <span style="font-size:larger">'''Deployment Steps:'''</span> ===
=== <span style="font-size:larger;">'''Deployment Steps:'''</span> ===
 
  
 
You will go through a customized version of the Windows 10 "Out Of Box Experience". If you have purchased and setup your own Windows PC, most of this will look familiar.&nbsp;For the most part, this is simply a matter of getting your computer connected to the internet, clicking "Next" multiple times and logging in with your Middlebury email address and password. Here are the steps and screens you can expect to see.
 
You will go through a customized version of the Windows 10 "Out Of Box Experience". If you have purchased and setup your own Windows PC, most of this will look familiar.&nbsp;For the most part, this is simply a matter of getting your computer connected to the internet, clicking "Next" multiple times and logging in with your Middlebury email address and password. Here are the steps and screens you can expect to see.
Line 31: Line 32:
 
#Your computer will now automatically install settings from Middlebury. This can take between 5-25 minutes depending on your internet speeds. The computer will reboot once or twice during this phase while it installs essential apps like Antivirus and OneDrive.<br/> [[File:AutopilotSetup-12.jpg|400px|AutopilotSetup-12.jpg]]<br/> [[File:AutopilotSetup-13.jpg|400px|AutopilotSetup-13.jpg]]<br/> [[File:AutopilotSetup-14.jpg|400px|AutopilotSetup-14.jpg]]  
 
#Your computer will now automatically install settings from Middlebury. This can take between 5-25 minutes depending on your internet speeds. The computer will reboot once or twice during this phase while it installs essential apps like Antivirus and OneDrive.<br/> [[File:AutopilotSetup-12.jpg|400px|AutopilotSetup-12.jpg]]<br/> [[File:AutopilotSetup-13.jpg|400px|AutopilotSetup-13.jpg]]<br/> [[File:AutopilotSetup-14.jpg|400px|AutopilotSetup-14.jpg]]  
 
#Login, allow initial account setup to complete, and complete the MFA prompt a second time if you are off-campus. The MFA prompt will not appear if you are connected to the Middlebury campus network.<br/> [[File:AutopilotSetup-15.jpg|400px|AutopilotSetup-15.jpg]]<br/> [[File:AutopilotSetup-16.jpg|400px|AutopilotSetup-16.jpg]]<br/> [[File:AutopilotSetup-17.jpg|400px|AutopilotSetup-17.jpg]]  
 
#Login, allow initial account setup to complete, and complete the MFA prompt a second time if you are off-campus. The MFA prompt will not appear if you are connected to the Middlebury campus network.<br/> [[File:AutopilotSetup-15.jpg|400px|AutopilotSetup-15.jpg]]<br/> [[File:AutopilotSetup-16.jpg|400px|AutopilotSetup-16.jpg]]<br/> [[File:AutopilotSetup-17.jpg|400px|AutopilotSetup-17.jpg]]  
#It will now show the setup screen again while it installs user specific applications and settings. You may click “Continue anyway” to go straight to the desktop while this happens.<br/> [[File:AutopilotSetup-18.jpg|400px|AutopilotSetup-18.jpg]]  
+
#It will now show the setup screen again while it installs user specific applications and settings. Unless the computer is connected to the Middlebury Ethernet or wireless networks during setup, you should NOT click “Continue anyway”, as there may be another sign in request prompt (and that will not appear once you are logged in).<br/> [[File:AutopilotSetup-18.jpg|400px|AutopilotSetup-18.jpg]]  
 
#You are now logged in and ready to access Middlebury apps and other resources. You may install your preferred browser and other apps now.<br/> [[File:AutopilotSetup-19.jpg|400px|AutopilotSetup-19.jpg]]  
 
#You are now logged in and ready to access Middlebury apps and other resources. You may install your preferred browser and other apps now.<br/> [[File:AutopilotSetup-19.jpg|400px|AutopilotSetup-19.jpg]]  
 
#To access the “Company Portal” for many Middlebury provided apps, go to the start menu and click on “Company Portal”. You can also search in the taskbar search field.[[File:Company Portal in Start.png|400px|Company Portal in Start.png]]  
 
#To access the “Company Portal” for many Middlebury provided apps, go to the start menu and click on “Company Portal”. You can also search in the taskbar search field.[[File:Company Portal in Start.png|400px|Company Portal in Start.png]]  

Revision as of 10:24, 27 July 2020

What is Zero-Touch?

Zero-Touch deployment is a new method for provisioning College-issued, primary-user PC computers. This method of deployment replaces the need for an ITS staff member to prepare computers before they are deployed to the client. With Zero-Touch, a computer can be delivered directly to a client without ever needing to be physically handled by ITS.

How does it work?

Microsoft has a pair of programs, Autopilot and Intune, which allow organizations to register devices to automatically receive software and policies over the internet. When a registered computer is turned on for the first time, it checks Microsoft's Autopilot servers to determine any intial settings to apply. Middlebury machines then provide a streamlined Out of Box Experience (OOBE) and prompt for Middlebury user credentials. 

These credentials are used to join the device to our authentication domain (Azure Active Directory) as well as enroll it in Intune, our Mobile Device Management (MDM) service. Intune will install required software (such as Antivirus) and enforce essential policies (such as drive encryption). It will also install the "Company Portal", providing a streamlined interface for optional software you may want installed (such as Firefox, Zoom, Office 365, etc...).

 

 

Deployment Steps:

You will go through a customized version of the Windows 10 "Out Of Box Experience". If you have purchased and setup your own Windows PC, most of this will look familiar. For the most part, this is simply a matter of getting your computer connected to the internet, clicking "Next" multiple times and logging in with your Middlebury email address and password. Here are the steps and screens you can expect to see.

First, unbox and plug your computer into a wall power outlet. Connect directly to your network via an ethernet cable if possible and power on the computer.

  1. Choose the region. This defaults to the United States, so you can simply press "enter" or click "Yes".
    AutopilotSetup-1.jpg
  2. Choose your keyboard layout. This defaults to a US keyboard, so you can simply press "enter" or click "Yes".
    AutopilotSetup-2.jpg
  3. Unless needed, skip adding a second keyboard layout.
    AutopilotSetup-3.jpg
  4. A hard-wired ethernet connection is best, but you are welcome to connect via WiFi if that is the only internet connection available.
    AutopilotSetup-4.jpg
    AutopilotSetup-5.jpg
  5. Once connected, confirm you want to allow network discovery (click yes).
    AutopilotSetup-6.jpg
  6. Click “Next” after the connection is complete.
    AutopilotSetup-7.jpg
  7. The computer will reboot.
    AutopilotSetup-8.jpg
  8. Enter your Middlebury email address (complete with “@middlebury.edu”). This setup phase links your computer to Middlebury resources and makes you a local administrator.
    AutopilotSetup-9.jpg
  9. Enter your Middlebury password.
    AutopilotSetup-10.jpg
  10. Complete the MFA (multi-factor authentication) process if you are off-campus. This step will not happen if you are connected to the Middlebury campus network.
    AutopilotSetup-11.jpg
  11. Your computer will now automatically install settings from Middlebury. This can take between 5-25 minutes depending on your internet speeds. The computer will reboot once or twice during this phase while it installs essential apps like Antivirus and OneDrive.
    AutopilotSetup-12.jpg
    AutopilotSetup-13.jpg
    AutopilotSetup-14.jpg
  12. Login, allow initial account setup to complete, and complete the MFA prompt a second time if you are off-campus. The MFA prompt will not appear if you are connected to the Middlebury campus network.
    AutopilotSetup-15.jpg
    AutopilotSetup-16.jpg
    AutopilotSetup-17.jpg
  13. It will now show the setup screen again while it installs user specific applications and settings. Unless the computer is connected to the Middlebury Ethernet or wireless networks during setup, you should NOT click “Continue anyway”, as there may be another sign in request prompt (and that will not appear once you are logged in).
    AutopilotSetup-18.jpg
  14. You are now logged in and ready to access Middlebury apps and other resources. You may install your preferred browser and other apps now.
    AutopilotSetup-19.jpg
  15. To access the “Company Portal” for many Middlebury provided apps, go to the start menu and click on “Company Portal”. You can also search in the taskbar search field.Company Portal in Start.png
  16. Here you can install apps like Microsoft Office, Pulse VPN, and Jabber.
    Company Portal.png

From here you can download and install whatever applications you need, including Zoom, third party browsers, or any other specialized software. We are constantly working on streamlining the process, so you can expect to find more apps present in the Company Portal over time.