Middlebury

Zero-Touch Deployment for PCs

Revision as of 16:55, 30 April 2020 by Thomas Hugo (talk | contribs)

What is Zero-Touch?

Zero-Touch deployment is a new method for provisioning College-issued, primary-user PC computers. This method of deployment replaces the need for an ITS staff member to prepare computers before they are deployed to the client. With Zero-Touch, a computer can be delivered directly to a client without ever needing to be physically handled by ITS.

How does it work?

Microsoft has a pair of programs, Autopilot and Intune, which allow organizations to register devices to automatically receive software and policies over the internet. When a registered computer is turned on for the first time, it checks Microsoft's Autopilot servers to determine any intial settings to apply. Middlebury machines then provide a streamlined Out of Box Experience (OOBE) and prompt for Middlebury user credentials. 

These credentials are used to join the device to our authentication domain (Azure Active Directory) as well as enroll it in Intune, our Mobile Device Management (MDM) service. Intune will install required software (such as Antivirus) and enforce essential policies (such as drive encryption). It will also install the "Company Portal", providing a streamlined interface for optional software you may want installed (such as Firefox, Zoom, or Office 365).

Deployment Steps:

In process...