Zero-Touch Deployment for PCs

Revision as of 18:32, 21 May 2020 by Thomas Hugo (talk | contribs)

What is Zero-Touch?

Zero-Touch deployment is a new method for provisioning College-issued, primary-user PC computers. This method of deployment replaces the need for an ITS staff member to prepare computers before they are deployed to the client. With Zero-Touch, a computer can be delivered directly to a client without ever needing to be physically handled by ITS.

How does it work?

Microsoft has a pair of programs, Autopilot and Intune, which allow organizations to register devices to automatically receive software and policies over the internet. When a registered computer is turned on for the first time, it checks Microsoft's Autopilot servers to determine any intial settings to apply. Middlebury machines then provide a streamlined Out of Box Experience (OOBE) and prompt for Middlebury user credentials. 

These credentials are used to join the device to our authentication domain (Azure Active Directory) as well as enroll it in Intune, our Mobile Device Management (MDM) service. Intune will install required software (such as Antivirus) and enforce essential policies (such as drive encryption). It will also install the "Company Portal", providing a streamlined interface for optional software you may want installed (such as Firefox, Zoom, or Office 365).

Deployment Steps:

You will go through a customized version of the Windows 10 "Out Of Box Experience". For the most part, this is simply a matter of getting your computer connected to the internet, clicking "Next" multiple times and logging in with your Middlebury email address and password. Here are the steps and screens you can expect to see.