Takes the device back to a business- ready state by:
■ Removing personal files, apps, and settings
■ Reapplying a device’s original settings
■ Setting the region, language, and keyboard to the original values
■ Maintaining the device’s identity connection to Azure AD
■ Maintaining the device’s management connection to Intune
The Autopilot Reset process automatically keeps information from the existing device:
■ Wi- Fi connection details
■ Provisioning packages previously applied
■ A provisioning package present on a USB drive when the reset process is started
■ Azure AD device membership and MDM enrollment information
When Autopilot Reset is used on a device, the device’s primary user will be removed and the next person who signs in after the reset will become the new primary user.
Autopilot Reset does not support Hybrid Azure AD joined devices; a full device wipe will be required. Once a hybrid device goes through a full device reset, it may take up to 24 hours for it to be ready to be deployed.
Pre- provisioning
This was once referred to as the Autopilot White Glove feature, but it has been renamed to
Windows Autopilot for pre- provisioned deployment. The provisioning process is split with the time- consuming portions being done by the IT administrators, partners, or OEMs (this is called the technician flow). The end user just needs to perform a few necessary settings and policies and then they can begin using their device (this is called the user flow). Autopilot for pre- provisioned deployment supports two distinct scenarios:
User- Driven Deployments with Azure AD Join The device will be joined to an Azure AD tenant.
User- Driven Deployments with Hybrid Azure AD Join The device will be joined to an on- premises Active Directory domain and separately registered with Azure AD.
Each scenario consists of two parts: a technician flow and a user flow.
Support for Existing Devices
Autopilot for existing devices only supports user-d riven Azure AD and Hybrid Azure AD profiles. Self- deploying and pre- provisioning profiles are not supported.
Windows Autopilot Devices
Devices that have been registered with the Autopilot service are displayed in the Admin Center, as shown in Figure 14.1, under Devices ➢ Enroll Devices ➢ Windows Enrollment ➢ Windows Autopilot Deployment Program ➢ Devices.
![](https://sophiamaggie.com/wp-content/uploads/2024/07/1-11.png)
Devices that are listed in Intune under Devices ➢ Windows | Windows Devices are not the same as Windows Autopilot devices (Devices ➢ Enroll Devices ➢ Windows Enrollment ➢ Windows Autopilot Deployment Program | Devices).
Windows Autopilot devices are added to the list of Windows devices when both of the following are complete:
■ The Autopilot registration process is successful.
■ A licensed user has signed in on the device.
Planning for Secure Applications Data on Devices
AS YOU PLAN AND PREPARE THE SECURE APPLICATIONS DATA ON DEVICES, KEEP IN MIND THE FOLLOWING:
Configuring Managed Apps for Mobile
Application Management
Sometimes the assumption is made that MDM is the same as MAM. However, that is not necessarily the case. MDM is more about controlling devices whereas MAM is concerned with your company applications and data.
MAM is software that protects and enables you to control company applications on your end users’ devices. It allows you to apply and enforce policies on apps and limit the sharing of corporate data. It also allows you to separate corporate from personal data on these devices.
MAM Basics
Intune MAM refers to the suite of Intune management features that allow you to publish, push, configure, secure, monitor, and update mobile apps to your users. It allows you to manage and protect your company data within an application. Intune MAM supports two configurations:
Intune MDM + MAM You can manage apps using MAM on devices that are enrolled with Intune MDM. Users should use Intune in the Microsoft Endpoint Manager admin center.
Unenrolled Devices with MAM Managed Applications You can manage corporate data and accounts in apps using MAM on unenrolled devices or devices enrolled with third- party enterprise mobility management (EMM) providers. Users should use Intune in the Microsoft Endpoint Manager admin center.
Planning for Secure Applications Data on Devices
Most app- related information can be found in the Apps workload. You can find this by signing into the Microsoft Endpoint Manager admin center and selecting Apps. The apps workload provides links to access common app information and functionality. The top of the App workload navigation menu provides commonly used app details:
Overview Allows you to view the tenant name, MDM authority, tenant location, account status, app installation status, and app protection policy status.
All Apps Displays a list of all available apps and their statuses.
Monitor Apps There are a few options under this section:
App Licenses You can view, assign, and monitor volume-p urchased apps from the app stores.
Discovered Apps You can view apps that were assigned by Intune or installed on a device.
App Install Status You can view the status of an app assignment that you created.
App Protection Status You can view the status of an app protection policy for a selected user.
By Platform You can select these platforms to view the available apps by platform:
Windows, iOS, macOS, and Android.
Policy There are a few options under this section:
App Protection Policies Choose this option to associate settings with an app and help protect the company data it uses.
App Configuration Policies Choose this option to supply settings that might be required when a user runs an app.
iOS App Provisioning Profiles iOS apps include a provisioning profile and code that is signed by a certificate. When the certificate expires, the app can no longer be run. Intune gives you the tools to assign a new provisioning profile policy to devices that have apps that are nearing expiration.
S Mode Supplemental Policies Choose this option to authorize additional applications to run on your managed S mode devices.
Policies for Office apps Choose this option to create mobile app management policies for Office mobile apps that connect to Microsoft 365 services.
Policy Sets Choose this option to create an assignable collection of apps, policies, and other management objects that you have built.
Other There are a few options under this section:
App Selective Wipe Choose this option to remove only corporate data from a selected user’s device.
App Categories You can add, pin, and delete app category names.
E- books Some app stores give you the ability to purchase multiple licenses for an app or books that you want to use in your company.
Help and Support Choose this to troubleshoot, request support, or view Intune status.