Modern Workplace Management - Build Endpoints without SCCM

The next phase of when it comes to Modern Workplace Management is the luxury of being able to not only provision endpoints into Intune, but to also be be able to build them using just Intune & AutoPilot....Only!

There are a lot of moving pieces to this structure, so this series will be split up into several parts which will take this solution from end to end to provide a template on how we would want to achieve this going forward.

But first lets analyse a few things, this first part will look through all of the ways in how we would normally provision and build our devices to give a better detailed look into how and why we use these types of scenarios.

Here we will drill into detail all of the current provisioning and building methods when going through the procurement of building endpoint devices, and how they compare to issues which you may face in the long run when it comes to the decision of making the transition fully into Intune/AutoPilot.

So SCCM is the most common and in a lot of cases the most recommended method when it comes to any form of provisioning devices. Some of the key benefits which are (not limited to)

• Wiping Devices of current setup
• Deployment of a new OS
• Relevant drivers for your model
• Mandatory scripts to connect to Endpoint Management Portal
• Add device to AutoPilot

Whilst this a great way, this method is very dependant on the fact that you would be utilising a base build image which would be deemed as a company standard image (gold/silver image). So the benefit of preparing all devices to follow this structure makes sense.

But its advantage can also be its disadvantage. For instance, if your future plans is to eventually manage all endpoints in Intune, then this method gives SCCM more of a justification that it cannot be retired from your provisioning process and this is where this would really need to be addressed.

Pulling down a sizeable image to deploy to a device can be very time consuming, especially when you take into account that after that it's still not fully complete until it goes through the AutoPilot process.

Very similar to the steps above, however in this case we are using Co-Management which allows your Windows 10 Endpoints to be managed with split affinity between SCCM and Intune.

So in addition whether this is done within your SCCM task sequence or in the AutoPilot application process you would have the SCCM client which would be installed to allow the ability for the device to be co-managed.

Again very similar to the scenario of the SCCM standalone method, however this has more of a complication of dependency. Co-Management is a brilliant way of having the best of both worlds, but it's also always seen as that middle ground for organisations that are more apprehensive on making the full transition into Intune. And this can be down to many many reasons which would go beyond the scope of this series.

Also to efficiently be able to allow devices to be co-managed in this way when having devices prepared in AutoPilot, you would potentially need to factor in how you would get your device in the SCCM environment to be part of the nominated group which is selected for Co-Management, as well as the nominated Azure AD Group which would also have the same selection.

Offline media is a good method when you don't want to utilise SCCM or other building tools such as MDT (Microsoft Deployment Toolkit) to provision your devices for you, and stick to provisioning devices without any other kind of dependency.

The offline media would essentially use a task sequence which you would have created with the tools mentioned earlier and then a local copy of this build would be accessible by removable media such as USB or CD/DVD (be amazed if you had this on CD!).

The real drawback in this case is probably more on the administrative effort to go this route.

If you have a deployment workbench or any kind of build room where preparing a lot of devices is the norm, then having a method which would require you to have a sufficient or even an equivalent amount of removable media to source every device for provisioning could be an absolute nightmare!

Not to mention you can also run into issues where the media itself is not recognized which leaves you being unable to build the device.

After analysing all of the scenarios there is a mixture of areas which can indeed be improved, and with the roadmap pointing towards a more modern workplace management, these are the times to at least be prepared or get prepared for what is going to happen next.

When we think of how imaging machines evolved it went from having a gold standard which had everything, then it turned into a hybrid setup where we would have a base build and simply inject everything.

But now we want to take it up a notch where instead of being able to wipe the entire machine to place another OS or any OS at that, we want to be able to provision and design, customize our standard whilst also prepping for the customers environment as well and this method can save a lot of time when it comes to this process.

We've all witnessed builds of this magnitude with gold images take sometimes up to 3 hours, and that can simply be mixture of the network when it comes to the PXE boot let alone the time it takes to apply the whole task sequence, and then the management of the device in Intune & AutoPilot hasn't even taken place yet.

The method which will be displayed within this series will plan out everything you need to save a lot of time and to no longer be dependant on any other toolset, which will open the doors as to how your organisation will work better in the future (hopefully :) ).

The next part of the series we will be going through the high level detail and design on how we would only build devices strictly within Intune & AutoPilot.

We will show how we make a transition from every single scenario explained above so that all areas are covered no matter what your current setup is like.