Deploy Intune
      Back to home
      1. Sittadel Knowledge Base
      2. Deploy Intune

      Windows Personal Device Out-of-Box Onboarding

      This guide will provide background information on the onboarding process for a Windows Personal Device utilizing Autopilot to Intune join.

      What is Onboarding?

      When we refer to the term onboarding, what we really mean is joining the device to our tenant so that we can manage it. We need to be able to manage devices not to see user’s files, actions, or information, but to push down security policy to protect them. When a device is onboarded, it means we can manage the device in these ways along with disabling them or pushing actions to them.

      Corporate vs Personal Devices

      With so many people working from home, it is become commonplace for users to use whichever computer they like to access company resources. While certainly convenient, it is creating a huge problem for organizations that want to keep their data secure and devices managed. These devices may also be referred to as “BYOD”, or “Bring Your Own Device”. Bearing this in mind, if a computer wishes to access company resources as an internal user – whether the device is corporate owned or not – the device must be onboarded.

      Personal Devices

      Personal devices are seen as those devices which are not provided/owned by the organization. When a device is not owned by the organization, certain security policies will not be applied to allow the users to still retain ownership of their devices. However, this does not absolve them of the critical security policy that must be applied to all computers, whether personal or corporate. The organization will determine in which situations a user should be allowed to use a personal device, and access into the tenant may be removed at any time, along with de-joining the device from being managed by the organization. The organization and user may determine if wiping the device is appropriate to clear any lingering security policy or company data.

      Corporate Devices

      Corporate devices are seen as those devices which are provided/owned by the organization. These devices fall under the full control of the organization and are secured with methodology that reflects this. The same critical security policies are applied, along with additional security to help the organization protect its assets and data to a more comprehensive level. These devices will also call out to the organization when reset, and will prevent outside organizations from being signed in on them via Autopilot.

      When a device is converted to a corporate device, if the account currently signed in is not that corporate account, then the new corporate account will need to be signed in to. This means a transfer of information from the current profile to the new one may be required, with the prepended OneDrive sign in steps helping to ensure the easy transfer of essential information contained in the Desktop, Documents, and Pictures folders. Most programs and applications should transfer with the switch. If a complete profile transfer must occur, such as windows settings or local bookmarks, we recommend getting in touch with the IT provider and determining if a tool such as User Profile Wizard would be appropriate.

      What to do if you need Help

      While we’ve tried to make this onboarding as simple as possible sometimes you might have a question, or you may encounter an error. When you were sent this document, you may have noticed the Security Essentials Enrollment Assistance document that was also included. When you run into any trouble with the enrollment process, you can use this document to get assistance and hopefully keep the onboarding going smoothly.

      Onboarding Flowchart

      Onboard Using Autopilot (Pro)

      1. Step through the basic setup, such as connecting to Wi-Fi. From there, enter the organization username. From there, follow any prompts and the setup will complete automatically.
      2. Once the device is fully setup, check that the device is onboarded as a personal device according to the steps in the “Identify a Personal Device” section.

      Onboard a New Device as Personal (Pro)

      1. With the un-setup device, proceed through basic setup until this screen is reached. (Note: In some cases, this will not show, and if it shows the step 2 screen before showing this screen, simply proceed to step 2.) Select the “Set up for an organization” option.
      2. From there, sign in with the organization email address and password as outlined below. All further setup will be completed automatically. [Note: if any errors occur at this step, retry at least 1 time before contacting support.]
      3. Once the device is fully setup, check that the device is onboarded as a personal device according to the steps in the “Identify a Personal Device” section.

      You're Finished!

      You should have successfully onboarded your Windows device as a personal or corporate device, this will allow you to get all of the security features and app deployment packages offered by your organization through the Intune management agent. For any other problems or questions, reach out to us!