Windows Autopilot and Configuration Management Client Installation Methods

shockoMS 281 Reputation points
2023-07-28T20:40:55.0766667+00:00

I'm using Windows Autopilot to build my machines with AzureAD hybrid join. Currently as part of the ESP we deploy the configuration manager client and our VPN software (both Win32 apps) to them so we can get them co-managed ASAP.  We also do this in ESP as blocking apps to control the device availability to users until they are completed. Our implementation partner advised us to install the Configuration Manager client in this manner to speed up co-management.

 

Autopilot works (albeit slow at _ 60 mins).

I am confused though on whether or not adding the configuration manager client into the autopilot build in this manner is supported? Reading this (Co-manage internet-based devices - Configuration Manager | Microsoft Learn) it states:

 

You can't deploy the Configuration Manager client while provisioning a new computer in Windows Autopilot user-driven mode for hybrid Azure AD join. This limitation is due to the identity change of the device during the hybrid Azure AD-join process. Deploy the Configuration Manager client after the Autopilot process. For alternative options to install the client, see Client installation methods in Configuration Manager.

 

So reading this it seems what we are doing is invalid. So question 1:

 

  1. Is it incorrect/unsupported to install the configuration manager client as a Win32 app during autopilot (ESP or otherwise)?

Furthermore I read here (Co-manage internet-based devices - Configuration Manager | Microsoft Learn) that it appears there is no longer a need to to deploy configuration manager client as an app at all but it can simply be configured in it via Home -> Device -> Enroll Devices -> Windows Enrollment > Co-management Authority

 

You no longer need to create and assign an Intune app to install the Configuration Manager client. The Intune enrollment policy automatically installs the Configuration Manager client as a first-party app. The device gets the client content from the Configuration Manager cloud management gateway (CMG), so you don't need to provide and manage the client content in Intune.

 

 

Is this method only valid post autopilot?

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
497 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,526 questions
Microsoft Configuration Manager
{count} votes

1 answer

Sort by: Most helpful
  1. Gérald Döserich 765 Reputation points
    2023-07-28T20:47:47.6533333+00:00

    Yes, installation of the CM Agent is only supported after Autopilot has completed.

    Doing it during Autopilot may break Autopilot provisioning.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.