Windows 11 unattend OOBE to join Azure AD

Question

We are looking to purchase laptops for employees to take home that they will use to connect into work. We want to have these computers join Azure AD and be managed with Intune, rather than domain joined and managed with ConfigMgr. We have run the process with a test laptop by installing Windows 11 from the ISO and everything worked as expected. However, we need to be able to provision these devices, which will be handled by our support team, as they will not have Windows 11 preloaded on the computer from the OEM. My plan is to use an OS Deployment task sequence to install Windows 11 Enterprise or Pro, have a MAK key applied to it (we do not have Windows 365) and then on the first boot OOBE, go through the wizard to join the computer to Azure AD, as it did with our test computer. My problem is that when I create a task sequence to do such, the full OOBE does not run and it just comes up to an account logon screen. It doesn't ask to join Azure AD, domain, etc.
I am looking at the amd64_Microsoft-Windows-Shell-Setup_neutral OOBE options (Windows System Image Manager) but I am not finding an option to force the screen that provides the option to join Azure AD. Any idea how I can do this? Basically, we will have our support team join the computer to Azure AD, since they will have permissions to do that, and then users will be able to sign in using their Azure AD credentials. We also have some apps that will be pushed through Intune (MEM). Our Intune is configured to automatically enroll Azure AD joined devices. Thanks.

Answer 1

@BrandonM Thanks for reaching out.

Your scenario is a optimal situation for utilizing something like Intune Autopilot where you provision the Device with Intune policies and joining it to Azure AD followed by application and policy deployment from MS Intune.

You can push a Feature update policy from Intune to upgrade the devices to Windows 11, as long as the user are targeted with windows licenses SKU like M365 business, Enterprise E3 or E5 and few other SKU which provide this.

You can follow this article to explore more : https://www.prajwaldesai.com/upgrade-to-windows-11-using-intune/

-----------------------------------------------------------------------------------------------------------------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

@VipulSparsh-MSFT Thanks for your input. I am a bit familiar with Autopilot and it is something that we were thinking of looking into at some point, but as of know, I really have no understanding how to use it. It looks like you have to assign devices into it which may not be ideal for this project at this time since my desktop support team is not familiar with Intune at all. Unfortunately, some things came up on us that we have to move on quickly and the only thing they are familiar with is OS deployments with ConfigMgr and MDT UDI that I built for them. I was looking to just build a simple OS image Task Sequence and then have Windows prompt to join Azure AD during OOBE. This is how it works when I install Windows using the ISO USB media. For whatever reason, when I deploy an image through a Task Sequence with minimal options, Windows comes up to a logon prompt without the OOBE options to name and join the device. I am a bit familiar with Windows System Image Manager and customizing an unattended install file, but I do not see an option to force the OOBE screen to prompt for Azure AD join.

I suppose if I am unable to get anywhere with using ConfigMgr, we may just have to load these computers from ISO USB media. Do you know of any good tutorial/overview videos showing how to deploy computers using Autopilot? I would like to see a run through of that process.