Did you know, you can use Autopilot device preparation to add applications to your Windows 365 Frontline shared machines before your user has the chance to connect? With this relatively new feature, it gets even easier to prepare your W365 Frontline Shared CloudPCs, no need to create a custom windows image anymore, just to get your LOB Apps preinstalled on your machines.
When you tried to prepare Windows 365 Frontline in shared mode, without Autopilot device preparation you were challenged on how can we guarantee that once a user connects to one of these CloudPCs, everything is ready for the user? Since the user could connect at every time, we can’t bet that everything that is assigned as required to these machines will be installed already. And since by design we don’t know on which machine a user will end once connected, we can’t tell him, just go to Company Portal and install you app on your own, since in worst case this would be every time he connects. So the only way to ensure a good user experience was to create a custom Windows 365 Image with all the required apps preinstalled.
Autopilot device preparation
With Autopilot device preparation we can skip the creation of a custom Windows 365 Image and can use a Gallery image which is much easier.
To get started, we need to create an Autopilot device preparation policy, just like we would do for a user driven enrollment on physical devices:
When creating a policy, we are now asked, if we want to create a user driven one or the one we want, an automatic:
After the usual introduction, we can give the policy a name and get started:
Just like with the “real” user driven policy, we can specify a enrollment time targeting group, where all our machines will be added to during enrollment, and which we should use to target our required apps and scripts:
We can either use an existing group or a fresh one for this purpose. Either way, we need to make sure to set the “Intune Provisioning Client” service principal as owner of the group (depending on the age of your tenant, the service principal could also be called “Intune Autopilot ConfidentialClient”, you can always just use the ID “f1346770-5b25-470b-88bd-d5744ab7952c” instead):
Now that we have a group available, we can simply search for it and add it to our policy:
On the next page, we can add up to 10 apps and scripts that should be installed during the device preparation phase of our Frontline Shared machines:
This could then looks something like that:
After setting the Scope Tags for the policy we can have a final look at our policy and save it:
The “hardest” part is now done and we have our Autopilot device preparation policy available:
Windows 365 Frontline Shared Provisioning Policy
Everything that is left for use to do, is create / modify a Windows 365 Frontline shared provisioning policy to point to our Autopilot device preparation policy. I will start with a fresh one:
Select a gallery image:
In the configuration tab, we can now select our previously created Autopilot device preparation policy:
And select, for how long it should try to install our selected apps and if it should prevent the user from connecting upon failure or not:
Next steps are just “business as usual” assign Scope Tags, assign the policy to a group and select the size:
And finally, just review and save:
Once saved our CloudPC(s) will be provisioned just as we are used to:
Except that after the state “Provisioning” it will not directly jump to “Provisioned” but to “Preparing”
During that state, the device will get policies apps and scripts applied:
Once done, the device is ready for the first user:
Troubleshooting
We can verify what happens during the preparation phase, just like we could on a physical device that goes through Autopilot device preparation:
We can see all devices in the overview if they were successful and if not why:
We can see which Apps were getting installed (including dependent apps)
Or if it failed for some reason:
What was the last state (In my case “Bad App” will never finish its installation):
Conclusion
In my opinion Windows 365 and Autopilot device preparation are clearly a dream team, when it comes to easy deployment of machines. While the process is currently limited to Windows 365 Frontline in shared mode and limited to 10 Apps (excluding dependencies 😉), it gives a good impression what could be possible in the future and is already today a game changer for Frontline shared deployments.
Leave a Reply