Since my first run in with Intune a few years ago, I have seen a huge transition in the way that the product functions, feels and looks. If anyone was unlucky enough to venture into the Intune space as it was first released, I have no doubt that you brushed over it and knocked it off your considerations list. Almost every day I speak with clients who view Intune as an extremely poor offering in the Modern Device Management (MDM) space, however Microsoft have spent significant amounts of time and money getting the product to a place where its able to hold its own with the likes of Meraki, Kace and Jamf-now. It is only right that with the massive investments into the product that Microsoft earned the right to rename it, so they chose Microsoft Endpoint Manager which, now as a combined product with System Centre, is a truly amazing product.
The product itself, since those early days, has come on leaps and bounds and it is now comparable with the MDM management platforms that are sat at the top of the podium. The control that Intune has over Windows 10 is completely unparalleled, as you would imagine with this being a Microsoft product.
Now the reason for me venturing into writing my first blog post is a simple one. A feature that I, and many others, believed was missing from the platform is finally becoming available in preview. That feature being the ability to join an Autopilot device to the on-premise domain via a VPN connection. Now to any technical individual reading this that hasn't felt the pain of this being a missing piece to the puzzle, it may sound like something completely simple and unjustified to be writing in a blog but I assure you, this small tick box in the user interface (UI) is going to change the way builds are distributed and, in my mind, will spell the end of Support teams being heavily invested in the deployment of machines, freeing up spare time and resource to focus on more strategic projects.
With the introduction of this feature there is a huge obstacle taken away from IT teams that want to be able to use the autopilot feature but rely on on-premise domain infrastructure. Previously it was a case of devices having to either be on the network to complete the domain join via a wired connection during the autopilot process or having to manually join the device after the device had been built. But now with this feature we are able to truly embrace the remote image deployment that we so genuinely crave in this current environment.
Although unconfirmed, there are a number of VPN clients that will hopefully be supported: -
- Cisco AnyConnect
- Pulse Secure
- Global Protect
- Citrix NetScaler
- F5 BIG-IP Edge
- e Client
- Always On VPN
To enable this feature it’s as simple as deploying your VPN solution using the application configuration within Intune and creating the Application as a required APP and ticking the box in the Autopilot configuration "Skip AD Connectivity Check (Preview)". You will also need to have a minimum Windows 10 build of 1903. Once this has been actioned, the domain join will take place in the background after the device is rebooted.
Although this is a really simple change within the configuration of Autopilot, it will have a huge impact on the number of companies we see utilising it in the coming months, and when you couple this up with the recently enabled ADMX support within Endpoint Manager, it may just be time that we start to look at completely moving away from the group policies we all know and love.
With everything that is going on in this space, one thing is for sure, there is truly exciting times ahead of us within this space so keep your eyes peeled for further changes on the Microsoft What’s new in Intune page.