Microsoft Endpoint Manager: Autopilot – White Glove or Not? Part 5 – Third Party Options

Introduction

In the previous part of the series we talked about the average times it takes for endpoints to be onboarded into Intune when using Autopilot deployments and how they differ when using a non white gloved method and a white gloved method.

The next part we are going to look into is the journey and benefits into third party options and how they can help the overall process for providing endpoints. These are ready to be given to the business, or even in some cases, directly to primary users.

What can a third party provide

Before we get more into how white glove can perhaps enhance these areas, first I want to provide a quick overview in regards to what the benefits a third party vendor can provide.

The best way to illustrate this is to display how a normal process of Autopilot would go in comparison to how a third party would look.

So atypical workflow would look when we handle all of the provisioning in house, and also we can see some additional tasks which are incorporated as well.

So a standard scenario would be for support staff to have these devices enrolled into their autopilot portal from uploading the hardware hash and then reset to OOBE to perform the autopilot deployment. But another part which cannot really be automated is pre-build or prerequisite checks which normally involve the standardization of hardware configurations – mainly around the BIOS.

Now lets say for example requirements for devices would be to have configurations such as asset tagging, configurations of secure boot, as well as other areas such as support virtualization and BIOS administrator password settings. These are essentially manual tasks or at best semi-automated tasks.

Though there are configuration profiles such as Device Firmware Configuration Interface (DFCI) which can actually be included as part of device enrollment processes at certain stages, at the time this article is being written its primarily applicable towards Microsoft Surface devices. But I’m hoping there will be view and scope to support other hardware vendors too. Other areas of interest are around some vendors which have utility software that can also configure the BIOS configuration through it or by SDK scripts which are able to change this through PowerShell/WMI.

(Note: Lenovo has a guide for the PowerShell/WMI Methods which can be found here.)

Now if we take a look at what that looks like with a third party in place, we can see that the majority of the administrative task is handed over to the third party and the end result is then provided to the customer/s.

Where we envision tasks around pre-build checks that are more hardware specific, these can now be wrapped into the process which the third party provides as opposed to internal support staff at the organization performing this.

In this particular scenario we see it more geared towards the device being uploaded into the clients autopilot portal via a Microsoft cloud solution provider (CSP) (Note: More information on the Microsoft cloud solution provider (CSP) authorization can be found here) and then the device has been sent to the organization to complete the rest being left with the Autopilot profile deployment.

But it can also be taken a step further where the deployment process can also be completed as well and then have options in which the company-ready device is ready to go out either to the organization or directly to the primary user at the organization.

How does White Glove play a part in this decision making?

We have been touching around areas which we may already know without really addressing the real question within this blog which is how does white glove have a say in this overall process? Well mainly it would be more based around the requirements of readiness in which you want a company standard device to be at before distributing to a user. Essentially if someone wants a user to hit the ground running then they may not want to have a user go through the actual autopilot profile deployment and depending on the structure of the process can also determine this too.

But another way to look at this is more on the software aspect, whether it be that you have a specific set of applications which must install before a device can actually be enrolled into Intune or if you have an extensive amount which are required to be deployed. This point really is similar to the paragraph above where it really comes down to the preference. I would say that if you are wanting to add a third party vendor to take over this process then there perhaps is an incentive to have them take on the task of having a multitude of devices ready to go but that’s not a given.

The diagram shown in Figure 1.3 above fits this particular scenario quite well when wanting to see how it will look in the real world.

Which Hardware Vendors currently support these options?

Vendors I’ve used the most are Lenovo where they can provide autopilot services. More information can be found about their services here.

Another vendor offering these services is Dell and their information can be found here.

Final Part of the series

The final part of the series will cover everything which we have touched on. This overview looks to support how the decisions of white glove can be incorporated within hybrid environment scenarios, and if they are, they actually require significant planning and decision making.

In the meantime, please feel free to contact us via email or phone if we can help you with similar projects or talent to implement solutions.

Share:

Facebook
Twitter
LinkedIn
Picture of Dujon Walsham

Dujon Walsham

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 034
Cyber Security

WME Security Briefing 18 November 2024

New LightSpy Spyware Variant Poses Increased Threat to iPhone Users Overview Recent analysis reveals an enhanced version of the iOS spyware, LightSpy. It targets iPhones with advanced surveillance features and destructive capabilities. Basically, detected for the first time

Click Here to Read Full Article »
WME Cybersecurity Briefings No. 033
Cyber Security

WME Security Briefing 08 November 2024

Evasive Panda Exploits CloudScout Toolset to Hijack Cloud Service Sessions in Taiwan Overview A recent cybersecurity report disclosed an advanced cyber espionage campaign conducted by the China-affiliated threat actor, Evasive Panda, deploying a novel malware toolset called CloudScout. The operation

Click Here to Read Full Article »
WME Cybersecurity Briefings No. 032
Cyber Security

WME Security Briefing 30 October 2024

Chinese Nation-State Hackers APT41 Target Gambling Industry for Financial Gain Overview The Gambling and Poker industry experienced a sophisticated cyber attack last month, orchestrated by the notorious Chinese nation-state group APT41 ( AKA Brass Typhoon, Earth Baku, Wicked

Click Here to Read Full Article »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=