Microsoft Endpoint Manager: Autopilot – White Glove or Not? Part 6 – Hybrid Scenario


In the previous part we went through the third party vendor options and how they contribute towards the autopilot process workflow. We also discussed how it would look to either enhance or offload to structure the process out.

This next part will be quite an interesting part as this will be a collation of everything we have covered in all of the previous parts released and it will show how these decisions will look when incorporated into a hybrid setup where you have an Azure AD and an On-Premise AD setup.

How does white glove have ANY say in a hybrid setup?

This is perhaps a more complicated answer. White glove doesn’t necessarily have to play any part in a hybrid scenario, but what we will try to cover is perhaps some of the benefits or conveniences it has when it comes to this.

Lets paint the overall picture of a hybrid environment. So we essentially have an on premise active directory and then we also have an Azure AD as well, where once the device is enrolled it will join both of them.

Now there are many parts that come into play such as the Intune connector to create objects within the on-premise AD into the Autopilot portal to form the correlation between both endpoint accounts
(Note: Please see here for more information on this)

What we want to do in this part is to provide an overview of areas in how Autopilot and white glove option would play in this.

So what is or is there an actual benefit to using White Glove in a Hybrid Environment?

Well when we look at the actual deployment that takes place for the ESP (enrollment status page), what differs to the deployment as opposed to being in just an Azure AD is that the first stage would be where domain joins would happen between both on-premise and Azure AD.
(Note: Ensure that you have a Domain Join profile created if you are within a Hybrid setup. Information on how to create one can be found here.)

In this instance if you perhaps wanted to minimize the potential errors that could come from the domain join stages it could be worth having the white glove process involved. Of course this is heavily dependent on where the devices would be going through the Autopilot process.

If this was done in the office then there maybe a easier process to it, however depending on the working culture implemented, where users are able to work anywhere, then you have to take into account VPN connectivity whether that be from VPN clients, VPN Profiles within Intune, and if users are accessing from direct access. These type of scenarios would need to be considered, as you may not want users to have a hit and miss headache over devices which may have issues reaching the on-premise active directory.

What if a third party were to take care of devices in a Hybrid Environment?

Where third parties are concerned this could be a saving grace where they could handle that headache for you. With that being said, it would come with its challenges as there is still the VPN hurdle as they would need to be able to connect to your environment which has the on-premise domain. Perhaps slightly out of scope for this series but definitely worth noting if wanting to pursue this option.

Any known issues to watch out for?

The main one which comes to me is normally around devices joining the on premise domains and especially when naming devices through the Autopilot portal

Figure 1.1 – Windows Autopilot Devices right panel options

May not happen too often but I have seen issues where once the enrollment is completed, and when trying to sign into the on-premise domain, you will get an error such as “The security database on the server does not have a computer account for this workstation trust“.

Many areas could be the cause for this such as:

  • Synchronization issues between Azure AD and On-Premise AD
  • Conflicts with device name configurations in Autopilot profile
  • Stale records still in AD (On-Prem or/and Azure AD)
  • Issues with the Intune Connector creating the device record in Autopilot

These particular issues aren’t “White Glove” specific, but are worth highlighting if you were to ever come across them.

End of Series

This part now concludes the whole series.

Overall I hope each part has been able to cover at least the majority of scenarios – whether that is the normal process or utilizing White Glove.

When it comes down to it, it really comes down to the preference but also the overall objectives the organization is trying to achieve. This series made sure to explore all options and not have a biased approach as to which route you should take.

If you need guidance implementing any of these scenarios for your organization, please reach out to us via email, or phone.


Picture of Dujon Walsham

Dujon Walsham

Contact Us

On Key

More Posts

E-Commerce Security - Solutions for Online Retailers

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Top 7 Office 365 Backup Solutions
Cloud Computing

Top 7 Office 365 Backup Solutions

Let’s explore the top 7 Microsoft 365 (Office 365) backup and recovery solutions. These solutions feature, among others, automated backups, detailed reporting, and efficient deduplication. We will guide you through their pros and cons and what

Read More »
WME Cybersecurity Briefings No. 015
Cyber Security

WME Security Briefing 24 June 2024

Google’s Privacy Sandbox Faces Scrutiny Over User Tracking Allegations Overview Google’s Privacy Sandbox was initially designed to replace third-party cookies in Chrome. It was a more privacy-conscious solution, but the Austrian privacy group Noyb is now

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.