Microsoft Endpoint Manager: Autopilot – White Glove or Not? Part 5 – Third Party Options


In the previous part of the series we talked about the average times it takes for endpoints to be onboarded into Intune when using Autopilot deployments and how they differ when using a non white gloved method and a white gloved method.

The next part we are going to look into is the journey and benefits into third party options and how they can help the overall process for providing endpoints. These are ready to be given to the business, or even in some cases, directly to primary users.

What can a third party provide

Before we get more into how white glove can perhaps enhance these areas, first I want to provide a quick overview in regards to what the benefits a third party vendor can provide.

The best way to illustrate this is to display how a normal process of Autopilot would go in comparison to how a third party would look.

So if we take a look at Figure 1.1 this is how atypical workflow would look when we handle all of the provisioning in house, and also we can see some additional tasks which are incorporated as well.

Figure 1.1 – Current Provisioning Scenario

So a standard scenario would be for support staff to have these devices enrolled into their autopilot portal from uploading the hardware hash and then reset to OOBE to perform the autopilot deployment. But another part which cannot really be automated is pre-build or prerequisite checks which normally involve the standardization of hardware configurations – mainly around the BIOS.

Now lets say for example requirements for devices would be to have configurations such as asset tagging, configurations of secure boot, as well as other areas such as support virtualization and BIOS administrator password settings. These are essentially manual tasks or at best semi-automated tasks.

Though there are configuration profiles such as Device Firmware Configuration Interface (DFCI) which can actually be included as part of device enrollment processes at certain stages, at the time this article is being written its primarily applicable towards Microsoft Surface devices. But I’m hoping there will be view and scope to support other hardware vendors too. Other areas of interest are around some vendors which have utility software that can also configure the BIOS configuration through it or by SDK scripts which are able to change this through PowerShell/WMI.

(Note: Lenovo has a guide for the PowerShell/WMI Methods which can be found here.)

Now if we take a look at what that looks like with a third party in place, we can see that the majority of the administrative task is handed over to the third party and the end result is then provided to the customer/s. This can be seen in below in Figure 1.2;

Figure 1.2 – Provisioning Scenario with Third Party Vendor

Where we envision tasks around pre-build checks that are more hardware specific, these can now be wrapped into the process which the third party provides as opposed to internal support staff at the organization performing this.

In this particular scenario we see it more geared towards the device being uploaded into the clients autopilot portal via a Microsoft cloud solution provider (CSP) (Note: More information on the Microsoft cloud solution provider (CSP) authorization can be found here) and then the device has been sent to the organization to complete the rest being left with the Autopilot profile deployment.

But it can also be taken a step further where the deployment process can also be completed as well and then have options in which the company-ready device is ready to go out either to the organization or directly to the primary user at the organization. The diagram below in Figure 1.3 gives an idea about how that process would work.

Figure 1.3 – Provisioning Scenario with Third Party Vendor with delivery options

How does White Glove play a part in this decision making?

We have been touching around areas which we may already know without really addressing the real question within this blog which is how does white glove have a say in this overall process? Well mainly it would be more based around the requirements of readiness in which you want a company standard device to be at before distributing to a user. Essentially if someone wants a user to hit the ground running then they may not want to have a user go through the actual autopilot profile deployment and depending on the structure of the process can also determine this too.

But another way to look at this is more on the software aspect, whether it be that you have a specific set of applications which must install before a device can actually be enrolled into Intune or if you have an extensive amount which are required to be deployed. This point really is similar to the paragraph above where it really comes down to the preference. I would say that if you are wanting to add a third party vendor to take over this process then there perhaps is an incentive to have them take on the task of having a multitude of devices ready to go but that’s not a given.

The diagram shown in Figure 1.3 above fits this particular scenario quite well when wanting to see how it will look in the real world.

Which Hardware Vendors currently support these options?

Vendors I’ve used the most are Lenovo where they can provide autopilot services. More information can be found about their services here.

Another vendor offering these services is Dell and their information can be found here.

Final Part of the series

The final part of the series will cover everything which we have touched on. This overview looks to support how the decisions of white glove can be incorporated within hybrid environment scenarios, and if they are, they actually require significant planning and decision making.

In the meantime, please feel free to contact us via email or phone if we can help you with similar projects or talent to implement solutions.



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.