Microsoft Endpoint Manager: Autopilot – White Glove or Not? Part 5 – Third Party Options


In the previous part of the series we talked about the average times it takes for endpoints to be onboarded into Intune when using Autopilot deployments and how they differ when using a non white gloved method and a white gloved method.

The next part we are going to look into is the journey and benefits into third party options and how they can help the overall process for providing endpoints. These are ready to be given to the business, or even in some cases, directly to primary users.

What can a third party provide

Before we get more into how white glove can perhaps enhance these areas, first I want to provide a quick overview in regards to what the benefits a third party vendor can provide.

The best way to illustrate this is to display how a normal process of Autopilot would go in comparison to how a third party would look.

So atypical workflow would look when we handle all of the provisioning in house, and also we can see some additional tasks which are incorporated as well.

So a standard scenario would be for support staff to have these devices enrolled into their autopilot portal from uploading the hardware hash and then reset to OOBE to perform the autopilot deployment. But another part which cannot really be automated is pre-build or prerequisite checks which normally involve the standardization of hardware configurations – mainly around the BIOS.

Now lets say for example requirements for devices would be to have configurations such as asset tagging, configurations of secure boot, as well as other areas such as support virtualization and BIOS administrator password settings. These are essentially manual tasks or at best semi-automated tasks.

Though there are configuration profiles such as Device Firmware Configuration Interface (DFCI) which can actually be included as part of device enrollment processes at certain stages, at the time this article is being written its primarily applicable towards Microsoft Surface devices. But I’m hoping there will be view and scope to support other hardware vendors too. Other areas of interest are around some vendors which have utility software that can also configure the BIOS configuration through it or by SDK scripts which are able to change this through PowerShell/WMI.

(Note: Lenovo has a guide for the PowerShell/WMI Methods which can be found here.)

Now if we take a look at what that looks like with a third party in place, we can see that the majority of the administrative task is handed over to the third party and the end result is then provided to the customer/s.

Where we envision tasks around pre-build checks that are more hardware specific, these can now be wrapped into the process which the third party provides as opposed to internal support staff at the organization performing this.

In this particular scenario we see it more geared towards the device being uploaded into the clients autopilot portal via a Microsoft cloud solution provider (CSP) (Note: More information on the Microsoft cloud solution provider (CSP) authorization can be found here) and then the device has been sent to the organization to complete the rest being left with the Autopilot profile deployment.

But it can also be taken a step further where the deployment process can also be completed as well and then have options in which the company-ready device is ready to go out either to the organization or directly to the primary user at the organization.

How does White Glove play a part in this decision making?

We have been touching around areas which we may already know without really addressing the real question within this blog which is how does white glove have a say in this overall process? Well mainly it would be more based around the requirements of readiness in which you want a company standard device to be at before distributing to a user. Essentially if someone wants a user to hit the ground running then they may not want to have a user go through the actual autopilot profile deployment and depending on the structure of the process can also determine this too.

But another way to look at this is more on the software aspect, whether it be that you have a specific set of applications which must install before a device can actually be enrolled into Intune or if you have an extensive amount which are required to be deployed. This point really is similar to the paragraph above where it really comes down to the preference. I would say that if you are wanting to add a third party vendor to take over this process then there perhaps is an incentive to have them take on the task of having a multitude of devices ready to go but that’s not a given.

The diagram shown in Figure 1.3 above fits this particular scenario quite well when wanting to see how it will look in the real world.

Which Hardware Vendors currently support these options?

Vendors I’ve used the most are Lenovo where they can provide autopilot services. More information can be found about their services here.

Another vendor offering these services is Dell and their information can be found here.

Final Part of the series

The final part of the series will cover everything which we have touched on. This overview looks to support how the decisions of white glove can be incorporated within hybrid environment scenarios, and if they are, they actually require significant planning and decision making.

In the meantime, please feel free to contact us via email or phone if we can help you with similar projects or talent to implement solutions.


Picture of Dujon Walsham

Dujon Walsham

Contact Us

On Key

More Posts

E-Commerce Security - Solutions for Online Retailers

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Top 7 Office 365 Backup Solutions
Cloud Computing

Top 7 Office 365 Backup Solutions

Let’s explore the top 7 Microsoft 365 (Office 365) backup and recovery solutions. These solutions feature, among others, automated backups, detailed reporting, and efficient deduplication. We will guide you through their pros and cons and what

Read More »
WME Cybersecurity Briefings No. 015
Cyber Security

WME Security Briefing 24 June 2024

Google’s Privacy Sandbox Faces Scrutiny Over User Tracking Allegations Overview Google’s Privacy Sandbox was initially designed to replace third-party cookies in Chrome. It was a more privacy-conscious solution, but the Austrian privacy group Noyb is now

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.