mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 02:43:43 +00:00
fixing conflicts
This commit is contained in:
Dani Halfin
@ -38,7 +38,7 @@ The following additional best practices ensure that devices can easily be provis
|
||||
## Software best practice guidelines for Windows Autopilot
|
||||
|
||||
- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers.
|
||||
- You can preinstall your licensed version of Office, such as [Office 365 ProPlus](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise).
|
||||
- You can preinstall your licensed version of Office, such as [Microsoft 365 Apps for enterprise](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise).
|
||||
- Unless explicitly requested by the customer, no other preinstalled software should be included.
|
||||
- Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed.
|
||||
|
||||
|
||||
@ -10,7 +10,6 @@ ms.pagetype: deploy
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 10/31/2018
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.collection: M365-modern-desktop
|
||||
@ -26,19 +25,14 @@ The following table displays support information for the Windows Autopilot progr
|
||||
|
||||
Before contacting the resources listed below for Windows Autopilot-related issues, check the [Windows Autopilot FAQ](autopilot-faq.md).
|
||||
|
||||
|
||||
| Audience | Support contact |
|
||||
|---------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if you're a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. |
|
||||
| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority: <br>Low – 120 hours <br>Normal – 72 hours <br>High – 24 hours <br>Immediate – 4 hours |
|
||||
| Partners with a Partner Technology Strategist (PTS) | If you have a PTS (whether you're a CSP or not), you may first try working through your account's specific Partner Technology Strategist (PTS). |
|
||||
| Partners with an Ecosystem PM | If you have an Ecosystem PM (whether you're a CSP or not), you may first try working through your account's specific Ecosystem PM, especially for technical issues. To learn more about Ecosystem PMs and the services they offer, contact epsoinfo@microsoft.com. |
|
||||
| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. |
|
||||
| End-user | Contact your IT administrator. |
|
||||
| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. |
|
||||
| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. |
|
||||
| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). |
|
||||
| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. |
|
||||
| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. |
|
||||
| All other queries, or when unsure who to contact | Contact msoemops@microsoft.com. |
|
||||
|
||||
| Audience | Support contact |
|
||||
|------------|---------------------------------------|
|
||||
| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if you’re a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. |
|
||||
| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority: <br>Low – 120 hours <br>Normal – 72 hours <br>High – 24 hours <br>Immediate – 4 hours |
|
||||
| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. |
|
||||
| End-user | Contact your IT administrator. |
|
||||
| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. |
|
||||
| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. |
|
||||
| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). |
|
||||
| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. |
|
||||
| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. |
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 58 KiB After Width: | Height: | Size: 331 KiB |
BIN
windows/deployment/windows-autopilot/images/csp3a.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp3a.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 253 KiB |
BIN
windows/deployment/windows-autopilot/images/csp3b.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp3b.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 229 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 74 KiB After Width: | Height: | Size: 404 KiB |
@ -27,6 +27,9 @@ ms.custom: seo-marvel-apr2020
|
||||
<table>
|
||||
<th>Issue<th>More information
|
||||
|
||||
<tr><td>Blocking apps specified in a user-targeted Enrollment Status Profile are ignored during device ESP.</td>
|
||||
<td>The services responsible for determining the list of apps that should be blocking during device ESP are not able to determine the correct ESP profile containing the list of apps because they do not know the user identity. As a workaround, enable the default ESP profile (which targets all users and devices) and place the blocking app list there. In the future, it will be possible to instead target the ESP profile to device groups to avoid this issue.</tr>
|
||||
|
||||
<tr><td>Windows Autopilot user-driven Hybrid Azure AD deployments do not grant users Administrator rights even when specified in the Windows Autopilot profile.</td>
|
||||
<td>This will occur when there is another user on the device that already has Administrator rights. For example, a PowerShell script or policy could create an additional local account that is a member of the Administrators group. To ensure this works properly, do not create an additional account until after the Windows Autopilot process has completed.</tr>
|
||||
|
||||
|
||||
@ -46,11 +46,15 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
|
||||
|
||||
- Select the checkbox indicating whether or not you want delegated admin rights:
|
||||
|
||||
- NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal by going to [Customers delegate administration privileges to partners](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges).
|
||||
- NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Admin Center or the Office 365 admin portal by going to [Customers delegate administration privileges to partners](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges).
|
||||
- Send the template above to the customer via email.
|
||||
2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
|
||||
2. Customer with global administrator privileges in Microsoft Admin Center clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following Microsoft 365 admin center page:
|
||||
|
||||
|
||||
|
||||
|
||||
The image above is what the customer will see if they requested delegated admin rights (DAP). Note that the page says what Admin roles are being requested. If the customer did not request delegated admin rights they would see the following page:
|
||||
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> A user without global admin privileges who clicks the link will see a message similar to the following:
|
||||
|
||||
@ -78,7 +78,7 @@ If the WNS services are not available, the Autopilot process will still continue
|
||||
|
||||
If the Microsoft Store is not accessible, the AutoPilot process will still continue without Microsoft Store apps.
|
||||
|
||||
<tr><td><b>Office 365<b><td>As part of the Intune device configuration, installation of Office 365 ProPlus may be required. For more information, see <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2">Office 365 URLs and IP address ranges</a> (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
|
||||
<tr><td><b>Office 365<b><td>As part of the Intune device configuration, installation of Microsoft 365 Apps for enterprise may be required. For more information, see <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2">Office 365 URLs and IP address ranges</a> (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
|
||||
<tr><td><b>Certificate revocation lists (CRLs)<b><td>Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services. A full list of these is documented at <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_crl">Office 365 URLs and IP address ranges</a> and <a href="https://aka.ms/o365chains">Office 365 Certificate Chains</a>.
|
||||
<tr><td><b>Hybrid AAD join<b><td>The device can be hybrid AAD joined. The computer should be on corporate network for hybrid AAD join to work. See details at <a href="https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven-hybrid">Windows Autopilot user-driven mode</a>
|
||||
<tr><td><b>Autopilot Self-Deploying mode and Autopilot White Glove<b><td>Firmware TPM devices, which are only provided by Intel, AMD, or Qualcomm, do not include all needed certificates at boot time and must be able to retrieve them from the manufacturer on first use. Devices with discrete TPM chips (including devices from any other manufacturer) come with these certificates preinstalled. See <a href="https://docs.microsoft.com/windows/security/information-protection/tpm/tpm-recommendations">TPM recommendations</a> for more details. Make sure that these URLs are accessible for each firmware TPM provider so that certificates can be successfully requested:
|
||||
@ -106,7 +106,7 @@ To provide needed Azure Active Directory (automatic MDM enrollment and company b
|
||||
> Even when using Microsoft 365 subscriptions, you still need to [assign Intune licenses to the users](https://docs.microsoft.com/intune/fundamentals/licenses-assign).
|
||||
|
||||
Additionally, the following are also recommended (but not required):
|
||||
- [Office 365 ProPlus](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
|
||||
- [Microsoft 365 Apps for enterprise](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
|
||||
- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise.
|
||||
|
||||
## Configuration requirements
|
||||
|
||||
Reference in New Issue
Block a user