0.6

education/windows/school-deployment/enrollment-aadj.md

@@ -0,0 +1,38 @@
+---
+title: Enrollment in Intune with standard out-of-box experience (OOBE)
+description: how to join Azure AD for OOBE and automatically get the device enrolled in Intune
+ms.date: 08/31/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: conceptual #reference troubleshooting how-to end-user-help overview (more in contrib guide)
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+#ms.reviewer: 
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ <b>Windows 10</b>
+- ✅ <b>Windows 11</b>
+- ✅ <b>Windows 11 SE</b>
+---
+# Automatic Intune enrollment via Azure AD join
+
+If you are setting up a Windows device individually, you can use the out-of-box experience to join it to your school's Azure Active Directory tenant, and automatically enroll it in Intune.
+With this process, no advance preparation is needed:
+
+1. Follow the on-screen prompts for region selection, keyboard selection, and network connection
+1. Wait for updates. If any updates are available, they will be installed at this time
+  :::image type="content" source="./images/win11-oobe-updates.png" alt-text="Windows 11 OOBE - updates page" border="true":::
+1. When prompted, select **Set up for work or school** and authenticate using your school's Azure Active Directory account
+  :::image type="content" source="./images/win11-oobe-auth.png" alt-text="Windows 11 OOBE - authentication page" border="true":::
+1. The device will join Azure AD and automatically enroll in Intune. All settings defined in Intune will be applied to the device
+
+> [!IMPORTANT]
+> If you configured enrollment restrictions in Intune, blocking personal Windows devices, this process will not complete. You will need to use a different enrollment method, or ensure that the device is registered in Autopilot.
+________________________________________________________
+## Section review and next steps
+
+> [!div class="nextstepaction"]
+> [< Enroll devices](enrollment-overview.md)
+> [Manage devices >](management-overview.md)

education/windows/school-deployment/enrollment-autopilot.md

@@ -122,4 +122,11 @@ When a Windows 11 SE device is turned on for the first time, the end-user experi
 1. Wait for detection. Windows will detect that the device has an Autopilot profile assigned and belongs to your school.
 1. Enter the email address and password associated with your school account.
 1. Apply updates. Once connected, the Windows 11 SE device will look for and apply required updates.
-1. Sign in on the school-branded welcome screen. Users need only their school account credentials. No local administrator permissions are required. 
+1. Sign in on the school-branded welcome screen. Users need only their school account credentials. No local administrator permissions are required.
+
+________________________________________________________
+## Section review and next steps
+
+> [!div class="nextstepaction"]
+> [< Enroll devices](enrollment-overview.md)
+> [Manage devices >](management-overview.md)

education/windows/school-deployment/enrollment-oobe.md

@@ -1,34 +0,0 @@
----
-title: # Microsoft Endpoint Manager support
-description: # How to obtain Microsoft support from Microsoft Endpoint Manager admin center.
-ms.date: 08/31/2022
-ms.prod: windows
-ms.technology: windows
-ms.topic: conceptual #reference troubleshooting how-to end-user-help overview (more in contrib guide)
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-#ms.reviewer: 
-manager: aaroncz
-ms.collection: education
-appliesto:
-- ✅ <b>Windows 10</b>
-- ✅ <b>Windows 11</b>
----
-
-# Manual OOBE
-
-If you are setting up a Windows 11 SE device individually and network bandwidth is not an issue, you can use the out-of-the-box, first-run setup experience to configure the device, join it to your school’s Azure Active Directory account, and enroll it in Intune.
-
-### Configure, join, and enroll devices
-
-When using OOBE, no advance preparation is needed:
-
-1. Follow the on-screen prompts for region selection, keyboard selection, and network connection. 
-1. Wait for updates. If any updates are available, they will be installed at this time. 
-
-:::image type="content" source="./image14.png" alt-text="Surface Laptop SE loading page" border="true":::
-
-3. When prompted, select **Work or School Account**. This will deploy Windows 11 SE to the device within a few minutes.
-
-:::image type="content" source="./image15.png" alt-text="User sign-in page on Surface Laptop SE" border="true":::

education/windows/school-deployment/enrollment-overview.md

@@ -23,21 +23,22 @@ There are three methods for setting up Windows devices and enrolling them in you
 
 - **Windows Autopilot** uses cloud-based technologies and services to set up and configure Windows devices with a zero-touch deployment approach. Windows Autopilot helps simplify the Windows device lifecycle, from initial deployment to end of life, for both IT administrators and end users. For more information, see [Overview of Windows Autopilot](/mem/autopilot/windows-autopilot)
   > [!NOTE]
-  > There are some limitations to Windows Autopilot in Windows 11 SE. For more information, see [Device settings](/intune-education/windows-11-se-overview#windows-autopilot).
+  > There are some limitations to Windows Autopilot in Windows 11 SE. For more information, see [**this article**](/intune-education/windows-11-se-overview#windows-autopilot).
 
-- **Provisioning packages** are files that you can use to set up Windows devices. You can create provisioning packages using either **Set Up School PCs** or **Windows Configuration Designer** applications. One benefit of provisioning packages is that you can use them to set up Windows devices that are not registered in Windows Autopilot. These files can be applied during or after the out-of-box experience. For more information, see [Provisioning packages](/windows/configuration/provisioning-packages/provisioning-apply-package).
+- **Bulk enrollment with provisioning packages.** Provisioning packages are files that you can use to set up Windows devices. You can create provisioning packages using either **Set Up School PCs** or **Windows Configuration Designer** applications. One benefit of provisioning packages is that you can use them to set up Windows devices that are not registered in Windows Autopilot. These files can be applied during or after the out-of-box experience. For more information, see [Provisioning packages](/windows/configuration/provisioning-packages/provisioning-apply-package).
-- **Manual out-of-the-box experience (OOBE).** This experience happens when a user first turns on a new device and it enables the user to customize certain Windows functionalities before reaching the desktop. When using this approach, users going through this flow will automatically become local administrators on the devices, which can cause issues for education devices.
+- **Automatic Intune enrollment via Azure AD join.** This experience happens when a user first turns on a new device and it enables the user to customize certain Windows functionalities before reaching the desktop. When using this approach, users going through this flow will automatically become local administrators on the devices, which is not ideal for education devices.
 
-## Choosing the best method
+## Choose the enrollment method
 
 Windows Autopilot and the Set up School PCs app are usually the most efficient options for school environments. There are various elements to take under consideration when choosing between Windows Autopilot and the Set up School PCs app. This [table](/intune-education/add-devices-windows) describes the ideal scenarios for using either method. It is recommended to review the table when making your enrollment and deployment plan.
+:::image type="content" source="./images/enroll.png" alt-text="The device lifecycle for Intune-managed devices - enrollment" border="false":::
 Select one of the following options to learn more about the enrollment method you chose:
 
 > [!div class="nextstepaction"]
-> [> Windows Autopilot >](enrollment-autopilot.md)
+> [Windows Autopilot >](enrollment-autopilot.md)
 
 > [!div class="nextstepaction"]
-> [> Provisioning Package >](enrollment-package.md)
+> [Provisioning Package >](enrollment-package.md)
 
 > [!div class="nextstepaction"]
-> [> Manual OOBE >](enrollment-oobe.md)
+> [Manual OOBE >](enrollment-aadj.md)

education/windows/school-deployment/enrollment-package.md

@@ -14,6 +14,7 @@ ms.collection: education
 appliesto:
 - ✅ <b>Windows 10</b>
 - ✅ <b>Windows 11</b>
+- ✅ <b>Windows 11 SE</b>
 ---
 
 # Set up School PCs
@@ -44,4 +45,12 @@ To provision Surface Laptop SE devices with USB, insert the provisioning package
 
 Windows Configuration Designer is especially useful in scenarios where a school needs to provision packages for both bring-you-own devices and school-owned devices. Ideal for small-to-medium schools that manage up to a few hundred devices, Windows Configuration Designer lets you configure devices without imaging. For more information, see [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd), which provides details about the app, its provisioning process, and considerations for its use. 
 
-![Set up device page in Windows Configuration Designer](./image13.png)
+![Set up device page in Windows Configuration Designer](./image13.png)
+
+
+________________________________________________________
+## Section review and next steps
+
+> [!div class="nextstepaction"]
+> [< Enroll devices](enrollment-overview.md)
+> [Manage devices >](management-overview.md)

education/windows/school-deployment/index.md

@@ -29,8 +29,7 @@ This guide introduces the tools and services available from Microsoft for deploy
 This guide provides a comprehensive path for schools to deploy and manage new Windows devices with Microsoft Intune. It includes step-by-step information on the deployment, management, and resetting of Surface Laptop SE and Windows 11 SE operating system.
 
 > [!NOTE]
-> - Depending on your school setup scenario, you may not need to implement all steps
+> Depending on your school setup scenario, you may not need to implement all steps.
-> - Unless otherwise indicated in the *Applies to* section of each document, the guidance applies to Windows 10, Windows 11 and Windows 11 SE
 
 ## New expectations for education technology
 

education/windows/school-deployment/set-up-microsoft-intune.md

@@ -165,5 +165,5 @@ ________________________________________________________
 
 With the Intune service configured, you can start enrolling and managing students' and teachers' devices.
 > [!div class="nextstepaction"]
-> [< Set up your tenant <](set-up-your-tenant.md)
+> [< Set up your tenant](set-up-your-tenant.md)
-> [> Enroll devices >](enrollment-overview.md)
+> [Enroll devices >](enrollment-overview.md)

education/windows/school-deployment/toc.yml

@@ -18,7 +18,7 @@ items:
       - name: Enroll devices with provisioning packages and SUSPCs
         href: enrollment-package.md
       - name: Enroll devices manually
-        href: enrollment-oobe.md
+        href: enrollment-aadj.md
   - name: Manage devices with Intune
     items: 
       - name: Overview