question

Dave-8558 avatar image
0 Votes"
Dave-8558 asked SamaelAmbronaRodriguez-8458 commented

Intune / Autopilot Advice – Reassigning Devices

I’m trying to figure out the best approach after having the computers on Intune/Autopilot and reassigning it to another employee.

To start let me explain our setup.

We are using Autopilot for Hybrid Ad Join and either import the CSV from older machines into Autopilot or during reset this pc we do shift + f10 to automatically add it to our Autopilot.

Once imported, we assign an Employee and a Group Tag which is used for a dynamic membership group to a device configuration profile that will add the computer to the proper OU on-prem and assign the computer name a prefix.

The device is then provisioned for the employee, and we start the process of logging into the computer for that employee and SOME of the basic applications are installed through ESP.

At this point, we install some of the software manually as we can’t get it working properly through the application deployment for Intune or we have different software requirements based on the employee’s department. And yes we use the Company Portal with different software available per department but some of the installs take forever i.e. Autodesk products and would like this software to stay until we decide to upgrade the software.

What is the best approach for reassigning an autopilot computer to a new employee that has the same software requirements without wiping the machine of the installed software? No issues with us removing the personal data but we want to keep the software in place so that we do not manually install custom applications based on the employee’s department each time we reassign the computer(s).

Example: John Doe leaves the company and Jane Doe takes his place.

Do we change the primary user from John Doe to Jane Doe and ignore the “Enrolled by” terminated employee?

We have tested “wipe” and “fresh start” but both clear out our manual application installed and “autopilot reset” of course is not available for Hybrid AD Join, which I think would give us what we need.

Thanks for the help!

mem-autopilot
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yannara avatar image
0 Votes"
yannara answered SamaelAmbronaRodriguez-8458 commented

As it written, Autopilot reset will not help you either. I guess there is no scenario to wipe/reset computer but keep apps. Multiple users can login to the computer, so if you don't care about the security and personal data left there, second user just logs in and continue to use it. I don't think that "enrolled by" does matter so much.

Same thing was with on-prem and images, if you recycle computer, you go fresh with it and re-install everything. (unless you start clean it manually).

122300-image.png



image.png (50.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

In our case, having more or less same scenario as described by Dave, we found out many computers failing to synchronize with Intune after a new user takes over the computer.

The only way that I found so far to fix the issues is have a lot of patience and register once and again the account of the user into the users settings \ Access work or school account

If anyone has a troubleshooting for this kind of incidents it would be very appreciated

Best regards

0 Votes 0 ·
LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

anonymous user-8558 Thanks for posting in our Q&A. From your description, I know that you want to remove the enrolled device but keep the apps. If there is anything misunderstanding, feel free to let us know.

For this issue, I agree with yannara. Currently, there is no such method that could keep the apps when removing the devices via intune.

If you are interested in this new feature, it is suggested to feedback in intune uservoice. This is a place to collect customers' requirements and problems.
https://microsoftintune.uservoice.com/forums/291681-ideas

Thanks for understanding. : )


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dave-8558 avatar image
0 Votes"
Dave-8558 answered LuDaiMSFT-0289 edited

Hopefully, in the future, they will add this feature. For us will have to peel away from Autopilot and stick with just using intune. Thanks for the information.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

anonymous user-8558 I have done more research about this issue. How about retire action? For the remove data in windows devices, please read the following article:
https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe#windows

Retire leaves the user's personal data on the device. I know that there are some apps installed manually. Based on my understanding, manual installed apps could be regarded as personal, not organizational, so retire action will not remove these apps.

0 Votes 0 ·
Dave-8558 avatar image
0 Votes"
Dave-8558 answered LuDaiMSFT-0289 commented

@LuDaiMSFT-0289 Thank you for the information, we will run some tests over the next few days and give an update.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OK. Hope everything goes well with you. : )

0 Votes 0 ·

So this is a no-go. Basically, it removes the MDM check from gpedit using "retire" but we add it back, and it still does not add itself Intune. The only way to fix it is if you remove it altogether from Autopilot and start over. Not worth our time. Hopefully, in the future, they will add a way to remove personal data, keep the software and possibly change the computer name so that we can add the machine to another employee.

0 Votes 0 ·

anonymous user-8558 Thanks for your time and clarify some information about "Retire". Given this situation, let's hope intune will add this feature in the future.

Thanks again for your kindness. : )

1 Vote 1 ·