I'm trying to figure out the best approach for managing AutoPilot laptops that were shipped from Dell to end users but are getting blocked by our tenant's conditional access for being unregistered devices. In the Microsoft 365 admin center, these new laptops are recognized as AutoPilot devices. Microsoft suggests a few steps for setting up exclusions in the conditional access policy to allow the devices to register and enroll correctly. They recommend adjusting the policy to exclude Microsoft Intune Enrollment, Windows Autopilot, and the Microsoft Intune Cloud App. Alternatively, should I create a user-based policy for exclusions until the laptops are registered? I'm concerned about the lack of attention from 365 admins in maintaining the CA bypasses. What's the best way to automate this process? Any thoughts?
2 Answers
While following Microsoft's guidelines seems straightforward, keep in mind that those exclusions could introduce security risks depending on your organization’s policies. It’s essential to weigh your security needs against the convenience of automation. You should definitely assess how comfortable you are with those changes in your environment.
I’d say stick with Microsoft’s best practice. Those exclusions exist for a reason, and they’ll help keep the process flowing smoothly during deployment. You want to make sure your devices can register and go through the MDM enrollment without a hitch.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures