I'm the sole IT staff member in my office and sometimes have to rely on our managed service provider for help desk issues. We utilize Microsoft 365 Business Premium licenses with full adoption of Azure Active Directory and Intune.
I'd like to set up a temporary laptop that staff can use when their machines are down or being serviced. The ideal scenario is for it to be easily accessible, allowing them to access printing and online resources quickly. It would be great if it had Office installed locally, but that's not crucial. Once they're done using it or have their own device back, I want the setup to be ready for the next person.
I considered getting a new device that I login to first, but I'm hesitant, as I've heard Intune registration with a primary user can cause issues. I want to avoid using generic accounts and I'm concerned that new logins could impact a user's profile negatively, especially regarding license allocation for things like Office, which could waste resources if they only need the laptop briefly.
Also, time-to-login is a concern since first-time auto setups take longer. If someone is in a rush, I don't want them waiting around. I'm wondering if limiting app installs might complicate things further.
Other ideas I've had include:
- A local unit that connects to guest Wi-Fi with a local user account, not tied to Intune or Entra.
- An Intune machine with a general login that has no permissions, but that doesn't seem wise.
- Buying an inexpensive Chromebook unrelated to Microsoft.
Has anyone tackled a similar problem? My bosses dislike downtime for staff, especially when I'm the one making decisions about it!
6 Answers
I’d skip all of those options. Why not just use a regular Entra/Intune-joined device? They don’t need a primary user assigned. Users can log in with their own accounts. After it’s returned, you can simply remove any old profiles if needed. You can adjust settings to avoid the Enrollment Status Page for every sign-in too.
We use a non-domain laptop with just the essentials installed. It serves its purpose as a temporary solution without making it too complicated!
Consider getting a basic laptop set up with a local admin account and keep it off the domain entirely. You could install Chrome and maybe LibreOffice for document editing. This way, users can access Office 365 via the web and print without all the Intune complications. Just think functional for temporary access!
Why not create a multi-user device? Enroll it with your own account, remove the primary user, and apply a shared PC configuration profile. It seems like a straightforward solution!
Honestly, you’re overthinking this quite a bit. Just keep it simple.
We use a self-deploying shared PC setup. It works well paired with a storage policy that cleans up user data after 48 hours. We now exclusively use self-deployment with user ESP disabled everywhere because it's just unnecessary.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures