Imaging New PCs with Intune

All steps must be completed in the order below

1.Image the Device

1. Insert the ASU imaged flash drive into the PC to be imaged.
2. Power on device, and boot from the ASU imaged flash drive inserted in step 1.a.
3. Select Intune Image from the Menu
4. Select “Yes” to create the hash
5. Select the correct Intune group the device needs to be in:
   1. Campus vs Remote see this article. 
   2. Checkout is for ASU only.
6. Select “Yes” on wipe this machine. Be aware once you select yes, this will wipe all partition and format the drive!

2.Pre-Provisioning

1. Devices in the Remote or Checkout groups start to pre-provisioning automatically.  Proceed to step 4, Rename Device
2. Devices in the Campus group - Once the device is done imaging and, on the screen – “Let’s set things up for your work or school” screen, press the Windows key repeatedly till the Autopilot page pops up.
3. Select the second option: Pre-provision with Windows Autopilot and click next.
4. When the screen with the QR code pops up, verify the correct provision is assigned and click next.
5. When the device is done running through the Pre-Provisioning process click the Reseal button. This will power down the device.
6. Power on the device and sign in using the intdem-ima@uwyo.edu DEM account. This will enroll the device in Intune.

3.Remove Primary User

* For Campus group only           

1. Sign into the imaging center computer with your -A account. (Not the computer you’re Imaging.)
2. Log into https://intune.microsoft.com
3. On the left locate devices, then locate Windows, then locate Enrollment, then locate Windows Autopilot and select Devices.
4. Locate Associated Intune device and click on the device under that.
5. Under Overview expand the Manage drop down and select Properties. Remove primary user and save.

4.Rename Device

1. (For Campus devices only, this does not apply if device is a Remote provision.) On the device sign out of the intdem-ima@uwyo.edu  account and sign in using your –DA.
2. Once signed in with your DA account open the start menu and select settings.
3. In System locate rename.
4. Verify if device name changed on PC.

5.GLBA Device

*For GLBA users/devices only

a.Campus GLBA Device

1. For a Campus devices, we add these Devices into our local AD group “InTune-GLBA-PC-Disk-Encryption”.
2. Locate the AD icon on the task bar and select.
3. In Active Directory Users and Computers Select Action > Find, and search for the “InTune-GLBA-PC-Disk-Encryption” group.

4. Open the group and select Add in the Members tab
5. Under Enter the object name paste the device name in there and select check name.
6. Select ok.
7. 
8. Select Apply and the device has been added to the group. (Note the button will not be grayed out, this is an example.)
9. 

b.Remote GLBA Device

1. Remote devices are Entra joined devices only they go into the “AZ-InTune-GLBA-PC-Disk-Encryption” group. Go to step 26. (For Campus devices skip to step 33.)
2. In Microsoft Intune Admin Center home page locate Groups on the left-hand side of the screen and select.
3. Locate All Groups and select.
4. In the search box search for the “AZ-InTune-GLBA-PC-Disk-Encryption” group. It will appear as the first option select it. 
5. On the left-hand side of the screen locate Members and select.
6. At the top you will see +Add members icon select that.
7. 
8. In the Add members popup enter the device name in the search bar
9. Check the box next to the device name and click Select at the bottom. The Device is now in that group.