This article’s intended audience is University IT technicians who have been provisioned access to UConn’s Microsoft Intune Admin Center.
This process is for computers that were not shipped in the Autopilot program and need to be manually added into Intune. This includes computers bought before February 2023, or new computers bought outside the purchasing program run through ITS.
Checking for a valid Windows license
All Intune devices must have a valid Windows license. If a candidate device does not have a license, we cannot enroll it in Intune.
You only need to check for a Windows license if the device is not new and purchased through HuskyBuy/PC Refresh.
The license that devices use when enrolled in Intune is considered an “upgrade license”. This means that its activation is reliant on there being another license to upgrade from. Windows is a paid product and even though ITS does not explicitly buy licenses for each device purchase, the cost of the license is generally included in the price of the device. This license that is included with the device must exist for a device to activate correctly when enrolled in Intune.
For traditional device enrollment on the local/on-prem Active Directory, there has been a loophole that some departments have been using to save some money. This involved purchasing a device custom without a Windows license, and then having ITS activate it against our on-prem key management server (KMS), which bypasses the lack of a license. This is against Microsoft’s terms of service and has only recently come to light in Device Support.
Before enrolling a device into Intune that was previously not in it, we should check for the presence of a valid license key.
Dell
Go to dell.com/support and enter the device service tag.
Under “Quick Links”, select View product specs.
Search for a listing that appears that suggests a valid Windows license.
A device that has a valid license should have an entry that looks something like this:
A device that may not have a valid license might have an entry that looks like this:
Enrollment process
Power on the machine and wait for it to boot. Make sure device is connected to the internet.
If the machine is in the Windows setup process, press Shift+Fn+F10. That will open the Command Prompt, where you should type
powershell. If Windows is already set up, open Command Prompt as an administrator and runpowershell.Run the following script, one line at time. Press Y to indicate “yes” where prompted (a direct script is also attached below):
Install-Script -name Get-WindowsAutopilotInfo -Force
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Get-WindowsAutopilotInfo -Online
When asked to authenticate, use your NetIDadmin@ad.uconn.edu to sign in.
Add a group tag from the table below (case-sensitive) in Endpoint Manager under the Enroll devices section (direct link: https://endpoint.microsoft.com/#view/Microsoft_Intune_Enrollment/AutoPilotDevicesBlade/filterOnManualRemediationRequired~/false ).
Wait 5-10 minutes until the profile is assigned, then sign into the machine and perform a local reset (how to perform a local reset: https://support.microsoft.com/en-us/windows/give-your-pc-a-fresh-start-0ef73740-b927-549b-b7c9-e6f2b48d275e , “Keep my files” is not necessary if you are not planning on preserving data).
Once the reset is complete, sign into the machine.
You can use powershell and type “systemreset” then erase everything on the drive.
Department/Area | TAG |
|---|---|
Avery Point Campus | mwAveryPoint |
Business | mwBUSN |
CLAS | mwCLAS |
Education | mwEDU |
Engineering | mwENGR |
Marine Sciences | mwCLAS |
OVPR | mwOVPR |
SAIT | mwSA |
Stamford Campus | mwStamford |
UConn Library | mwLibrary |
ITS TSC Loaner | TSCLoaner |
ITS Managed Workstation | MWManagedWorkstation |
ITS Classrooms | MWClassrooms |
ITS Labs | MWLabs |
ITS Conference Rooms | MWConference |