1

I would like to build devices using SCCM, much like they arrive new, for Intune AutoPilot deployments. It seemed simple enough. I created a generic Task Sequence, Then wrote a script which uninstalls the SCCM Client, gathers the device's hardware ID and then, runs "sysprep /oobe /shutdown". This script runs once the Task Sequence completes, using the Task Sequence Variable "SMSTSPostAction". All of this works beautifully, until the machine is joined to Azure AD via AutoPilot. My first sign of trouble was that the Intune Policies would not apply. I then found this message when looking at the device in Intune:

Co-management
<UserName>'s Windows PC is being co-managed between
Intune and Configuration Manager. Configuration Manager agent state is
shown below, if the state is anything other than “Healthy” there are a
few steps that help with this. 

Configuration Manager agent state
Could not connect

Details
The Configuration Manager client is currently unable to reach
the Configuration Manager management point. Make sure the client can
communicate with the server. For more information on client
communication issues, see the CcmMessaging.log, LocationServices.log,
or ClientLocation.log files on the Configuration Manager client.

Is it possible to create Intune only devices, ready to be AutoPiloted, with SCCM? If so, how?

Nathan Hartley
  • 1,660
  • 5
  • 26
  • 40
  • I have absolutely no experience with this but co-management is a separate point in sccm in administration->cloud services. I was under the impression that if you do not configure this it cannot be active. Is this on (and needed) in your environment? – Syberdoor Oct 09 '18 at 12:12
  • Co-Management was turned on, for a brief moment, in our AutoPilot journey. We quickly found that it complicated things and followed instructions in someone's blog post to turn it off. Possibly, something went wrong turning it off? I do not understand how it is Intune thinks these devices are managed by SCCM. My best guess is that the SCCM client uninstall is leaving behind cruft which the MDM system is reporting back to Intune. – Nathan Hartley Oct 09 '18 at 13:28
  • I find this unlikely because by default comgmt would not be on (but again I have no experience with this). In a screenshot I found it is implied that the ccm client is installed via intune (https://www.anoopcnair.com/wp-content/uploads/2018/06/SCCM-Co-Management-Configuration-Setup1.jpg) is this the case in your task sequence? or is it the normal config mgr client installation? – Syberdoor Oct 09 '18 at 14:24
  • The SCCM Client has to be installed to do anything beyond the installation of the OS. In my case, the SCCM client is triggering the script which uninstalls the client, gathers the hardware information, then resets the machine to the OOBE. – Nathan Hartley Oct 09 '18 at 15:34

1 Answers1

1

Announced at Ignite, Windows 10 1809 will make it possible to create AutoPilot ready machines with SCCM. The secret is the ability to place a special AutoPilot configuration file on the newly imaged device, without having to install the SCCM Client.

The article "Speeding up Windows Autopilot for existing devices" breaks down the process this way:

  1. Boot to Windows PE (no data migration steps, we assume OneDrive for Business already has the data in the cloud).
  2. Format and partition the drive (so this is clearly a wipe-and-load process, not an in-place upgrade – all data, apps, settings, etc. are cleaned from the drive).
  3. Apply the new Windows 10 OS image.
  4. Inject drivers into the applied Windows 10 installation.
  5. Copies an Autopilot configuration file into the proper location in the Windows folder structure (this enables an Autopilot user-driven experience without harvesting and uploading the hardware hash in advance).
  6. Boot into Windows 10.
  7. Install the ConfigMgr client.
  8. Sysprep the Windows 10 OS.
  9. Reboot into Windows 10 OOBE.

More information can be found here:

Nathan Hartley
  • 1,660
  • 5
  • 26
  • 40