Part 15 – Configure Microsoft Intune – Windows Automatic Redeployment

Besides Windows Autopilot (blog here), Windows 10 has another great feature that you may like to use. Since Windows 10 Fall Creators Update (1709) there is new feature called Windows Automatic Redeployment. This feature allows the user to reset his device without permissions or help from an IT person. This can be initiate at the login screen by pressing a keystroke on a Windows 10 device.

Do you want to know more about this nice feature in Windows 10? Please, continue with reading. Because this time, it is about Windows Automatic Redeployment.

How Windows Automatic Redeployment works?

By pressing the keystroke CTRL + + R at the login screen, the user initiates the redeployment process. Windows 10 asks for an account who has local admin permissions on the laptop. This can be a local account or an Azure AD account. After entering the credentials, Windows 10 begins with resetting the device. The reset will remove all personal data, settings and applications.

If you have enabled Autopilot, then is this function perfect for your organization. After the reset, Autopilot will do his work for configuring the device, like joining in Azure AD and enrolling the device in Microsoft Intune. Autopilot will start also with deploying the policies, profiles and apps. This all without visiting the IT department for help and support. This could be at home or elsewhere in the world. The only thing you must have is an Internet connection.

If the user has some problems with applications or the user has problems with login, user can initiate a reset to resolve the problems. This is faster and easier then ask help from the IT department.

Let’s begin:

Before the user can use this feature, you have to enable this function in Windows 10. Go to the MS Intune portal -> Device configuration

Create a new profile.

For a new profile, you have to choose for Platform Windows 10 and Profile type Device restrictions. Click on Settings -> General.

Scroll down. You see Automatic Redeployment. Change this one to Allow. Click on Ok (twice). After that click on the create button.

Click on Assignments to assign a group.

Search and select the group. Click on the Save button to start the assignment. Check the Device status often for the configuration.

The policy is active on the client. Now, the user can use this feature in Windows 10.

Now that the policy is applied, we have to test this function on a Windows 10 device. Go to the device and press CTRL +

+ R at the login screen.

Enter here the Azure AD credentials or local user that has administrator permissions.

The device is resetting. This take a few minutes. Take some coffee or thee. This will take approximately 10 – 15 minutes.

After the reset, Windows Autopilot take the control over Windows 10. Windows Autopilot starts with Azure AD joining and enrolling into Microsoft Intune.

Redeployment has finished. Try to login. You got a clear Windows 10 device.

Side note:

If the user doesn’t have permissions to do a reset, then you could create a local admin user for redeployment. The best option is to use Intune to create a local admin, by using a PowerShell script (which I have explained in this blogpost) or by using OMA-URI. I have this done by using a PowerShell script, like this:

$Username = "RedeployAdmin"

$Password = "P@ssw0rd"

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"

$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."

    & NET USER $Username $Password /add /y /expires:never

       Write-Host "Adding local user $Username to $group."

    & NET LOCALGROUP $group $Username /add

}

else {

    Write-Host "Setting password for existing local user $Username."

    $existing.SetPassword($Password)

}

Write-Host "Ensuring password for $Username never expires."

& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

Save this script and add it into Intune. Found the script here.

The user must use this local account for redeployment instead his account.

Final

This is how Windows Automatic Redeployment works. After the reset, Intune will continue to manage the device. If the apps are available for deployment, they will start shorty.

If the user has a strange error or problem in an application or in Windows itself, the user has the option to do a quick reset. This will be a faster solution for him then contacting the IT department for help and troubleshoot the error or problem. By resetting the device, Windows 10 will set it back to default factory settings. Personal data and settings will be deleted, and the applications or apps will be removed also. What the IT department did with spending their time to resolve and resetting the device, they have time left for other IT related things because of this functionality.

I am ending this blog post. I hope that you like my post about Windows Automatic Redeployment. If you have any a question of comment, don’t hesitate to contact me by email or post a comment.

Thanks for reading my blogpost about Windows Automatic Redeployment. Stay tuned for new blogposts on All about enterprise mobility and security.

Greetings..

Advertisements

One thought on “Part 15 – Configure Microsoft Intune – Windows Automatic Redeployment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.