The guide below is intended to help streamline the device deployment process and centralize the recommended build and troubleshooting workflows for the MDM and Support team.

New Device Out of Box Experience (OOBE)

All Dell and Lenovo devices should be auto-enrolled in Autopilot and assigned a profile. Note that any device purchased outside of our Autopilot agreements with Dell and Lenovo will not be included by default and will not go through Penn Carey Law streamlined OOBE below. It is important in cases like this to confirm that the user chooses to set up the device as a "work or school" device (sometimes shown as "set up for an organization"). If they choose "personal" the device will not be able to be managed correctly and the device will need to be reset ASAP.

Autopilot Deployment Profile

Autopilot Deployment Experience

  • User is greeted with a "Welcome to University of Pennsylvania Law School" page asking them to enter their law school email address (LawKey)
  • User is prompted with password and MFA.
  • Device will begin setup (UI shows something like "getting ready")
  • If biometric capability is present on the device, the user will be prompted to set up face and/or fingerprint along with a PIN. If they choose not to use face/fingerprint, the PIN setup is still required.
  • Once all of the above is complete, the user is presented with the desktop and the NewComputer script begins to run. The device is now AAD-Joined successfully by the user.
  • Some users see the SupportAssist Reset Process Guide. Should we remove? It does have the benefit of taking users through checking their device for Windows and driver updates, but the app is clunky and also asks if they want to restore files from their last backup (and those files don't exist because we chose not to keep data before wiping the device)
    • IntuneNewComputer.ps1 is deployed via Intune as "PennLawNewComputer" and installs the following (add notes below each item here for clarification):
      • Loop check
      • New Computer Scheduled task
      • IntunePSUpdates
      • TimeZone
      • Remove SupportAssistHelpTool
      • Check AC Power / Toast
      • Events/SoftwareUpdates/DellCommandUpdate
      • IntuneNewComputerLogs Disable-WindowsOptionalFeature
      • Firewall settings
      • Classroom: Teamviewer, AcrobatReader, Desktop shortcuts
      • Not Classroom: IPSec inbound
      • Acrobat
      • DellCU Logs
      • Remove Admin
      • Run Diagnostics
      • FreshService Ticket
        • Scripts:
          • "IntuneSecurityDeviceGuard.ps1"
          • "IntuneEventsMain.ps1"
          • "IntuneAdmin.ps1"
          • "IntuneWindowsUpdate.ps1"
          • "IntuneASRRules.ps1"
          • "IntuneHWSW.ps1"