The issue with non-enterprise ready devices
Two weeks ago, during Black Friday, I purchased a few laptops because the specs were incredible for the price, and it was a real bargain. While they are very good laptops, they are not enterprise grade like the Dell XPS, HP Elitebooks, etc. This comes with one big disadvantage, namely that the OEM can't submit the laptops to my Endpoint manager, which means I have to add them manually. Let's look on how this can be accomplished.
The Device
For those wondering which device was purchased, it was the HP Pavilion 15-eh0950nd (AMD Ryzen 5, 6 core 12 threads, 16GB RAM, 512 NVMe SSD, 15,6" Full HD screen), but as stated before, it is not an enterprise laptop since it even came with 32 bits Windows Home.
This needed to be changed to Windows 10 Pro 64bit as soon as possible, which was more tedious than expected. While the installation went fine, it didn't install any drivers, so I had no WiFi and there was no physical ethernet port present, but luckily I found a way around this.
Setup
After installing Windows 10 Pro 64bit, I couldn't yet login with a company account due to the driver issue, so I made a local test account. Since there was no option for internet, I had to use a USB-stick to transfer the required Powershell code in order to get the required file for Autopilot in Endpoint manager.
The following code is needed to extract the .CSV file which must be manually uploaded into Endpoint manager. NOTE: Don't forget to run Powershell as Administrator!
New-Item -Type Directory -Path "C:\HWID"
Set-Location C:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutopilotInfo -Force
$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csvIt will create a folder called HWID, which refers to Hardware ID at C:\HWID. When the Powershell is completed, you will find the .CSV file that is needed.
After extracting the .CSV file and placing it on the USB-stick, I went to Settings > Update & Security > Recovery > get Started > Remove everything. The laptop is now resetting itself back to the default settings, but I noticed it kept Windows 10 Pro and reinstalled all the drivers. Super handy because now eveything worked right out of the box again!
Registering the Device in Endpoint Manager
Go to https://endpoint.microsoft.com and login and go to Devices
Click on Windows under the category By Platform.
Click on Windows Enrollment.
Click on Devices under the category Windows Autopilot deployment Program.
Click on the Import button and select the exported .CSV file.
The laptop is now added.
Azure Active Directory
In the Azure Active Directory (AAD), some settings need to be configured as well. To do this, go to Portal.Azure.com and login. Go to Azure Active Directory > Monility (MDM and MAM) > Microsoft Intune and set all the settings to your requirements.
Autopilot AAD group
Go back to Endpoint.microsoft.com and go to Groups. Click on New Group and create a new group for which you want to add all you Autopilot devices. I called it Autopilot to keep it simple.
Make sure your group is of Type: Security. Click on Add member and select the registered device (laptop).
Autopilot Profile
Follow the same steps as in Registering the Device in Endpoint Manager. However, instead of clicking on Devices under the category Windows Autopilot deployment Program, click on Deployment Profiles.
Click on Create profile and select Windows PC. Yes, it does also contain the Hololens!
Give your profile a proper name and configure it as you please. Don't forget to add your Group, which contains your Autopilot device.
After all of this, go back to the Devices tab where you added the laptop via import and wait for about 20 minutes to get the Profile Status to say Assigned.
After the profile was assigned, I was able to reinstall the laptop and get the company branding when choosing an Organization account and logging in with it. After this the laptop got registered to the logged in user.
I hope this helps if you ever have to add a windows device manually.
What's next?
Currently I find myself in situations for which I have to make a lot of YAML files for Azure Pipelines. I'll report my findings of this next week.