Keeley Companies

Autopilot – New Machines

*New laptops are typically purchased in bulk and automatically added into the Autopilot Device section*

 

Go to Intune

• Open Admin Center: https://admin.microsoft.com/#/homepage
• Click Show all in the left column
• Click Endpoint Manager
  •  
• Alternatively, you can go directly by going to: https://intune.microsoft.com/?ref=AdminCenter#home

 

Assign user to laptop

1. Locate Serial Number on bottom of laptop or on the box the laptop came in
2. Within Intune
   1. Click on Devices in the left column
   2. Click on Windows in the secondary column 

Click on Devices under Windows Autopilot.

Search for the serial number of the new machine

If device isn't found go to this KB for importing the laptop's HASH:

1. Manually Collecting Hash | Knowledge Base | Keeley Companies
2. Return here when finished.
3. Select machine and choose Assign user.

Search for new user, select the user,  and choose Select button.

 

 

Click Save to finish assign user to laptop.

  

 

Autopilot

• Connect laptop to power and a working network cable/connection
• Power on laptop
• Autopilot will start automatically if it has a good connection to the internet
  • Wifi connections will also work, if you connect to a Keeley Wifi connection
  • KeeleyCompanies: password:  K331eyC0mp@nies
• Autopilot will ask you to enter the password for the user you assigned to the laptop
• Enter password
• Autopilot will now start for the user – you can expand whatever step it is on to see details
  • 
• After the Device Setup is completed, it will go to the Ctl Alt Del screen and you will need to sign in as the user again.
• Account setup will continue
  •  
• If Phase 3 (Account Setup) errors, click Continue Anyway button.  This will take you into the final steps of setting up.
• Click Skip for Now on the fingerprint.
• Click Ok on the Windows Hello
• Login with O365 Credentials
• Create PIN:
  • Set to:  010101
  • Click OK twice
• Go to edit power plan using the search bar and change everything to never to prevent it from timing out during company portal SYNC
  • 
• Go to Azure:  https://www.portal.azure.com
• Go to Microsoft Entra ID
  • 
• Go to Groups
  • 
• Search for New Windows Laptops - Click to open
  • 
• Click on members
  • 
• Click Add
  • 
• Search for serial number of laptop - Select box - click Select button at bottom
  • 
  • 
    
• Force user to login with password
  • Signout of desktop
  • Click the screen anywhere (or click space bar)
  • Click the Sign-in Options
  • Choose the key icon
  • Enter password
    • Note - these steps might have to be done after the first couple reboots to get it to stay with password as the default setting
• To force software sync on laptop to finish up adding all software: 
  • Start Menu
  • Search for Company Portal
  • Go to Settings
  • Click Sync button
  • 
  • 
• Software will finish installing
• Verify Microsoft Office, TeamViewer, Google Earth Pro, Google Chrome, Sentinel Agent, Veritas Alta Utility, Mimecast for Outlook, Zscaler, and Rapid7 Insight Agent have installed
• Login to Outlook, Teams, and OneDrive.
• Login to Zscaler
• Verify Bitlocker is on
  • Click Start Menu
  • Search for Bitlocker
  • Open Manage Bitlocker
• Open Signature Creator on your laptop:  https://emailsignaturecreator.keeleycompanies.com/home
  • Enter email address of user
  • Select Download Signatures - We need to remove any inconsistencies with the signature
  • Click green checkbox button

• This will download the signature to your downloads folder
• Go to Downloads and right click on the file and choose Extract All... and then click Extract.
• It will open the folder with the .htm file. Right click that file and choose Open With-> Notepad.
• In the line with two commas (user is remote and doesn't have an address), select it, delete the line, and save the file.
• Email the new .htm file to the user with the Subject of "Email Signature".
• On the new hire's computer, open Outlook
• Find Signature File email.
• Open Signature file - should open in Edge or Chrome.
• Copy signature.
• Create a NEW email.
• Click on Insert menu.
• Click Signature dropdown.
• Select Signatures.
• Click New (name it:  i.e. New or Reply).
• Paste signature in Edit signature box.
• Click Save.
• Select the name on the New messages and Replies/forwards dropdowns as the signature just created
• Click Ok.
• Close this new email.
• Open New email - signature will should now show.
• Verify that local administrator account has been enabled and renamed.
  • Open Computer Management as administrator
  • Go to Local Users and Groups
  • Go to Users
  • Verify that Administrator account isn't listed - you should see KCO.Admin
  • 
• Map printer drivers by going to File Explorer (Windows key + e)
  • \\az-print01 in the address bar - hit enter
  • Right click and choose connect on the Ewing printers that should be on all laptops
    • LKC - Left
    • LKC - Right
    • LKC - Executive
    • LKC - Expansion