In this video, I introduce Windows Autopilot and walk through the prerequisites and initial setup steps needed before deploying your first Autopilot profile in Microsoft Intune.

What's covered:

- What Windows Autopilot is and how it simplifies device provisioning - Benefits of Autopilot including reduced IT workload, faster onboarding and simplified device recovery
- Entra ID join vs Hybrid Entra ID join scenarios (this video covers Entra ID join)
- Prerequisites for Windows Autopilot: automatic enrollment, Intune license, device registration and Entra ID branding
- Verifying automatic enrollment (MDM user scope) in Microsoft Intune and Microsoft Entra
- Confirming that the user has a Microsoft 365 E3 license with Intune included
- Configuring and verifying Entra ID company branding for the Autopilot sign in experience
- How hardware hashes work and why devices need to be registered in Windows Autopilot
- How OEM vendors like Dell can upload hardware hashes on your behalf before shipping
- Using PowerShell to generate a hardware hash CSV file on a Windows device
- Checking and setting the PowerShell execution policy before running the script
- Installing and running the Get-WindowsAutopilotInfo script
- Uploading the hardware hash CSV file to Microsoft Intune
- Creating a dynamic Entra ID group for Autopilot managed devices using the zero-touch deployment ID query

In this video, I walk through creating a Windows Autopilot deployment profile and Enrollment Status Page in Microsoft Intune, completing the setup before enrolling the first device.

What's covered:

- Creating a Windows Autopilot deployment profile step by step
- Convert all targeted devices to Autopilot option explained - User driven vs self deploying deployment modes
- Hiding license terms, privacy settings and change account options for a better user experience
- Setting user account type to standard (no admin rights)
- Pre provisioning deployment (formerly White Glove) explained and when to use it
- Configuring device name templates using serial number or custom name with random digits
- Assigning the deployment profile to the dynamic Autopilot group
- Creating an Enrollment Status Page (ESP) profile
- Configuring ESP settings including installation timeout, custom error messages and service desk contact info
- Enabling log collection and diagnostics for troubleshooting during pilot deployments
- Blocking device use until all required apps and profiles are installed
- Setting blocking apps (Microsoft 365 Apps and Company Portal) that must install before user can sign in
- How the only fail collective blocking apps in technician phase option works during pre provisioning
- Summary of all prerequisites completed and confirmed before first device enrollment

In this video, I run a full end to end Windows Autopilot enrollment demo, verify that all applications and policies were successfully deployed, and walk through reporting and troubleshooting tools in Microsoft Intune.

What's covered:

- Resetting a device to out of box experience using Sysprep
- Configuring a Conditional Access policy to require MFA during Intune enrollment
- Setting sign in frequency to every time to ensure MFA triggers on every enrollment
- Walking through the full Autopilot enrollment flow from sign in to device preparation
- Company branding confirmed working on the sign in screen - MFA prompt triggered by Conditional Access during enrollment
- Device joining Entra ID and receiving all settings and applications automatically
- Verifying that blocking apps (Microsoft 365 Apps and Company Portal) were successfully installed
- Confirming the device name was applied correctly using the demo plus random digits template
- Checking device compliance status in Microsoft Intune immediately after enrollment
- Reviewing the Windows Autopilot deployment status report including deployment start time, end time and total duration
- How to identify which deployment profile and Enrollment Status Page were applied to a device
- Troubleshooting Autopilot issues using Event Viewer under Modern Deployment Diagnostic Provider
- Managing Enrollment Status Page profile priority and how to reorder profiles in Intune

In this video, we walk through a full demo of Windows Autopilot Device Preparation, a modern replacement for classic Autopilot that simplifies device provisioning with a single unified policy.

What's covered:

- What Windows Autopilot Device Preparation is and how it differs from classic Autopilot
- Key improvements including enrollment time grouping, real time deployment monitoring and visible progress indicators
- Current limitations including the 10 app and 10 script cap and Entra ID join only support
- Requirements including Windows 11 24H2 or later and specific KB update for older versions
- Verifying auto enrollment and device enrollment settings before getting started
- Creating an assigned device group with Intune Provisioning Client as owner
- Creating a user group to assign the device preparation policy - Deploying applications and scripts to the device group (Microsoft 365 Apps, Company Portal)
- How corporate device identifiers work as a replacement for hardware hashes
- Retrieving manufacturer, model and serial number using PowerShell and uploading as a CSV
- Creating a device preparation policy including deployment mode, user account type, error messages and diagnostic settings
- Adding applications and scripts to the policy (up to 10 of each)
- Running a full end to end enrollment demo with real time progress visibility
- Verifying that applications and PowerShell scripts were successfully deployed after enrollment
- Reviewing deployment reports in Microsoft Intune including deployment time and status By the end of this video you will have everything you need to set up and test Windows Autopilot Device Preparation in your own environment.

In this video, I introduce Windows 365, Microsoft's Cloud PC solution, and walk through everything you need to know before provisioning your first Cloud PC.

What's covered:

- What Windows 365 is and how it works

- Windows 365 Business vs Enterprise editions explained

- Windows 365 vs Azure Virtual Desktop comparison

- When to choose Windows 365 and when to choose Azure Virtual Desktop

- Windows 365 licensing requirements including Intune and Microsoft Entra ID

- Windows Hybrid Benefit and how it can reduce licensing costs

- What a provisioning policy is and how it works

- How to assign provisioning policies using groups

- Microsoft Managed Network vs Azure Network Connection explained

- Networking and hybrid requirements for connecting to on premises environments

- How Cloud PC provisioning is triggered once a license is assigned

By the end of this video you will have a clear understanding of Windows 365 and be ready to start provisioning your first Cloud PC.

In this video, I kick off the Windows 365 series by setting up a group, configuring a provisioning policy, assigning licenses, and starting the Cloud PC provisioning process in Microsoft Intune.

What's covered:

- Overview of required licenses (Microsoft 365 E3 and Windows 365 Enterprise trial)

- Creating a security group for the HR department in Microsoft 365 Admin Center

- Creating a Windows 365 provisioning policy step by step

- Enterprise vs Frontline licensing explained

- Microsoft Entra Join vs Hybrid Entra Join and when to use each

- Microsoft hosted network and what it means for connectivity

- Selecting geography and region for your Cloud PC

- Gallery images vs custom images and how to choose

- Cloud PC naming conventions using custom templates

- Windows Autopatch vs Windows Update Rings explained

- Assigning the provisioning policy to the HR department group

- Assigning a Windows 365 license to a user

- Watching the Cloud PC provisioning process begin (takes approximately 30 minutes)

Whether you are new to Windows 365 or setting up your first Cloud PC environment, this video gives you a complete walkthrough of the initial provisioning setup from start to finish.

In this video, I walk through the complete process of signing into a provisioned Windows 365 Cloud PC and exploring its management options in Microsoft Intune.

What's covered:

- Viewing a provisioned Cloud PC in the Intune Admin Center

- Signing in via the Windows 365 web portal

- Connecting through the browser vs the Windows App (available on Windows, macOS, Android and iOS)

- Understanding in-session settings (printer, file transfer, camera, keyboard shortcuts)

- Reprovisioning a Cloud PC and what data is affected

- Restore points explained, short-term (every 12 hours) vs long-term (every 7 days)

- Configuring a shorter Recovery Point Objective (RPO) using User Settings policies

- Available user-facing options: Favorites, Restart, Rename, and more

Whether you are an IT admin getting started with Windows 365 or looking to fine-tune your Cloud PC management, this video covers the essentials to get you up and running.

In this video, I continue the Windows 365 series by exploring user settings policies, restore options, and the full deprovisioning process in Microsoft Intune.

What's covered:

- Enabling local administrator access for users via User Settings policies

- Demonstrating local admin access using Command Prompt on a Cloud PC

- Allowing users to reset and restore their own Cloud PC

- Understanding the reset process and when to use it (ideal for test environments)

- How restore points work and why they may not be immediately available

- Revoking a Windows 365 license and understanding the 7-day grace period

- How users can still access their Cloud PC during the grace period

- Deprovisioning a Cloud PC immediately using the Deprovision Now option

- Where to find official Microsoft Windows 365 documentation at learn.microsoft.com

Coming up next: Azure Network Connection and creating a new provisioning policy.

Whether you are an IT admin managing Cloud PCs or learning Windows 365 for the first time, this video walks you through the key user and lifecycle management features you need to know.

In this video, I configure an Azure Network Connection for Windows 365 Cloud PCs, enabling private network access, firewall routing, and on premises connectivity.

What's covered:

- What Azure Network Connection allows Cloud PCs to do (private endpoints, VPN, ExpressRoute)

- Prerequisites before creating an Azure Network Connection (subscription, resource group, VNET and subnet)

- Required permissions for the Windows 365 service (Reader on subscription, Network Contributor on resource group and VNET)

- Assigning the Reader role to Windows 365 at the Azure subscription level

- Assigning the Network Contributor role to Windows 365 on the resource group and virtual network

- How role inheritance works across resource group and VNET

- Creating an Azure Network Connection in Microsoft Intune using Microsoft Entra Join

- How health checks work during the connection setup and what the temporary network interface is for

- Reviewing health check results and how to retry failed checks

- Updating an existing provisioning policy to use the new Azure Network Connection

By the end of this video your Cloud PCs will be securely connected to private Azure resources and ready for advanced network scenarios.

In this video, I walk through a full step by step demo of configuring Microsoft Entra Hybrid Join, including Active Directory cleanup, Connect Sync installation, and device synchronization.

What's covered:

- Lab environment overview including on premises domain controller and custom domain added to Microsoft 365 tenant

- Using IDFix to clean up Active Directory before synchronization (fixing duplicates, invalid characters and unsupported values)

- Downloading and installing Microsoft Entra Connect Sync from the Entra Admin Center

- Cloud Sync vs Connect Sync and when to use each

- Authentication options explained: Password Hash Synchronization, Pass Through Authentication, Federation with ADFS and Ping Federate

- Enabling Password Hash Synchronization and Seamless Single Sign On

- Selecting specific Organizational Units (OUs) for synchronization instead of syncing the entire domain

- Configuring user identity matching and source anchor settings

- Optional features explained: Password Writeback (required for Self Service Password Reset), Group Writeback, Device Writeback and Directory Extension Attribute Sync

- Verifying sync status and Seamless SSO in Microsoft Entra Connect Health

- Configuring device synchronization using the Configure Device Options wizard

- How to force a delta or full synchronization using PowerShell commands

- Default sync cycle interval (every 30 minutes) and how to customize it

Whether you are setting up hybrid identity for the first time or looking to fine tune your sync configuration, this video covers everything you need to get Microsoft Entra Hybrid Join up and running.