Device Reimaging & Intune Enrolment

This article outlines the procedure for reimaging a Windows device and enrolling it in Intune, which requires specific steps to grant the necessary permissions for a successful enrolment.

Step 1: Initial Operating System Setup

1. Reimage the target device with the standard Windows 11 build.

2. Create a local administrator account.

Step 2: Pre-Domain Join Configuration

3. In the local Active Directory, pre-stage a computer object for the device in IE04 Sallins > Computers > IE04L00XX.

Note: Where XX means the next available number.
4. On the device, rename the computer to match the pre-staged object name (e.g., IE04L00XX).
5. Log in as the local admin and install Zscaler.
6. Open Zscaler and sign in using your work account (e.g., user@odysseyvc.com).

Step 3: Joining the Device to the Domain

7. Navigate to Settings > Accounts > Access school or work.
8. Click Connect and select "Join this device to a local Active Directory domain."
9. When prompted, enter the domain name: atsna.atsauto.net.
10. Provide your Domain Administrator credentials when prompted to complete the join operation.
11. The device will automatically restart upon successful domain join.

Step 4: First Login and Intune Enrolment

12. After the restart, log in with your Domain User account (e.g., user@odysseyvc.com). This verifies domain access.
13. Once successfully logged in, sign out of the user account.
14. Log in to the device using the Domain Administrator account.

Important: The next step must be performed as an administrator, as standard user accounts in the local domain typically lack the necessary permissions to enrol a device in Intune.

15. While signed in as the Domain Admin, install and open the Company Portal from the Microsoft Store.
16. When signing into the Company Portal, ensure you use your standard Domain User account (e.g., user@odysseyvc.com), not the admin account. This links the device to the correct user in Intune.
17. Complete the enrolment process. Intune will now manage the device.

Step 5: Final Verification

18. Confirm in the Company Portal that the device shows as compliant and can access company resources.
19. Verify the device appears in the Microsoft Intune admin center.
20. Once enrolment is confirmed, log out of the Domain Admin account. The device is now ready for the user to log in with their standard Domain User account for daily use.