Overview
This knowledge base article provides step-by-step instructions setup pre-provision and reseal Windows 11 device with CIS 3.0.0 L1 + BL.
Note: Devicie will use our automation to push out the CIS 3.0.0 L1 + BL policies and Win32 app to your tenant.
Deploy Win32 Apps
The following applications will need to be deployed as required.
1. By navigating to Microsoft Intune Windows apps, search for:
- Company Portal
- Microsoft 365 Apps Suite
Create Enrolment Status Page (ESP)
1. By navigating to Enrollment Status Page, select Create
2. Under Basics, enter a name of the Enrolment Status Page like: ESP - Pre-provision and reseal. Then select Next.
3. Under Settings, select Show app and profile configuration progress to Yes.
Select the other settings highlighted in red.
4. Under Block device use until required apps are installed if they are assigned to the user/device, click on Select apps, then choose the required.
For 'Only fail selected blocking apps in technician phase', select No.
5. Under Assignments, select your desired Kiosk Group. Then select Next.
6. Under Scope tags, leave as default and select Next.
7. Under Review + create, review any settings and then select Create.
Pre-provisioning and reseal steps
1. In the Microsoft sign-in page after the OOBE phase, press the Windows key 5 times.
2. Select Pre-provision with Windows Autopilot, select Next.
3. Select Next.
4. It will load to the ESP and start pre-provisioning.
5. Once the pre-provisioning has been done, select Reseal.
After pre-provisioning and autopilot steps
1. Start up the device, follow the prompts, after logging in.
2. It will load through the ESP to make some checks against the policies and applications installed during the ESP.
3. Click on the video link on what to expect.