Microsoft Intune with Autopilot and Entra ID Logins

I researched, tested, and deployed a Microsoft Intune environment to replace our on-prem AD/GPO environment, which showed its limitations during the 2020 pandemic when many employees transitioned to remote work. By adopting Autopilot and a cloud-first approach, we enabled complete system imaging, management, and wiping/retirement of devices regardless of their location, without requiring a technician to be onsite. This setup supported not only Windows devices but also macOS, iOS/iPadOS, Android, and Linux devices. Best of all, it came at no additional cost to the university, as it was included in our Microsoft A3 licensing.

The transition also introduced several new features for our endpoints including BitLocker file encryption for improved security, OneDrive home folder sync as a “roaming files” and backup solution, Azure AD LAPS for secure local administrator password management/rotation, and the ability to remotely lock and GPS locate lost or stolen devices. By moving to Microsoft Intune, we eliminated the need for legacy systems like our MDT deployment server, PDQ app deployment server, WSUS server, and a separate Mosyle MDM license for Apple device management.

Our IT department helped pioneered this platform for other colleges and units at the university. We hosted multiple sessions to share the benefits and downsides of the platform, provided best practice documentation, and worked one-on-one with other departments to help them set up their own Intune environments.

Microsoft Teams/OneDrive File Server Migration

With the shift to a more cloud-based computing environment, I migrated users’ personal drives from a physical file server to OneDrive. This provided broader accessibility without requiring the use of our VPN. I also transitioned shared departmental network file shares to Microsoft SharePoint/Teams and mapping the SharePoint locations to users’ computers for a familiar File Explorer experience. Both OneDrive and Teams introduced a file versioning system, making it easy to recover from accidental edits. The adoption of Teams as part of this transition also facilitated its use as a collaboration platform and communication tool across campus, which helps prepare our users for our upcoming Teams phone migration.

This solution addressed the rising costs of our hypervisor platform, which hosted the file server VMs. By migrating to cloud-based storage, we were able to downsize/remove six nodes from our clusters, freeing up 13 TB of storage space. This transition saved the university money and better utilized our Microsoft licensing that we are paying for.

PaperCut Print Server & Mobility Print

The server was upgraded from version 16 to 21 and was completely rebuilt and re-branded to align with the University’s branding guidelines. This server uses Active Directory and Group Policy to deploy printers and launches a print client that notifies the user of their print balance when logging in to any computer. Print balances are given to students and faculty each semester to help control the amount of printing by limiting the initial amount they can spend.

A new feature is Mobility Print. Before the upgrade, BYOD users were forced to upload their documents in a "Web Print" method which did not allow for any print options or customizations of print jobs (like multiple PowerPoint slides per page). Now students and faculty can use “Mobility Print” and install the campus printers natively on their own devices to allow them to customize print jobs and print when they are on campus from their Windows, Mac, iOS, or Android devices. Students and faculty can now see their environmental impact of their printing to nudge towards greener and more thoughtful printing.

WSUS Update Server

This server was created to help manage and push optional, driver, feature, and firmware updates to all computers and servers. Before, there was no centralized way to manage updates and all computers/servers would end up having different updates along with different driver versions based on when they were last manually updated or imaged.

WDS/MDT Image Deployment Server

To help save the department money, I created a deployment server which hosted WDS/MDT which allowed LiteTouch imaging with the current Windows Server licensing already in place. This server was made to replace an Ivanti/LANDesk server which cost the department around $7.50 per computer annually. The server ended up being used by 1 other IT department within UGA who also canceled their LANDesk licensing.

The deployment task sequences were made to where each part of the image is independent of the other which allows for quick and easy updates to the image like software versions or Windows versions. Pre-configured task sequences allowed for pre-configured setups to be an easy 1 click image but also left the flexibility to customize each computer with different software as needed. Installing software after OS deployment was also made possible through an “app store” like function.

Apple Profile Manager/ARD Server

This server was created to replace an older Apple server that was using DeployStudio with NetBoot (now deprecated) to image Macs with a gold image. The new server acts as a MDM and uses Profile Manager to push the settings and printers to the Macs based on groups. This is used in hand with an Apple Remote Desktop Task Server which remotely installs software and installs custom profiles for settings not available in Profile Manager. These tools had a 1 time cost to the department of $100 and receives free updates.

Mosyle Business MDM

In April of 2022, Apple announced the discontinuation of macOS server. Therefore, I managed the switch to a cloud hosted MDM solution that met all of our needs. Mosyle, at the time of purchase, was half the cost per device compared to JAMF while allowing us to remotely manage our loaner iPads and take advantage of SSO. Apple Remote Desktop (ARD) is still used to deploy applications and commands that can not be pushed through Mosyle/Apple School Manager.