Skip to main content

1. Power On the Device

First Boot: User powers on the device. The device automatically enters the Out-of-Box Experience (OOBE) phase.

2. Connect to Network

Wi-Fi/Ethernet Setup: User connects the device to a Wi-Fi network or Ethernet connection during the OOBE.

3. Device Contacting Autopilot Service

Profile Download: The device connects to the Autopilot service and downloads the assigned Autopilot profile.

4. Customization and Branding

Welcome Screen: The user sees a customized welcome screen with organization branding, as defined in the Autopilot profile.

5. User Sign-In

  • Azure AD Sign-In: The user is prompted to sign in with their Azure Active Directory (AAD) credentials.
  • Authentication:
    • User can use the TruU QR scan to login with their TruU registered Phone.

6. ESP Phase 1: Device Enrollment

Azure AD Join: The device is automatically joined to Azure AD. Intune Enrollment: Simultaneously, the device is enrolled in Microsoft Intune for management.

7. ESP Phase 2: Device Targeted Policy and App Deployment

Configuration Policies: Intune deploys device configuration policies, security settings, and compliance policies to the device. App Installation:
  • Assigned as required apps, and added in the ESP policy are installed on the device
    • TruU Windows Authenticator app is installed during this phase
    • Once the TruU app is installed, the device will restart and continue with the ESP.

8. Enrolling into TruU Windows Authenticator

  • TruU enrollment wizard starts at the screen
  • User enters the information (login ID, Corporate email, etc. *configured by admin) and starts the enrollment process.
  • TruU processes the request by validating the user status and presents the enrollment workflow (IVW).
  • User selects the enrollment option, email/SMS.
  • TruU sends the enrollment code to email/SMS.
  • User enters the code in enrollment screen.
  • TruU processes the request and asks the user to set TruU PIN and/or biometric ( if the device has biometric capabilities).
  • User sets the PIN and/or biometrics.
  • TruU Fido2 key gets created in the backend automatically.
  • Once the setup is complete, you should be able to login with TruU pin which was created.

9. ESP Phase 3: User Targeted Policy and App Deployment

User ESP: Once the user click on “Login using TruU” the device takes couple of minutes for Windows to setup and the third phase of ESP continues until all the user assigned policies and apps are deployed. You can watch the complete TruU-Intune Autopilot end-user experience in the following video. User-driven.mp4
TruU-Intune Self-Deployment Autopilot Setup Intune Self-Deployment mode Autopilot Enrollment Workflow