Prosperity Now Provisioning Guide
Section titled “Prosperity Now Provisioning Guide”Standard Make & Model: Microsoft Surface
Default naming schema: PN-SN or BWDC-SN
Domain: Intune
Completion Criteria:
Section titled “Completion Criteria:”-
The device join to Prosperity Now’s Azure Tenant
-
The device has been renamed PN-SerialNumber, or BWDC-SN
-
The user signed in with M365 Credentials
-
User’s Office apps, Outlook, Teams, and OneDrive are signed in
-
OneDrive Backup is enabled for Desktop, Documents, and Pictures
-
Default Apps Set: Mail: Outlook, Browser: Chrome
-
Apps and Utilities loaded onto the device: per client WI
-
N-Able Windows Agent Take Control Tested
-
Device and drivers have been updated (Windows Update, Lenovo Vantage/System Update)
-
Perform Mic and Camera check with a Teams test call, with user’s permission
-
Perform quality checks against the manager’s request and the provisioning Work instruction
Setup Steps:
Section titled “Setup Steps:”-
Create a local admin account with localuser creds from 1Password
-
All devices are managed in Intune. The devices will need to be added to either “Intune Devices” group
-
NOTE: The only installed applications are Microsoft 365 (Word, Outlook, Excel, and Teams etc.), and Acrobat (use enterprise installer). All other PBAs are SaaS.
-
N-Central Agent: https://ncentral.centrexit.com/downloadAgentOrProbeSoftwareDownloadAction.action?customerId=678&softwareId=101&ncentralTabId=1722031911662
-
Remove bloatware.
-
Check for and install all updates and reboot.
-
Device configuration and policies deployed through Intune.
EntraID/AzureAD User-Add
Section titled “EntraID/AzureAD User-Add”-
Navigate to Settings
-
Navigate to Work or School settings
- Select “Sign-In” to work or school
-
Once the Microsoft sign-in panel appears, select the blue “EntraID/AzureAD Corporate Sign-in” link
-
Sign in with the user’s Microsoft credentials
- Agree to join the organization
-
Navigate to the start menu and select switch user
-
Sign in with the users Microsoft 365 e-Mail and password
-
The user will likely be required to setup a pin, faceID, or fingerprint.
-
Users can forgo biometrics but must have a pin. usually 6 digits.
Once the user is signed in:
Section titled “Once the user is signed in:”-
Setup the user profile
-
Sign in to Outlook, pin it to the taskbar
- When presented with this screen, uncheck the box that “Allows this organization to manage my device” as it tends to cause authentication issues with TPM.
- Set up Teams, perform a test call to ensure the camera and mic work and that no network authentication message pops up during the user’s first meeting.
- Setup OneDrive from the taskbar shortcut
-
Enable Backup for Desktop, Documents, and Picture Backup within OneDrive
-
Set App defaults within Settings
-
Uninstall bloatware
-
Clean up the taskbar and Start menu bloat
-
Remove Widgets, CoPilot, Shrink the Search menu
-
Pinned apps: File Explorer, Google Chrome, Outlook, Teams
-
Set system sleep times 15-30-30-1Hr.