In modern workplaces, shared PCs are essential in scenarios like frontline workstations, kiosks and shared office spaces such as hot desks.
Recently, I’ve configured a client’s shared PC setup, wherein Microsoft Intune and Autopilot’s Self-Deploying mode came in useful. This feature offers a streamlined approach to deploying these devices with minimal IT intervention.
As a Microsoft 365 consultant, I’ve seen firsthand how Intune and Autopilot can simplify shared PC deployments. In this blog, I’ll walk you through the benefits and best practices for using these tools effectively.
Why Use Intune and Autopilot for Shared PCs?
Deploying shared devices manually can be time-consuming and prone to configuration inconsistencies. Intune and Autopilot solve these challenges by enabling:
- Zero-Touch Deployment: Devices enrol automatically without requiring user credentials
- Consistent Configuration: Policies, applications and settings are applied uniformly
- Secure and Compliant Setup: Enforced policies ensure security and compliance
- Automated Updates: Devices receive policies and updates without IT manually intervening
Prerequisites for Autopilot Self-Deploying Mode
From my experience, here are the key prerequisites to consider before getting started:
- Devices must support TPM 2.0, as it is required for device attestation and secure enrolment in Autopilot Self-Deploying mode, allowing automatic deployment without user credentials
- The device is running Windows 10/11 Enterprise, Pro, or Education
- The device is registered in Windows Autopilot
- Your Intune tenant is set up with appropriate deployment profiles
Steps to Deploy Shared PCs Using Autopilot
- Configure an Autopilot Deployment Profile
Navigate to Intune Admin Centre > Devices > Windows > Autopilot deployment profiles
Create a Self-Deploying Mode profile and configure:
- Deployment Mode: Self-Deploying
- Join to Microsoft Entra ID as: Microsoft Entra joined
- Device Name Template: (e.g. SHAREDPC-%SERIAL%)
- Ensure user is set as: standard user and not administrator
- Register Devices in Windows Autopilot
- Obtain the hardware hash of the device and upload it to Intune
- Assign the device to the Autopilot Self-Deploying profile either manually, using a dynamic security group or Group Tag
- Configure Shared PC Mode in Intune
- If you are deploying Windows 11, there is a configuration profile within OMA-URI settings named Enable Shared PC mode with OneDrive sync, which enables shared PC mode as well as OneDrive sync
- If you are deploying Windows 10, the previous setting won’t work as this functionality isn’t supported within Windows 10. Instead, you will have to create a policy and enable the setting Disable One Drive File Sync, with the option of Sync enabled
- Whatever OS you use, you will want to configure the Shared PC from the settings catalogue, managing items such as Deletion policy, disk level caching etc.
- Configure OneDrive
- I’d recommend creating a configuration profile for OneDrive from the settings catalogue and enabling items such as Silently move Windows known folders to OneDrive (this can sync desktop, documents and pictures)
- You can also lock the sign-in to your tenant by entering your tenant ID
- Lastly, you’ll want to enable Use OneDrive Files On-Demand to make logons quick for end users
- Deploy Applications and Security Policies
- Assign essential applications via Intune e.g. Office Apps, Microsoft Teams etc.
- Test and Validate Deployment
- Perform a test deployment to ensure the device provisions correctly
- Validate security settings, app installations, and compliance policies.
Best Practices for Shared PC Deployments
- Use Windows Shared PC Mode to enforce optimal performance and security
- Restrict Local Admin Access to prevent unauthorised changes
- Use OneDrive for a seamless user experience across several devices
In my work with clients, leveraging Microsoft Intune and Autopilot’s Self-Deploying mode has been a game-changer. It simplifies shared PC deployments, reduces IT workload and ensures a consistent, secure experience for users where they don’t have individual PCs to work on.
If you are looking to deploy shared PCs in your organisation and need assistance, please get in touch with us.
