Find here all information related to Windows Autopilot and Zero-Touch Deployment on Windows with Factorial IT.
If you are currently using Intune as your MDM solution to manage your IT infrastructure and plan to switch to FleetDM (Factorial IT's MDM), you will need to perform a series of operations in the Microsoft Azure console with administrative rights to:
- Declare the domain used by FleetDM as legitimate with Azure (e.g.
{company}.mdm.getprimo.com) - Create the Fleet application and grant it the necessary permissions to act as an MDM
- Configure Azure to manage new devices through FleetDM instead of Intune
Declaring the FleetDM Domain
- Sign in with an administrator account at: https://portal.azure.com/
- Search for and click on Domain names
- Click on + Add custom domain
- In the field, enter {company}.mdm.getprimo.com (i.e. acme.mdm.getprimo.com, contact support (factorial-factorial-support@getprimo.com) if you don't know this domain name)
- Share with us the value of the Destination or routing address field (in the format
MS=ms12345678) - Wait for our response (maximum 2 business days) before continuing with the procedure
- You can then click on Verify
Creating the FleetDM Application
- Sign in with an administrator account at: https://portal.azure.com/
- Search for Mobility (MDM and MAM)
- Choose + Add application, then select + Create your own application
- Enter Fleet as the application name and click Create
- Fill in
- MDM terms of use URL:
https://{company}.mdm.getprimo.com/api/mdm/microsoft/tos - MDM discovery URL:
https://{company}.mdm.getprimo.com/api/mdm/microsoft/discovery
- MDM terms of use URL:
- Click Save
- Return to Mobility (MDM and MAM)
- Click on the Fleet application then on Custom MDM application settings
- Click on the link below Application ID URI then click Edit
- Enter your Fleet instance address (
https://{company}.mdm.getprimo.com) and click Save - Choose API permissions then Add a permission
- Click on Microsoft Graph then on Delegated permissions, and select:
- Group > Group.Read.All
- Group > Group.ReadWrite.All
- and click Add permissions
- Then return to API permissions and Add a permission, and choose Microsoft Graph again
- This time, click on Application permissions, and add the following permissions:
- Device > Device.Read.All
- Device > Device.ReadWrite.All
- Directory > Directory.Read.All
- Group > Group.Read.All
- User > User.Read.All
- and click Add permissions
- Once back on the API permissions screen, click on Grant admin consent for ACME
The Fleet application is now registered as a legitimate MDM with the Azure portal.
Setting FleetDM as the Default MDM for New Devices
- Sign in with an administrator account at: https://portal.azure.com/
- Go to Mobility (MDM and MAM)
- Click on Microsoft Intune
- In MDM user scope, select None
- In MAM user scope, select None
- Click Save
- Go to Mobility (MDM and MAM)
- Click on Fleet
- In MDM user scope, select All
- In MAM user scope, select All
- Click Save
The Fleet application is now set as the MDM that will handle new devices in the Azure portal.
Note: If you started enrolling devices in Factorial IT/FleetDM before performing these steps, please let us know so we can force the MDM change from Intune to FleetDM by running a script (otherwise the machine will be in an inconsistent state that may affect the Factorial IT experience).