A while ago, I wrote a blog around Restricting the Local Admin group with Intune. In that blog, I mentioned some scenarios where certain Windows Autopilot configurations may not have worked correctly for one reason or another. That blog focused on the Local Admins group, but I did note the device Computer Name, so I thought I would follow up with a blog on this.
I have mentioned in a past blog that I am a fan of using the serial number of a device as its Device Name in Intune. The Windows Autopilot deployment Profile is a great and simple way to configure this by way of enabling the device name template and using the variable %SERIAL%
But there are a few scenarios where this may not apply.
One scenario may be that a device name was already configured on a Windows Autopilot object. You can manually change this field to the device serial number, but you cannot remove it. Modifying the Device name field is a manual task, which introduces the human error element, and you cannot use all numbers which is a problem if you have Microsoft Surface devices in your environment. This also overrides the device name template in the Windows Autopilot Deployment Profile.
Another scenario is where a device is onboarded into Intune and it is not Windows Autopilot registered.
As a tip, you should not allow any Windows device that is not registered in Windows Autopilot to enroll into Intune. To prevent people from enrolling personally owned Windows devices, or company owned devices not registered in Windows Autopilot, you should set the Windows (MDM) setting for Personally Owned to Blocked in the Enrollment device platform restriction configuration.
So how can I ensure that all my Windows managed devices comply with using the Serial Number as device name without any manual work?
The answer is to use an Intune Configuration Profile using the Accounts Configuration Service Provider (CSP) to set the Device Name to its serial number.
I have created an example (The device DESKTOP-NRCLETV) in my environment where I have temporally enabled personally owned devices to be enrolled and onboarded a device.
NOTE: In my environment, I set the device name on the Windows Autopilot objects for Virtual Machines as using serial number for these devices is not practical.
I created the following Custom Configuration Profile in Intune
|Profile name||Win 10/11 – Custom – Policy CSP – Accounts – Domain – Computer Name|
|Profile Description||Sets the Computer Name to the Device Serial Number|
|Description||Set Computer Name to Serial Number|
I then deploy this Configuration Profile to an Azure AD Dynamic Group containing all my Managed Windows devices and exclude my Managed Virtual Machines.
One very important note: There is an bug with this CSP. Every device that has it applied will report back to Intune an error regardless of it has been successfully applied.
Note the current Device name and new Device name that will apply after a reboot
The device name has been changed
The device name has also changed in Intune.
With this configuration profile deployed, I can be confidant that all of my physical Intune Managed Windows devices will use the Serial Number as their Device Name.