Team,
1. How do you turn on secureboot and TPM 2.0? Also, the TPM says version 2.0 but the spec version only has 1.3 as an option. Do you have a BIOS that has 2.0 as a spec option?
2. Do you have a BIOS that shows the serial number?
3. Also, do you have a BIOS that will report the OS to Microsoft Intune correctly? When I import the AMR5 into Intune it shows the OS version as "unknown". It should show as Windows version 10.xxx (Windows 11 Pro). It does not. It shows as "unknown" which is weird.
I am unable to use this mini pc in a Microsoft Intune/Autopilot environment and will have to return it if I cannot get TPM 2.0, secureboot, and the OS version corrected.
Thanks!
How to enroll the AMR5 to Intune/Autopilot
How to enroll the AMR5 to Intune/Autopilot
Last edited by a_synd on Tue Feb 14, 2023 5:43 am, edited 1 time in total.
Re: Microsoft Intune reports OS as "unknown"
Update:
I was able to get the AMD 5600U working in Microsoft Intune/Autopilot by following the guide below. Once working in Intune, the OS was reported as Windows 10.xxx correctly matching the Win 11 Business/Enterprise/Pro version.
1. USE AMIDEWINX64.EXE VERSION 5+ (AMIBIOS) TO CHANGE THE BIOS SYSTEM SERIAL NUMBER
2. RESET TPM KEYS IN BIOS
3. MAKE SURE TPM IS 2.0 AND USER MODE AND IT'S ACTIVE IN BIOS
4. DISABLE LEGACY BOOT IN BIOS
5. ENSURE SECURE BOOT IS ENABLED IN BIOS
6. CREATE GROUP FOR ASSIGNED DEVICE AND ASSIGN DEVICE
7. CREATE ENROLLMENT POLICY IN INTUNE FOR USER-DRIVEN AUTOPILOT INSTEAD OF SELF-DEPLOYING
8. DURING AUTOPILOT OOBE, USE BUSINESS PREMIUM USER ACCOUNT WITH ENROLLMENT PERMISSIONS TO ENROLL THE DEVICE
9. LOGIN WITH THE PRIMARY USER CREDENTIALS
10. CHANGE THE PRIMARY USER IN INTUNE TO THE PRIMARY USER INSTEAD OF THE ENROLLER ACCOUNT
I was able to get the AMD 5600U working in Microsoft Intune/Autopilot by following the guide below. Once working in Intune, the OS was reported as Windows 10.xxx correctly matching the Win 11 Business/Enterprise/Pro version.
1. USE AMIDEWINX64.EXE VERSION 5+ (AMIBIOS) TO CHANGE THE BIOS SYSTEM SERIAL NUMBER
2. RESET TPM KEYS IN BIOS
3. MAKE SURE TPM IS 2.0 AND USER MODE AND IT'S ACTIVE IN BIOS
4. DISABLE LEGACY BOOT IN BIOS
5. ENSURE SECURE BOOT IS ENABLED IN BIOS
6. CREATE GROUP FOR ASSIGNED DEVICE AND ASSIGN DEVICE
7. CREATE ENROLLMENT POLICY IN INTUNE FOR USER-DRIVEN AUTOPILOT INSTEAD OF SELF-DEPLOYING
8. DURING AUTOPILOT OOBE, USE BUSINESS PREMIUM USER ACCOUNT WITH ENROLLMENT PERMISSIONS TO ENROLL THE DEVICE
9. LOGIN WITH THE PRIMARY USER CREDENTIALS
10. CHANGE THE PRIMARY USER IN INTUNE TO THE PRIMARY USER INSTEAD OF THE ENROLLER ACCOUNT
Last edited by a_synd on Tue Feb 14, 2023 5:32 am, edited 1 time in total.
Re: How to enroll the AMR5 to Intune/Autopilot
Your situation made me curious, so I checked the security settings on my own AMR5, which has not changed any settings from the out-of-box ones. I notice TPM is version 2.0 in the tpm.msc plugin, although the Windows Security app shows TPM is not available. Screenshots:
I then checked the msinfo app to see the status of Secure Boot and found it was off:
So, hopefully your steps help other people if they try to do something similar. I like to see a computer such as the AMR5 being used in an environment such as this.GK3V (J4125/8GB/128GB) | AMR5 (R5 5600U/16GB/512GB NVMe) | JK06 (N5100/8GB/256GB) | AK1Pro (N5105/8GB/256GB) | T8Pro (N5095/8GB/256GB) | AD03 (N95/8GB/256GB) | CK10 (i7-10810U/16GB/512GB) | S1 (N95/16GB/512GB)
- Gabe
- Senior Moderator
- Posts: 2032
- Joined: Fri Apr 17, 2020 1:19 am
- Has thanked: 42 times
- Been thanked: 116 times
Re: How to enroll the AMR5 to Intune/Autopilot
It's a bit different with mine.
However, though I didn't change any of the stock BIOS settings, the BIOS itself was updated. There was an issue with the performance dial, as noted in this topic, and a BIOS update was provided by the admin to fix it.
However, though I didn't change any of the stock BIOS settings, the BIOS itself was updated. There was an issue with the performance dial, as noted in this topic, and a BIOS update was provided by the admin to fix it.
W8 Pro • GK1 • AK3 • AM02 • T6 Pro • AMR5 • GK3 Pro • AD03 • AM06 Pro • T8 Pro • S1 • T8 Plus • CK10 • AK1
I have no connection to ACEMAGIC other than being a customer and long time forum member
I have no connection to ACEMAGIC other than being a customer and long time forum member