How to enroll the AMR5 to Intune/Autopilot

[a_synd]

Team,

1. How do you turn on secureboot and TPM 2.0? Also, the TPM says version 2.0 but the spec version only has 1.3 as an option. Do you have a BIOS that has 2.0 as a spec option?

2. Do you have a BIOS that shows the serial number?

3. Also, do you have a BIOS that will report the OS to Microsoft Intune correctly? When I import the AMR5 into Intune it shows the OS version as "unknown". It should show as Windows version 10.xxx (Windows 11 Pro). It does not. It shows as "unknown" which is weird.

I am unable to use this mini pc in a Microsoft Intune/Autopilot environment and will have to return it if I cannot get TPM 2.0, secureboot, and the OS version corrected.


Thanks!

[a_synd]

Update:

I was able to get the AMD 5600U working in Microsoft Intune/Autopilot by following the guide below. Once working in Intune, the OS was reported as Windows 10.xxx correctly matching the Win 11 Business/Enterprise/Pro version.

1. USE AMIDEWINX64.EXE VERSION 5+ (AMIBIOS) TO CHANGE THE BIOS SYSTEM SERIAL NUMBER

2. RESET TPM KEYS IN BIOS

3. MAKE SURE TPM IS 2.0 AND USER MODE AND IT'S ACTIVE IN BIOS

4. DISABLE LEGACY BOOT IN BIOS

5. ENSURE SECURE BOOT IS ENABLED IN BIOS

6. CREATE GROUP FOR ASSIGNED DEVICE AND ASSIGN DEVICE

7. CREATE ENROLLMENT POLICY IN INTUNE FOR USER-DRIVEN AUTOPILOT INSTEAD OF SELF-DEPLOYING

8. DURING AUTOPILOT OOBE, USE BUSINESS PREMIUM USER ACCOUNT WITH ENROLLMENT PERMISSIONS TO ENROLL THE DEVICE

9. LOGIN WITH THE PRIMARY USER CREDENTIALS

10. CHANGE THE PRIMARY USER IN INTUNE TO THE PRIMARY USER INSTEAD OF THE ENROLLER ACCOUNT

[dragonpoo]

Your situation made me curious, so I checked the security settings on my own AMR5, which has not changed any settings from the out-of-box ones. I notice TPM is version 2.0 in the tpm.msc plugin, although the Windows Security app shows TPM is not available. Screenshots:

AMR5 TPM.jpg (163.22 KiB) Viewed 1926 times

AMR5 TPM2.jpg (60.98 KiB) Viewed 1926 times

I then checked the msinfo app to see the status of Secure Boot and found it was off:

AMR5 TPM3.jpg (49.92 KiB) Viewed 1926 times

So, hopefully your steps help other people if they try to do something similar. I like to see a computer such as the AMR5 being used in an environment such as this.

[Gabe]

It's a bit different with mine.

Pic 1.jpg (97.76 KiB) Viewed 1909 times

Pic 2.jpg (52.29 KiB) Viewed 1909 times

Pic 3.jpg (37.61 KiB) Viewed 1909 times

However, though I didn't change any of the stock BIOS settings, the BIOS itself was updated. There was an issue with the performance dial, as noted in this topic, and a BIOS update was provided by the admin to fix it.

Original BIOS.JPG (141.32 KiB) Viewed 1909 times

Updated BIOS.JPG (200.67 KiB) Viewed 1909 times