How Zero Touch Works

See a Demonstration

Azure Active Directory

Azure AD Connect

Azure AD Connect will integrate your on-premises directories with Azure Active Directory. This allows you to provide a common identity for your users for Office 365, Azure, and SaaS applications integrated with Azure AD.

Azure AD Join

With Windows 10, You can join a new device to Azure AD during the first-run experience (FRX). This enables you to distribute shrink-wrapped devices to your employees or students.


Acting has the focal point of Windows management, Intune will handle all facets of you PC fleet.


Intune allows you to create configurations that govern device restrictions, policies, settings and behavior. Orchestrate profiles that ensure the right users are receiving exactly what they need on their PC.


By having pre-configured profiles dynamically assigned to AD groups, deployment is completely hands off. Users will receive their unique configuration simply by logging into their Windows PC for the first time.


Traditional management restricts your reach on machines to the physical domain. But because Intune manages machines that are Azure AD joined, organizations ca now manage users from anywehre in the globe.


Intune enables device configuration across all categories of Windows 10.


App Store

Start Layout

Logon Display

Windows 10
Cortana is operates as normal.
Cortana is disabled and replaced with a local file search.
Windows public app store, offering the same experience as consumer machines.
Microsoft Store for Business, offering a more controlled environment.
The default Windows 10 start menu layout out of the box.
Customized start menu layout applied during Intune provisioning.
The standard Windows 10 logon screen conveniently showing the last signed on user.
A much more restricted logon, securely concealing any sensitive user information.


Deploy hardware dynamically based on user sign-in.

See what happens when these users from two different groups sign into their new, Windows 10 device.

Jerry, lead software engineer.

Stan, field sales associate


Traditionally, you could only manage PCs when they were on the domain. So let's say your system administrator wants to upgrade PCs with a critical security patch...

...but IT can only manage PCs that are on the domain. Remote users are left without the update.

With Zero Touch, users authenticate their PCs to Azure Active Directory, so IT can push updates from anywhere.


The primary goal of Zero Touch is to enable the end user to quickly and efficiently provision their own device.
Take a look at the default Windows 10 OOBE (Out-of-Box-Experience):

Back Up and Restore With Code42

No matter what devices you deploy, the most crucial aspect of a mobile initiative is user data.
SHI Zero Touch for Windows 10 leverages complete, over-the-air backup and migration solutions powered by Code 42.

Step 1

Code 42 agent is deployed to current Windows machines and automatically begins backup.

Step 2

Code 42 cloud tenant is connected directly with Azure AD, providing users one source of authentication.

Step 3

Code 42 agent is deployed via Intune to new Windows 10 PC - users can restore entire PC or individual files.

Zero Touch Preview

Watch Zero Touch live in action.