You should see a theme throughout this book, which is to recommend an alternative method of provisioning client devices to the traditional approach, which would typically include the following stages:

• Purchase or reprovision a device
• Wipe the device
• Replace the preinstalled operating system with a customized image
• Join an on-premises Active Directory
• Apply Group Policy settings
• Manage apps using Configuration Manager or MDT

With a cloud-based deployment approach, the stages are simplified to the following:

• Purchase or re-provision a device
• Apply a transformation to the preinstalled operating system
• Join Azure AD and enroll in MDM
• Use MDM to configure the device, enforce compliance with corporate policies, and add, remove, and configure apps

There is a significant difference between the two approaches. Dynamic provisioning seeks to avoid needing on-premises infrastructure and resource-intensive reimaging procedures.

Because Windows 11 is updated once a year to a newer version—with each new version supported for a maximum of 24 months (36 months for Enterprise and Education editions)—maintaining customized deployment images can become a costly and burdensome process for the IT department.

The types of transformations that are currently available using dynamic provisioning include the following:

• Provisioning packages A provisioning package is created using the Windows Configuration Designer and can send one or more configurations to apps and settings on a device.
• Subscription Activation Windows 11 Subscription Activation allows you to automatically upgrade devices from Windows 11 Pro to Windows 11 Enterprise without entering a product key or performing a restart.
• Azure AD join with automatic MDM enrollment A device can be joined to Azure AD and automatically enrolled into the organizational MDM solution by having users enter their work or school account details. Once enrolled, MDM will configure the device to the organization’s policies.