Updated March 2, 2022
The illustration below shows the four Windows device onboarding options that are supported by VMware using Workspace ONE UEM.
I have previously blogged about how to configure the Hybrid Domain join experience using OOBE + AutoPilot here but one of the biggest drawbacks is that the AutoPilot Hybrid process requires the computer to be provisioned on the corporate network.
A more common deployment model is the Drop-Ship-Provisioning Offline model which uses an unattend.xml; however this method will also fail to join a domain if the device is off the corporate network because the VPN client won’t install into after the device has left OOBE when the domain join happens. The supported solution from VMware is to send the device to a secondary staging facility that has connectivity to the domain and then re-box the laptop and ship it to the end user. But there is another method!
A collegue of mine at VMware, Grischa Ernst, has published a method for achieving Drop Ship Provisioning Offline with AD Domain Join via VPN.
Caution: VMware technical support will not be able to help you with this process as the solution relies on 3rd party technology.
For the process with links and videos head over to:
https://digitalworkspace.one/2021/10/14/ad-join-drop-ship-offline-devices-from-anywhere/
