Skip to content

Technical References

This section will outline the descriptions and definitions for key terms used in the solution documentation.

Definitions

Windows Autopilot

Windows Autopilot is a cloud-based service that enables organizations to streamline the deployment and management of new Windows 10 and later devices. With Windows Autopilot, IT administrators can customize the out-of-box experience (OOBE) for end users and configure device settings and policies without the need for imaging or manual intervention.

Microsoft Intune

Microsoft Intune is a cloud-based service that provides unified endpoint management (UEM) for devices across various platforms, including Windows, iOS, Android, and macOS. Microsoft Intune enables organizations to control how devices access corporate data, applications, and resources, as well as how devices are configured, updated, and protected.

Entra ID tenant

An Entra ID tenant is a dedicated and isolated instance of the Entra ID cloud service that is created for an organization when it signs up for a Microsoft cloud offering, such as Microsoft 365, Azure, or Intune. An Entra ID tenant stores the identity and access information of the organization's users, devices, applications, and resources in a secure and scalable way.

Entra ID join

An Entra ID joined device is a Windows 10 or later device that is registered with a cloud identity provider, such as AAD, using a unique identifier (ID) that is assigned to the device. An Entra ID joined device can access both cloud and on-premises resources that are integrated with the same identity provider, such as Microsoft 365 services, Azure resources, and Active Directory domain services

App registration

An Azure app registration is a configuration that allows an application to interact with the Azure platform and access its resources. An app registration consists of two components: an app object and a service principal.

Hybrid Entra ID joined

A hybrid Entra ID joined PC is a device that is joined to an on-premises Active Directory domain and registered with Entra ID (Azure AD). This configuration allows the device to use both cloud-based and on-premises services and features, such as single sign-on, conditional access, and group policy.

Client ID

The client ID is a unique identifier that is assigned to the app object when it is created. The client ID is also known as the application ID or the app ID. The client ID is used to identify the application in OAuth 2.0 flows, such as when requesting an access token or a refresh token from Azure AD. The client ID is a GUID (globally unique identifier) that has the following format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Client secret

A client secret is a string that the application uses to prove its identity when requesting a token from Azure AD. It can be generated in the Azure portal and is valid for a specified period of time. The client secret is also known as an application password or a key.

Window provisioning package

A Windows provisioning package is a collection of settings and files that can be used to configure a device during the initial setup or after a reset.

Windows Configuration Designer

Windows Configuration Designer is a tool that helps you create provisioning packages for Windows 10/11 devices. It is available as an app from the Microsoft Store or as part of the Windows Assessment and Deployment Kit (ADK).

Bulk primary refresh token

A bulk primary refresh token (BPRT) is a special type of token that Azure Active Directory (AD) issues to devices that are hybrid Azure AD joined or Azure AD joined. A BPRT contains information about the device and the user who signed in to the device, such as the device ID, the user's identity, and the device's compliance status. A BPRT can be used to access cloud resources that require device-based conditional access policies, such as Microsoft 365 apps and services.

Microsoft Graph API

Microsoft Graph is a unified endpoint for accessing data, intelligence, and insights from the Microsoft cloud. It provides a single interface to connect to various products and services, such as Outlook, OneDrive, Teams, SharePoint, Azure AD, and more. Microsoft Graph enables developers to build rich applications that can interact with millions of users and their data across multiple platforms and devices.

Tenant migration

Tenant migration is the process of moving your Azure resources and data from one Entra ID (formerly Azure Active Directory) tenant to another. You may need to migrate tenants for various reasons, such as mergers and acquisitions, divestitures, or organizational changes.

Intunewin file

An intunewin file is a special type of ZIP archive that contains the files and metadata needed to deploy an application with Microsoft Intune. You can create an intunewin file by using the Microsoft Win32 Content Prep Tool, which compresses the source files and generates a detection method, encryption keys, and a setup command line. You can then upload the intunewin file to the Intune portal and assign it to the devices or groups of your choice.

Company Portal

Company Portal is an app that you can install on your Windows 10/11 device to access and manage your work or school resources. You can use the Company Portal app to enroll your device in Intune, which gives your organization access to your device and data. By enrolling your device, you also get access to the apps and settings that your organization provides for you.

SID

A SID, or security identifier, is a unique alphanumeric string that identifies a user, group, or computer account on a Windows system. A SID is assigned by the system when a user or object is created and remains the same even if the user or object is renamed or moved to another location. SIDs are used to control access to resources and enforce security policies on Windows devices.

Descriptions

Cloud managed

Describes the state of a PC that is Entra ID Joined and Intune enrolled

Co-managed

Describes the state of a PC that is managed by both Microsoft Endpoint Configuration Manager (MECM, formerly SCCM) and Intune, and is either Entra ID or hybrid joined

Unmanaged

Describes the state of a PC that is not managed by any platform and is not joined to Entra ID or an Active Directory Domain

Source tenant

The original, and/or current join location of the PC, prior to device migration

Destination tenant

The target location that the PC will be joined to post device migration