4. Set up your computer
Set up your new Windows 11 device
After you complete the steps on the Account Setup and PRMFA Setup pages, follow these instructions to complete your setup.
The OEM image includes Windows 11 and Microsoft 365 Apps (formerly Office 365 Pro Plus).
Important: : An internet connection is required to complete the setup of your new Windows 11 device.
Device setup
Step 1: Before you begin, ensure your device is connected to a power supply and is connected to the internet. Then turn on your device.
Step 2: Select the country or region for your device and then select Yes.
Step 3: Select your preferred keyboard layout or input method and select Yes.
Step 4: If you want to add a second keyboard layout select Add layout. Otherwise, select Skip to continue.
Step 5: Choose your preferred network and select Connect. If you're setting up your device in a Microsoft building, select MSFTGUEST.
Note: If you are unable to connect to the MSFTGUEST network, we recommend connecting via wired ethernet cable or personal Wi-Fi network with internet access to complete setup. Once setup is complete and policies are applied, you can connect to the MSFTCONNECT wireless network.
Step 6: Windows will next check for updates. Your device may restart during this time.
Step 7: After any updates are complete, you should see the page Let’s set things up for your work or school. If you are prompted on how to set up your device, select Set up for work or school and select Next.
Step 8: Enter your Microsoft corporate email address (alias@microsoft.com) and select Next.
Step 9: If you are a new employee, enter your password or temporary access pass (TAP) and then select Sign in. If you are an existing employee setting up a new device, you can skip to step 11.
Step 10: Select Sign in with your phone or token device and authenticate from your mobile device.
Step 11: For existing employees, instead of the above steps, you should be prompted to open your Authenticator App and enter the number shown to sign in. If you completed steps 9-10 successfully, skip to step 12.
Step 12: It will take a few minutes to complete setup after entering your credentials and your device may restart. After Device preparation is completed, you can continue by selecting Continue anyway.
Note: This prompt might appear again, and you should again select Continue anyway.
Step 13: Next you will see a prompt to configure Windows Hello, which is a required security component. Select Yes, set up to configure now. If your device does not have either a Windows Hello supported camera or a fingerprint scanner, select Skip for now. Skip to step 14 of this document.
Step 14: You will be prompted to create a PIN. Select Next.
Step 15: Well done! Your device is now set up and you can sign into Windows 11 with your corporate credentials.
Step 16: In the Windows search box, type Check for updates and then select the first result. Install any recommended updates and restart your device if needed.
After successfully installing all updates, you are now ready to access internal resources. To learn more about those resources, and make your first few days more productive, visit the New Joiner Site Page.
Need to be productive while on the go? Then set up your mobile phone to access your work emails or join meetings! Visit our Mobile device setup guide to learn how.
Set up Azure Virtual Desktop
If you don't have a dedicated Microsoft device, you can still access Microsoft resources from any device using Azure Virtual Desktop (AVD).
Using the AVD client
Step 1: Install the Azure Virtual Desktop Client for your device.
- Windows (or modern appWindows App)
- Android
- MacOS
- iOS
Step 2: Open the Microsoft Remote Desktop app (or Windows app).
Step 3: Select the vDesktop icon in the region that's geographically closest to you.
Step 4: Sign in using your Microsoft corporate email account (alias@microsoft.com) with your MFA setup.
Using AVD on the web
Step 1: Open the Microsoft Remote Desktop web version.
Step 2: Select the vDesktop icon in the region that's geographically closest to you.
Step 3: Sign in using your Microsoft corporate email account (alias@microsoft.com) with your MFA setup.
You are now ready to access internal resources. To learn more about those resources, and make your first few days more productive, visit the New Joiner Site Page.
Need to be productive while on the go? Then set up your mobile phone to access your work emails or join meetings! Visit our Mobile device setup guide to learn how.
Set up your corporate-owned Mac device
If you were issued a new corporate-owned Mac device, it will arrive connected to the Microsoft corporate tenant through Apple Business Manager (ABM). ABM support is available for new devices purchased in the US, Canada, EMEA, and more locales.
Turn on your ABM-connected device for the first time and follow these steps:
Step 1: From the Remote Management page sign in with your Microsoft credentials and complete multifactor authentication.
Step 2: If you're using Migration Assistant, clear the System & Network checkbox to avoid known issues.
Step 3: After setup is complete, open the Company Portal app from Launchpad to complete your enrollment. Select Sign in and enter your credentials.
Step 4: Company Portal, Microsoft Defender for Endpoint (MDE), and Microsoft Edge are automatically installed during setup.
Connect remotely to Microsoft resources on a Mac
A virtual private network (VPN) is used to access Microsoft resources when you're not at a Microsoft location. Devices using VPN are required to be managed by Intune.
-
Download the Mac GlobalProtect agent fromaka.ms/macvpninstall.
-
Open GlobalProtect and select Continue.
-
On the Installation Type page, choose GlobalProtect > Continue > Install.
-
Enter your password and select Install Software.
-
When complete, you're prompted to allow Palo Alto Network from System Preferences > Security & Privacy.
-
Select Open Security Preferences > Allow > Close.
-
Select the GlobalProtect icon in your task bar. Enter the portal address msftvpn-alt.ras.microsoft.com > Connect.
-
When you're prompted to sign in, choose Sign in with a username and password instead. Provide your password and select Sign in.
-
When you receive the second authentication prompt, select Sign in with your phone or token device and then approve the two-factor authentication request on your mobile device.
You are now ready to access internal resources. To learn more about those resources, and make your first few days more productive, visit the New Joiner Site Page.
Need to be productive while on the go? Then set up your mobile phone to access your work emails or join meetings! Visit our Mobile device setup guide to learn how.