Recommended Deployments
ImmyBot comes with several pre-configured "Recommended Deployments" that provide a solid foundation for managing your endpoints. This guide explains each recommended deployment and how to use them effectively.
Create Profile for Primary User
This deployment creates a user profile for the primary user, allowing ImmyBot to set user-specific settings like default browser and PDF editors.
How It Works
When configuring a new computer, ImmyBot needs to set user-specific settings, but faces a challenge:
- User-level settings like default browser and PDF handler are stored in the user's registry
- On a new computer, the user hasn't logged in yet, so no profile exists
- Without a profile, these settings can't be configured
ImmyBot's Solution:
- Fetches the user's SID (Security Identifier) from Azure AD
- For AD-synced users, uses the SID from Active Directory
- For cloud-only users, uses their Azure AD SID
- Creates the profile without requiring the user's password
- Handles the UserChoice hash (Microsoft's anti-tamper mechanism) automatically
- Requires UCPD task to be deployed
This deployment is essential for proper user experience configuration and should typically remain enabled.
Microsoft 365 Apps
ImmyBot intelligently installs Microsoft 365 applications based on the user's license entitlements.
Included Applications
ImmyBot contains recommended deployments for:
- Microsoft 365 Apps for Business
- Microsoft 365 Apps for Enterprise
- Microsoft Project
- Microsoft Visio
Smart License Detection
You might worry that enabling these deployments will install all Microsoft 365 apps on every computer. However, ImmyBot uses conditional logic:
- Each deployment includes a "Metascript" filter
- This script connects to the Microsoft Graph API
- It checks whether the selected user has a license for the specific product
- Only licensed applications are installed
This approach ensures users get exactly the applications they're entitled to use, without wasting resources on unlicensed software.
Dell/Lenovo/HP Updates
ImmyBot will install the latest updates from major manufacturers, including:
- Driver updates
- BIOS/firmware updates
- Hardware-specific utilities
Manufacturer-Specific Targeting
Each manufacturer deployment includes a filter script that:
- Detects the computer's make and model
- Only applies updates from the matching manufacturer
- Prevents cross-manufacturer updates (e.g., HP updates won't apply to Dell machines)
These deployments help maintain hardware at optimal performance and security levels with minimal effort.
Adobe Reader
This deployment installs and configures the latest version of Adobe Reader on workstations.
Handling Exceptions
Some organizations may use alternative PDF readers (like Foxit or PDF-XChange) instead of Adobe Reader. Rather than disabling this deployment globally:
- Keep the Adobe Reader deployment enabled as the default
- Create exception deployments for specific customers or computers
- Set the alternative PDF reader to install and Adobe Reader to uninstall for those targets
For more details on handling exceptions, see the Deployment Resolution section.
Set Computer Name and Domain Join
This deployment demonstrates ImmyBot's ability to:
- Set computer names according to your naming convention
- Join computers to your Active Directory domain
- Configure domain-specific settings
Customization Recommended
Unlike other recommended deployments, this one should typically be customized for each customer:
- Turn off the default deployment by clicking Disable
- Create customer-specific versions with appropriate naming conventions and domain settings
- Apply these custom deployments to the relevant customer targets
BitLocker
We recommend installing BitLocker Recovery Tool on at least one Domain Controller
This deployment will allows ImmyBot to manage BitLocker accross your computer endpoints
- Checks for TPM and OS compatability
- Stores the BitLocker Recovery Key in Azure or in Active Directory dynamically
- Requires Azure connection or Domain Controller in ImmyBot
Customizing Recommended Deployments
While recommended deployments provide a solid starting point, you should review and customize them to match your specific requirements:
- Review each deployment to understand its purpose and configuration
- Enable or disable deployments based on your needs
- Create exceptions for specific customers or computers as needed
- Clone and customize deployments that require customer-specific settings
Remember that deployments only take effect when maintenance is run, so you can safely experiment with different configurations.
Next Steps
After reviewing the recommended deployments:
- Create your own deployments for additional software and configurations
- Learn about deployment resolution to handle exceptions
- Explore maintenance sessions to apply your deployments