How to get properly started with Windows AutoPilot: Everything you initially need to know!

Introduction

It’s time for me to take on a new topic on the blog. I have been experimenting, working and blogging a lot about SCCM, Intune and¬†Co-management, but never really touched base with Windows AutoPilot. Time is due and this will be the first in a series of posts about Windows AutoPilot and how to eventually reach Co-management with SCCM and Microsoft Intune through Windows AutoPilot.

First things first though. This post will give you everything you need to know on how to properly get started with Windows AutoPilot. Curious? Read on ūüôā

A peek into my AutoPilot devices in my test tenant ūüôā

Prerequisites

As usual, a few prerequisites:

  • Windows 10 version 1703 or higher
    • Specific capabilities requires higher versions of Windows
  • Proper licensing for Azure AD and MDM functionality
  • Automatic MDM enrollment enabled for your users
    • This is in line with the prerequisites for Co-management in general
  • Allow your users to join devices to Azure AD
  • Company branding configured in Azure AD

Register devices

Quote Michael Niehaus: “The easiest way to register devices, is to have someone else do it”

First off, there are several and better choices for registering devices into Windows AutoPilot at scale than the scenario I’m covering here, but for initial testing and to get started, this will be sufficient and ideal:

  • Run the script using the -OutputFile parameter on the device you wish to register into Windows AutoPilot:

Upload the .csv file

  • Click Import

  • And browse to the .csv file created earlier by the Powershell script and import the file. Notice the import can take several minutes to complete

  • Once the import is complete, click on Sync and then¬†Refresh¬†once the sync has completed

  • Notice your new device has been added with a profile status of ‘Not assigned’

AutoPilot device group

  • Next, create a new dynamic¬†security group. This can be done in Azure AD or in Intune in the Azure AD portal:¬†https://portal.azure.com
    • Give the group a suitable name. For your inspiration, mine is called Intune_AutoPilot_Devices
    • Membership rule:¬†(device.devicePhysicalIDs -any _ -contains “[ZTDId]”)
      • Note: This will essentially create a group consisting of ALL AutoPilot devices

Deployment Profile

  • Back in the Microsoft 365 Device Management portal: Create a new AutoPilot¬†Deployment¬†Profile¬†in Windows enrollment -> Deployment Profiles -> Create profile

  • Configure the profile as it suits your needs. Below is an example:

  • Assign the newly created Deployment Profile to the group you created earlier:

  • Now, check back in on your Windows¬†AutoPilot devices and notice your newly imported device now has a profile status of assigned
    • This essentially means that every AutoPilot device you ever import or get registered by other means, will have this profile automatically assigned

Enrollment Status Page

  • For further customizing the experience for the end-user, take a closer look at the Enrollment Status Page. Below is the default profile, customized for my needs.
    • Note that the enrollment status page only works on Windows 10 version 1803 or higher

AutoPilot in action

  • Reset the device you imported into Windows AutoPilot earlier during this post:

  • Walk through the OOBE once again, this time noticing that the device is reaching out to the Windows AutoPilot deployment service:

  • And notice the Enrollment Status Page in action as well, making sure that the user is kept on the enrollment process until the device is fully ready:

Administering Windows AutoPilot

As a final note to this post, I’m going to let you know that there are multiple portals from where you can administer Windows AutoPilot devices:

  • Microsoft Store for Business
    • Was the initial portal for Windows AutoPilot, but everything has since then transitioned into Microsoft Intune
  • Microsoft 365 Business
    • Primarily for small and medium businesses – less than 300 seats
  • Partner Center
    • Used by distributors and resellers to add devices into your organization on your behalf
  • Microsoft Intune
    • This is the only portal you should be using, if you are an enterprise customer

More information

  • https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

Enjoy ūüôā

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.