Windows Autopilot is a cloud-based service from Microsoft that allows enterprises to accelerate the deployment of end user devices from the cloud. It is straightforward to configure and helps to reduce the workload on the IT helpdesk in terms of imaging PCs and tediously installing software before sending the desktops to end users.

Windows Autopilot supports user-driven mode, which allows end users to unbox a PC, power it on, choose a language, connect to their home or remote network, enter sign-in information, and then have the PC automatically perform the rest of the provisioning process. This automated portion of the configuration includes the following:

  • Joining your organization
  • Enrolling the device in Microsoft InTune
  • Configuring the PC based on the settings and installations defined at the organizational level

It supports two scenarios for configuration that include joining:

  • Azure Active Directory
  • Hybrid Azure Active Directory

To simulate an end user that receives a Windows 10 desktop and unboxes it, we will use a Windows 10 VM instead of an unboxed PC.

OEM manufacturers will automatically capture the device IDs on each device in the factory. Using the PowerShell script below, we simulate the OEM vendor and capture the hardware ID of the virtual machine.

The steps of the script are as follows:

md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Install-Script -Name Get-WindowsAutopilotInfo -Force
$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
Get WindowsAutoPilotInfo using PowerShell

Get WindowsAutoPilotInfo using PowerShell

The steps above create a CSV file that can be imported into Autopilot to test its functionality. Browse to and select your CSV file for Autopilot.

Import devices into Windows Autopilot

Import devices into Windows Autopilot

The new Autopilot device is successfully added.

Device successfully imported into Windows Autopilot

Device successfully imported into Windows Autopilot

Add a new group for Autopilot scoping

Most likely, you will want to scope your Autopilot deployments to a specific group. You can easily do that by creating a new Azure Active Directory group. Below, the membership type is assigned. In production environments, you can also benefit from dynamic groups that can automatically define group memberships.

Create an Azure Active Directory group for Windows Autopilot

Create an Azure Active Directory group for Windows Autopilot

For group membership, add the device type imported earlier. After finding the device type, click the Select button.

Add the new imported device to your Azure Active Directory Autopilot group

Add the new imported device to your Azure Active Directory Autopilot group

The new device type is now a member of the Azure Active Directory group.

Configuring company branding

It is recommended to configure your company branding, which helps customize the look and feel of the Autopilot process so it's familiar to the end user provisioning the PC. Additionally, it helps to quickly know if the Autopilot process is targeting the device correctly. To customize the company branding, navigate to your Azure Active Directory blade, and choose Company branding. Below, a banner logo and "sign-in page text" are defined.

Add company branding for Autopilot

Add company branding for Autopilot

Configure mobility

Next, we want to configure mobility (MDM and MAM) policies. In your Azure Active Directory blade, choose Mobility (MDM and MAM). Here, we set both to All.

Configure MDM user scope and MAM user scope

Configure MDM user scope and MAM user scope

Assigning applications to the Windows Autopilot profile

Next, using Microsoft Endpoint Manager, you can assign Windows apps to the Windows Autopilot profile. This feature is a great way to quickly get the applications provisioned that are needed by the end-users. Office apps are one of the primary applications required by users for business productivity. In the Endpoint Manager, choose Apps > Windows > Add to add Microsoft 365 apps for Windows 10.

Adding a new app assignment to the Windows Autopilot deployment

Adding a new app assignment to the Windows Autopilot deployment

Under the Microsoft 365 Apps properties for Windows 10, after adding it to the available apps, choose Properties > Assignments > Edit.

View the properties of the assigned application and edit assignments

View the properties of the assigned application and edit assignments

Add the same group you used to scope your Autopilot deployment. Click Review + save.

Assign the group added earlier to the Windows Autopilot deployment profile

Assign the group added earlier to the Windows Autopilot deployment profile

Create a Windows Autopilot deployment profile

We now have some basic requirements for Autopilot in place. Now, we need to define the Autopilot deployment profile. In Microsoft Endpoint Manager, click Devices > Enroll devices > Deployment profiles.

Begin creating an Autopilot deployment profile

Begin creating an Autopilot deployment profile

Choose Create profile > Windows PC.

Creating a new profile

Creating a new profile

It launches the Create profile wizard. Select a name for the profile.

Name the new Autopilot profile

Name the new Autopilot profile

On the out-of-box experience screen, choose the deployment mode, Azure AD join type, and other settings to customize the experience. In the user-driven approach, devices are associated with the user deploying the device, and user credentials are required for deployment. Click Next when the settings are configured to align with your organization's needs.

Configure the out of box experience using Autopilot

Configure the out of box experience using Autopilot

On the Assignments screen, choose the group to which you want to assign the deployment profile. Here, we choose the group containing the imported device type.

Assign the new Autopilot deployment profile

Assign the new Autopilot deployment profile

Review and create the new Autopilot deployment profile.

Review and create the new deployment profile

Review and create the new deployment profile

The new deployment profile is created successfully.

New deployment profile for Autopilot is created successfully

New deployment profile for Autopilot is created successfully

If you go back to the Windows Autopilot devices screen, you'll notice the Profile status displays "Not assigned." If this is the case, click the Sync button.

The device shows Not assigned at first

The device shows Not assigned at first

After syncing, the Profile status displays Assigned.

After syncing the Windows enrollment it shows as assigned

After syncing the Windows enrollment it shows as assigned

Running Windows Autopilot on a Windows 10 PC

Now that Autopilot and other components are configured, we can test the Autopilot functionality on the Windows 10 PC. During the out-of-the-box experience, I select the Set up for an organization option.

Setup for an organization

Setup for an organization

Next, enter the organization account to be used for configuring the Windows 10 PC.

Sign in with the organization account for Windows Autopilot

Sign in with the organization account for Windows Autopilot

Note that after entering the organization account, the custom branding message is displayed below. Seeing this is a good sign that Autopilot is working. After entering your password, you will see the normal screens to follow to configure Windows Hello and set up your PIN code for accessing the machine.

Enter the password and the custom branding message is displayed

Enter the password and the custom branding message is displayed

Once signed in, we see Microsoft 365 apps start to download. The full download and installation process for Microsoft 365 does not keep the sign-in process from completing, so the end user can get to the desktop. Instead, they see the downloading icons for the applications until they are fully provisioned.

Microsoft 365 apps are being downloaded as part of the Autopilot provisioning process

Microsoft 365 apps are being downloaded as part of the Autopilot provisioning process

The Microsoft 365 apps are fully downloaded and installed without any intervention from the end user or an IT administrator.

Subscribe to 4sysops newsletter!

Microsoft 365 apps are eventually downloaded and installed using Autopilot

Microsoft 365 apps are eventually downloaded and installed using Autopilot

Setting up a Windows 10 PC using Autopilot allows organizations to fully leverage the power of the cloud to deploy desktops to end users. Autopilot enables organizations to have a new Windows 10 PC shipped to the end user and have the desktop fully provisioned once they log in with their organization account. As shown, with just a bit of configuration, large numbers of end user PCs can be successfully onboarded into the environment and fully managed.

+2
avatar
0 Comments

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account