In this post, let’s see how to set Computer Name during Windows Autopilot. This scenario will apply to both Azure AD, and Hybrid AD joined Autopilot deployments. In this post, I will rely only on the inbuilt functionality of the Autopilot Profile configuration.
The main topic discussed in this post is the hostname or computer naming standards, and templates should be used in the modern management world. Also, this post covers Groups Tags and AAD dynamic device groups.
When you use Microsoft Endpoint Configuration Manager (MECM – aka SCCM) or Microsoft Deployment Toolkit (MDT), we can use any one of the scripting methods to assign the computer name during the OSD process. This post will cover how to perform these activities using Microsoft Endpoint Manager (MEM) Portal or Intune portal.
For the hybrid Azure AD joined autopilot scenario naming standard template, you will need to use the Domain Join configuration profile template from Intune. Whereas you can use Device Name Template from Autopilot profile for Azure AD joined scenario.
We will also discuss the manual and automatic options to build Group Tags for Windows Autopilot devices. The group tags would help you better manage Windows Autopilot provisioning, Intune policy, and application deployment scenarios.
- How to Decide Windows Autopilot Profile Types | Intune Architecture
- Windows Autopilot Hybrid Domain Join Step By Step Guide 1
- How to Use Enterprise State Roaming ESR Feature for Windows Autopilot Deployment
Window Autopilot Naming Standards – Computer Name During Windows Autopilot
Let’s check Window Autopilot Naming Standards and supported options. In the Autopilot deployment, there is the limitation to assign the device name based on the below scenario; the Windows 10 or Windows 11 computer name will support a maximum of 15 characters.
Both the Azure AD and Hybrid Azure AD scenarios are listed down below.
- Azure AD Join:
- Prefix (Fixed String)
- Prefix (Serial Number)
- Prefix (Random Number)
- Hybrid Azure AD Join
- Prefix (Fixed String)
NOTE! – As you see, the Hybrid Azure AD join options are very limited. So, try to use Azure AD join wherever possible.
| Computer Naming Options | Commandline | Examples | |
| Azure AD Join | Prefix (Fixed String) | INKLCH | INKLCH0102030405 |
| Prefix (Serial Number) | INKLCH%SERIAL% | INKLCHR902134Z | |
| Prefix (Random Number) | INKLCH-%RAND:6% INKLCH%RAND:4% | INKLCH-012345 INKLCH0123 | |
| Hybrid AD Join | Prefix (Fixed String) | INKLCH | INKLCH0102030405 |
Windows Autopilot Group TAG
Let’s understand Windows Autopilot Group TAG with an example. The organization needs to use two or more different Computer naming standards based on the specific OU requirements. The OU dependency is only for the Hybrid Azure AD scenario.
NOTE! – You can use the group tags for both Azure AD joined and Hybrid Azure AD joined scenarios.
For example, the devices will be used by the IT, HR, Maintenance, Operations, Finance, and Accounts teams. Microsoft introduced Group Tag options to cater to the OU requirements for Hybrid Azure AD scenarios in Windows Autopilot.
Let see how we can use Group Tags to group devices together by configuring Autopilot enrollment options for each group of devices with the same Group Tag.
Manual Process – How to Add Autopilot Group Tag
Let’s see what is the manual way to Add Autopilot Group Tag. There are different methods available and we will first check the Manual type method.
You will need to Open the EndPoint.Microsoft.com portal. You then need to navigate to the Devices node Enroll Devices.
By selecting the Serial Number and updating the Group Tag information and click Save.
Automatically Configure Windows Autopilot Group Tags
Let’s now understand how do we configure Automatically Configure Windows Autopilot Group Tags. You can modify the .csv file by adding another column called Group Tag. In the Group Tag column, you will need to add the team/department information as per your requirement.
The next step, to Import the .csv into the Endpoint Manager portal. You can import the CSV file for Autopilot from the following path.
- You can open the MEM admin center portal and navigate to devices.
- Navigate to Enroll Devices.
- Click on Devices link from Windows Autopilot Deployment Program section.
Import Windows Autopilot devices from the .CSV file. When assigning users in the .CSV, make sure that you are assigning correct UPNs.
You will need to click on the IMPORT button and upload the CSV file you created with the Group Tag details.
Create Azure AD Dynamic Groups using Group Tags
Let’s create Azure AD Dynamic Groups using Group Tags. Once created, you can use these AAD dynamic device groups to Autopilot Profile settings and Configuration Profile settings, etc. But note that more device naming templates imply more device enrolment profiles, maintenance, and complexity.
The Autopilot Deployment Profile and Configuration Profile are assigned to the Dynamic Device AAD group based on Autopilot group tags.
Let’s check how to create a Dynamic Device AAD Group with a group tag. The below AAD security group can be assigned later for Autopilot deployments. I will be creating the AAD group with Group Type as Security and Membership Type as Dynamic Device
- Navigate via Azure Portal -> Azure Active Directory -> Groups – All Groups – >
- Click on “+ New Group“
- Select Security as Group Type
- Enter Group Name “_Kannan” (any name is fine)
- Enter Group Description “Windows AutoPilot Profile AAD group based on Group Tag” (any description is fine)
- Select Dynamic Device as Membership type
- Click on Add Dynamic Query under Dynamic Device Members
In Dynamic membership rules, Add expression as (device.devicePhysicalIds -any _ -eq “[OrderID]:INKLTN”). So the devices which are under the INKLTN Group Tag will be part of this group. You can either copy-paste the code below or select each property to build the AAD dynamic device query using Group Tag.
device.devicePhysicalIds -any _ -eq "[OrderID]:INKLTN"
Device Name Template to Set Computer Names During Windows Autopilot
Now, let’s see how to use Device Name Template to Set Computer Names During Windows Autopilot. This should be used very carefully. I also recommend testing this in a lab environment before implementing this production.
The following are some important points that users will need to note before designing naming standards for your Autopilot devices or modern managed devices. However, Device Name Templates are great to help keep better standards for Windows 10 and Windows 11 devices.
You can create a unique name for your Windows Autopilot provisioned devices. Names must be 15 characters or less. It can contain letters (a-z, A-Z), numbers (0-9), and hyphens.
The other limitation is the Names must not have only numbers. Names cannot include a blank space. You can Use the %SERIAL% macro to add a hardware-specific serial number.
Well, there are some alternations, such as using the %RAND:x% macro to add a random string of numbers, where x equals the number of digits to add.
- You can open the MEM admin center portal and navigate to devices.
- Navigate to Enroll Devices.
- Click on Windows Autopilot Deployment Profiles link from the Windows Autopilot Deployment Program section.
The below settings will be configured in the Windows Autopilot Deployment profile. More details profile creation process is explained – Windows AutoPilot Process End To End Guide. You will need to click on the Create Profile drop-down option and select Windows PC from the list to create a new Autopilot profile for Windows 10 and Windows 11 PCs.
In Apply device name template, select Yes to enable the template for the Autopilot profile. Type the device naming standard in the Enter a name column. For example, I have chosen INKLTN-%RAND:4%.
NOTE! – For Hybrid Azure AD joined type of Autopilot deployment profiles, devices are named using settings specified in Domain Join configuration.
You can deploy the profile to the Azure AD dynamic group that is created in the above section. The Autopilot deployment profile is assigned to the Dynamic device Azure AD security group; click Review + Save to complete the Deployment profile creation.
Device Configuration Profiles to Set Naming Standards for Hybrid Azure AD joined Devices
Let’s see how to Device Configuration Profiles to Set Naming Standards for Hybrid Azure AD joined devices. You can set naming standards using Device Configuration Profiles in Intune. Let’s check how this can be done from the MEM Intune Device Configuration profile.
NOTE! – This method is only applicable for Hybrid Azure AD joined types of Autopilot deployment profiles. Let’s see how to configure devices are named using settings specified in Domain Join configuration.
You will need to navigate through the Devices node from the MEM Admin center portal. Click on the + Create Profile button; select platform as Windows 10 or later. Now select the Templates option and search with keyword domain.
Now, you will need to choose the Domain Join template from the search results and click on the Create button.
You will need to enter the name, and description of the Configuration Profile Domain Join for the Hybrid Azure AD join scenario.
In the Computer name prefix column, type enter the INKLCH so that the computer name will be INKLCH0102030405. The computer name will be assigned with 15 characters.
The Configuration profile is assigned to the Azure AD Dynamic device security group that I created above. But don’t use this method if you are in Azure AD joined scenario. This domain join configuration profile is valid only for Hybrid Azure AD join scenario.
Custom Policy to Create Naming Standards for Hybrid Azure AD Joined Devices
You can use another method to configure naming standard for Domain Joined devices using Intune Custom policy – OMA-URI Entry “./Device/Vendor/MSFT/Accounts/Domain/ComputerName“
Intune Custom policy – Guide to create Intune Custom Policy using OMA-URI
You can set the value with the format “%RAND:# of digits” which will generate random digits. Or You can use %SERIAL% for the device names similar to the Autopilot profile.
You can get more details about the value, and we can see the following link:
https://docs.microsoft.com/en-us/windows/client-management/mdm/accounts-csp
Conclusion
You will need to use different policies from Intune to create naming standard templates for Azure AD joined, and Hybrid Azure AD joined scenarios.
- Azure AD Join – Use Device Name Template to Set Computer Names During Windows Autopilot
- Hybrid Azure AD Join – Device Configuration Profile Domain Join template to Set Naming Standards for Hybrid Azure AD joined Devices
Post configuration of user-driven Azure AD joined scenario; the deployment profile naming template settings are assigned to Windows 10 computer.
This is great! thank you for posting this.
on a personal note, i clicked on this link from Facebook, and did not read who the author was, as i started reading through the detail, i was like, wow this sounds like how Kannan speaks, and so i scrolled back up to the top and there it is, my pal Kannan wrote this. i miss you buddy, hopefully we will work together again soon!!!
Thank you Chuck!
Hi, Have you actually tried the custom OMA-URI to set the name for the hybrid device? According to Microsoft, “This setting can be managed remotely, but note that this not supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. “. After reading this, I immediately tried this in my lab and it did not work. The device only used the suffix specified in the domain join policy.
I also tried this and doesn’t work for hybrid devices. I ended up using a PS script post provisioning with a pre req to check device is on authenticated domain eg vpn or corp network
Hi I have one device Azure AD joined & Intune enrolled. But Naming template does not work on that device.
Is there any specific reason or certain limitation to the naming template,
Device is Window 21H2 and Azure AD joined.
Anoop,
I want to create a Group for a Hybrid AD Domain Join for Intune. Is there any specific naming convention to follow:
Can it be Just
Intune AutoPilot as the Group name or any Prefix?
Thank you very much for this details instructions, I also have some questions for you:
We have a hybrid environment and our AD have different office locations and each location have their own user and devices OU, and device naming convention. How do I :
1. Joining the device to respective OU based on user account when they signed-in during autopilot?
2. Device being named based on our naming convention?
My idea is once the user enter it’s credential, based on user’s location (maybe in one of the user attributes), create device name in respective to the location’s naming convention and in the respective location OU.
Appreciate your 2cents
Hi Adam,
my comments are below
1. Joining the device to respective OU based on user account when they signed-in during autopilot? – This can achieved using script after enrollment process completed.
2. Device being named based on our naming convention? – You can create configurations based on your requirement. It is based on your DC architecture. If you have a managing number of OU’s, so you have to create the number of configuration profiles using group tag options. Its a administrative overload, you can use the script options to full your requirment.
Hi John,
It will vary company to company, you may refer to below URL for examples
https://www.itassetmanagement.net/2011/01/17/asset-naming-conventions/#:~:text=Avoid%20using%20non-alphanumeric%20characters%20use%20only%20letters%20%28A-Z%29,NetBIOS%20and%20WINS%20are%20not%20compatible%20with%20more.
I am struggling to find a solution to use different naming conventions for Desktops and Laptops in a Hybrid Azure AD Join Auto Pilot method of Auto Pilot.
e.g for Desktop W10-%Serial% and for Laptops L10-%Serial% in a Hybrid Azure AD join Auto pilot profile. Any suggestions ?
I have found that you cannot use ABC-%SERIAL%, but you can use ABC%SERIAL%, or just %SERIAL%
I have not seen any written listing what restrictions there are for a prefix, other than the length.
So you could use W10%SERIAL% and L10%SERIAL%, although I am guessing it now be W11
You could then use the Group Tag as a qualifier for dynamic groups and each to a different Enrollment profile (only difference in profile would be the naming template)