How to Decide Windows Autopilot Profile Types | Intune Architecture

Let’s discuss How to Decide on Windows Autopilot Profile Types in Intune Architecture. Intune streamlines app deployment and usage for increased productivity, while Autopilot efficiently sets up new devices and onboard your team.

Windows Autopilot empowers IT professionals to configure new desktops seamlessly, joining pre-existing configuration groups effortlessly and applying custom profiles. As a result, new users gain immediate access to fully functional desktops upon their first logon, streamlining the organisation’s out-of-box experience (OOBE).

Yes, there are several choices in Windows Autopilot Profile Types. We must decide which will best suit the customer based on their requirements. Whenever I meet with new customers, there is always confusion about the best Windows Autopilot profile for them.

In this post, we will discuss more autopilot profiles. I hope this post might help a customer make the best decision. I think the Windows Autopilot Profile Types selection is an important decision-making process in Intune Architecture for an organization.

Patch My PC

NOTE! – Learn more about Intune Basics and Intune Job Opportunities!

Index
FAQ – What are the challenges and persona criteria for the different profile types?
Windows Autopilot Profile Types
Autopilot Type Description
Decision-Making Tree Decide Windows Autopilot Profile Types
Resources
How to Decide Windows Autopilot Profile Types | Intune Architecture – Table 1

What are the challenges and persona criteria for the different profile types?

Windows Autopilot Profile Types

Generally, I see customers select the autopilot profile based on their business persona, such as Sales users, Managers, Field users, etc. Below are some profile types, challenges, and persona criteria.

Adaptiva

Type 1: User-driven mode (classic autopilots)
Type 2: Self-deploying mode
Type 3: Hybrid Azure AD join
Type 4:Existing devices

Windows Autopilot Profile Types

To better understand the Windows Autopilot profile types, let’s examine the table and each column. In the comments section, let me know if you have any questions.

Type 1Type 2Type 3Type 4
User-driven mode (classic autopilots)Self-deploying modeHybrid Azure AD joinExisting Devices
•Join device to AAD
•Enroll in Intune
•Join device to AAD
Enroll in Intune
•Join device to on Prem AD + registered in azure
•Enroll in Intune
•Join device to AAD
•Enroll in Intune
•Require user credential for Azure AD join and Intune enrollment•No need to provide user credentials to authenticate for Intune and Azure AD join. Instead, a TPM chip is used for authentication.•Require user credentials for Azure AD join and Intune enrollment• Require user credentials for AAD and Intune enrollment
Challenges:
•More user wait time. This wait time can be reduced using the white glove process.
NA•Require user credentials for AAD and Intune enrollment
• Can Copy Offline Autopilot profile
Challenges:
• Require Task sequence
• More End-user wait time. This wait time can be reduced using the white glove process.
Persona criteria: •Don’t have on-premise Dependency for application and AD policy
•Recommended for Remote users or sales users who don’t often connect to the corporate network
Challenges:
•Require an Intune connector to be installed for AD Join.
• More End-user wait time.
Persona criteria:
•Don’t have on-premise Dependency for application and AD policy
•Recommended for Windows 10 kiosk scenarios or shared device users
Persona criteria: • Recommended for users who have an on-premise dependency on apps and policy
How to Decide Windows Autopilot Profile Types | Intune Architecture – Table 2

The Windows Autopilot whiteglove process can be included with the above Types 1,3,4. With Autopilot Whiteglove, the device joins Azure AD + Intune enrolled + policy and apps installation before user login. As a result, the end-user time can be saved.

Autopilot Type Description -Windows Autopilot Profile Types

Type 1 : User-Driven: In this approach, the user needs to go through the OOBE screen. After successful user authentication with Azure, the device becomes Azure AD join + Intune enrolled. Intune deploys Apps and policies.

Type 2: Self-Deploying mode: In this approach, the device joins Azure before the user logs in. The TPM chip will be the authentication parameter in Azure instead of User authentication. Before the user logs in, the device is already joined to Azure AD and Intune enrolled.

Type 3: Hybrid Autopilot: In this approach, the user goes through the OOBE screen. However, in this type, the user also authenticates against on-premise AD. Windows 10 becomes Domain Join + Azure Registered + Intune enrolled in this scenario. For more details, please refer to my previous post on Hybrid autopilot.

Type 4: Task sequence: In this approach, your existing SCCM/MDT infrastructure can be leveraged to deploy Windows 10 autopilot devices. This approach is suitable for converting existing Traditional machines to Autopilot devices.

The SCCM task sequence will wipe the existing Operating system. Then, install Win 10 and deploy an offline autopilot profile. You don’t need to register the hardware ID if we deploy an offline autopilot profile along with the Task sequence.

Decision-Making Tree Decide Windows Autopilot Profile Types

The diagram below shows some of the basic questions that help decide your autopilot profile type. This is a common challenge for customers of Azure.

  • Require AD group policy for security and configuration?
  • Require apps with legacy authentication?
  • Is there any agent in Windows 10 that requires domain join?
How to Decide Windows Autopilot Profile Types | Intune Architecture - Fig.1
How to Decide Windows Autopilot Profile Types | Intune Architecture – Fig.1

Resources

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Vimal has more than 10 years of experience in SCCM device management solutions. His main focus is on Device Management technologies like Microsoft Intune, ConfigMgr (SCCM), OS Deployment, and Patch Management. He writes about SCCM, Windows 10, Microsoft Intune, and MDT.

2 thoughts on “How to Decide Windows Autopilot Profile Types | Intune Architecture”

  1. The table on this webpage for the autopilot profile types “existing devices” section appears to be incomplete. can you please complete what comes after “without”?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.