How to Decide Windows Autopilot Profile Types | Intune Architecture

Yes, there are several choices in Windows Autopilot Profile Types. Based on the requirement, we need to decide which will best fit the customer. Whenever I go to new customers, there is always confusion about the best Windows Autopilot profile for them.


In this post, we will discuss more autopilot profiles. And hope this post might help make the best decision for a customer. I think the Windows Autopilot Profile Type selection is an important decision-making process in Intune Architecture for an organization.

NOTE! – Learn more about Intune Basics and Intune Job Opportunities!

Generally, I see customers select the autopilot profile based on their business persona. For example, Sales users, Managers, Field users, etc. Below are some of the profile types, their challenges, and persona criteria

Patch My PC
  • Type 1: User-driven mode (classic autopilots)
  • Type 2: Self-deploying mode
  • Type 3: Hybrid Azure AD join
  • Type 4:Existing devices

Windows Autopilot Profile Types

Let’s understand the table and go through each column to understand the Windows Autopilot profile types better. Let me know if you have any questions in the comments section.

Type 1Type 2Type 3Type 4
User-driven mode (classic autopilots)Self-deploying modeHybrid Azure AD joinExisting Devices
•Join device to AAD
•Enroll in Intune
•Join device to AAD
Enroll in Intune
•Join device to on Prem AD + registered in azure
•Enroll in Intune
•Join device to AAD
•Enroll in Intune
•Require user credential for Azure AD join and Intune enrollment•No need to provide user credentials to authenticate for Intune and Azure AD join. Instead, a TPM chip is used for authentication.• Require user credential for AAD and Intune enrollment•Require user credential for AAD and Intune enrollment
• Can Copy Offline Autopilot profile
•More user wait time. This wait time can be reduced using the white glove process.
•Require Intune connector to be installed for AD Join.
• More End-user wait time.
• Require Task sequence
• More End-user wait time. This wait time can be reduced using the white glove process.
Persona criteria: •Don’t have on-premise Dependency for application and AD policy
•Recommended for Remote users or sales users who don’t often connect to the corporate network
Persona criteria:
•Don’t have on-premise Dependency for application and AD policy
•Recommended for Windows 10 kiosk scenarios or a shared device users
Persona criteria: • Recommended for users who have an on-premise dependency for apps and policyPersona criteria:
•Recommended for users who don’t have an on-premise dependency
This approach can be used if businesses want to achieve mass Win 10 rollout.
Windows Autopilot Profile Types

The Windows Autopilot whiteglove process can be included with the above Types 1,3,4. With Autopilot Whiteglove, the device joins Azure AD + Intune enrolled + policy and apps installation before user login. As a result, the end-user time can be saved.

Autopilot Type Description

Type 1 : User-Driven: The user needs to go through the OOBE screen in this approach. Post successful user authentication with Azure, the device becomes azure AD join + Intune enrolled. Intune deploy Apps and policies.

Type 2: Self-Deploying mode: In this approach, the device joins azure before the user login. TPM chip will be the authentication parameter in Azure instead of User authentication. Before the user logs in, the device is already Azure AD joined + intune enrolled.


Type 3: Hybrid Autopilot: The user goes through the OOBE screen in this approach. But in this type, the user authenticates against on-premise AD as well. In this scenario, Windows 10 become Domain Join + Azure Registered + Intune enrolled. For more details, please refer to my previous on Hybrid autopilot.

Type 4: Task sequence: In this approach, your existing SCCM/MDT infrastructure can be leveraged to deploy windows 10 autopilot devices. This approach is suitable for converting existing Traditional machines to Autopilot devices.

SCCM task sequence will wipe the existing Operating system. Then install Win 10 and deploy an offline autopilot profile. You don’t need to register the hardware ID if we deploy an offline autopilot profile along with the Task sequence.

Decision-Making Tree Decide Windows Autopilot Profile Types

The below diagram shows some of the basic questions that help decide your autopilot profile type. And a common challenge for customers to Azure.

  • Require AD group policy for security and configuration?
  • Require apps with legacy authentication?
  • Any agent in windows 10 which requires domain join?
Autopilot Decision Making - Windows Autopilot Profile Types
Windows Autopilot Types – Windows Autopilot Profile Types



2 thoughts on “How to Decide Windows Autopilot Profile Types | Intune Architecture”

  1. The table on this webpage for the autopilot profile types “existing devices” section appears to be incomplete. can you please complete what comes after “without”?


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.