How to Decide Windows Autopilot Profile Types | Intune Architecture

Yes, there are several choices in Windows Autopilot Profile Types. Based on the requirement, we need to decide which will be the best fit for the customer. Whenever I go to new customers, there is always confusion which is the best Windows Autopilot profile for them.


In this post, we will discuss more autopilot profiles. And hope this post might help to make the best decision for a customer. I think the Windows Autopilot Profile Type selection is one of the important decision-making processes in terms of Intune Architecture for an organization.

NOTE! – Learn more about Intune Basics and Intune Job Opportunities!

Patch My PC

Generally, I see customers select the autopilot profile based on their business persona. For example Sales users, Managers, Field users, etc. Below are some of the profile types, its challenges and persona criteria

  • Type 1: User-driven mode (classic autopilots)
  • Type 2: Self-deploying mode
  • Type 3 :Hybrid Azure AD join
  • Type 4:Existing devices
Altaro Office 365 Backup
Advertisement Altaro Office 365 Backup

Windows Autopilot Profile Types

Let’s understand the table and go through each column to understand the Windows Autopilot Profile types better. Let me me know if you have any question in the comments section.

Type 1Type 2Type 3Type 4
User-driven mode (classic autopilots)Self-deploying modeHybrid Azure AD joinExisting Devices
•Join device to AAD
•Enroll in Intune
•Join device to AAD
Enroll in Intune
•Join device to on Prem AD + registered in azure
•Enroll in Intune
•Join device to AAD
•Enroll in Intune
•Require user credential for Azure AD join and Intune enrollment•No need to provide user credential to authenticate for Intune and Azure AD join. Instead , TPM chip is used for authentication .• Require user credential for AAD and Intune enrollment•Require user credential for AAD and Intune enrollment
• Can Copy Offline Autopilot profile
•More user wait time. This wait time can be reduced using white glove process.
•Require Intune connector to be installed for AD Join.
• More End user wait time.
• Require Task sequence
• More End user wait time. This wait time can be reduced using white glove process.
Persona criteria: •Don’t have on-premise Dependency for application and AD policy
•Recommended for Remote users or sales users who don’t often connect corporate network
Persona criteria:
•Don’t have on-premise Dependency for application and AD policy
•Recommended for Windows 10 kiosk scenarios, or a shared device users
Persona criteria: • Recommended for users who have on-premise dependency for apps and policyPersona criteria:
•Recommended for users who don’t have on-premise dependency
This approach can be used if business want to achieve mass Win 10 roll out.
Windows Autopilot Profile Types

The Windows Autopilot whiteglove process can be included with above Type 1,3,4. With Autopilot Whiteglove, device joins to Azure AD + Intune enrolled + policy and apps installation before user login. As a result, the end-user time can be saved.

1E Nomad

Autopilot Type Description

Type 1 : User-Driven: In this approach, the user needs to go through the OOBE screen. Post successful user authentication with Azure, the device becomes azure AD join + Intune enrolled. Intune deploy Apps and policies.

Type 2: Self-Deploying mode: In this approach, the device joins to azure before the user login. TPM chip will be the authentication parameter in Azure instead of User authentication. Before the user logs in, the device is already Azure AD joined + intune enrolled.

Type 3: Hybrid Autopilot: In this approach, the user goes through the OOBE screen. But in this type, the user authenticates against on-premise AD as well. In this scenario, Windows 10 become Domain Join + Azure Registered + Intune enrolled. For more details please refer to my previous on Hybrid autopilot.

Type 4: Task sequence: In this approach, your existing SCCM/MDT infrastructure can be leveraged to deploy windows 10 autopilot devices. This approach is suitable for converting existing Traditional machines to Autopilot devices.

SCCM task sequence will wipe the existing Operating system. Then install Win 10 and deploy offline autopilot profile. You don’t need to register the hardware ID if we deploy offline autopilot profile along with Task sequence. Refer here for more details on offline autopilot deployment.

Decision-Making Tree

Below diagram shows some of the basic questions which help in deciding your autopilot profile type . And common challenge for customers to Azure.

  • Require AD group policy for security and configuration ?
  • Require apps with legacy authentication?
  • Any agent in windows 10 which require domain join?
Autopilot Decision Making - Windows Autopilot Profile Types
Windows Autopilot Types – Windows Autopilot Profile Types


1 thought on “How to Decide Windows Autopilot Profile Types | Intune Architecture”

  1. The table on this webpage for the autopilot profile types “existing devices” section appears to be incomplete. can you please complete what comes after “without”?


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.