Let’s discuss How to Decide on Windows Autopilot Profile Types in Intune Architecture. Intune streamlines app deployment and usage for increased productivity, while Autopilot efficiently sets up new devices and onboard your team.
Windows Autopilot empowers IT professionals to configure new desktops seamlessly, joining pre-existing configuration groups effortlessly and applying custom profiles. As a result, new users gain immediate access to fully functional desktops upon their first logon, streamlining the organisation’s out-of-box experience (OOBE).
Yes, there are several choices in Windows Autopilot Profile Types. We must decide which will best suit the customer based on their requirements. Whenever I meet with new customers, there is always confusion about the best Windows Autopilot profile for them.
In this post, we will discuss more autopilot profiles. I hope this post might help a customer make the best decision. I think the Windows Autopilot Profile Types selection is an important decision-making process in Intune Architecture for an organization.
NOTE! – Learn more about Intune Basics and Intune Job Opportunities!
Index |
---|
FAQ – What are the challenges and persona criteria for the different profile types? |
Windows Autopilot Profile Types |
Autopilot Type Description |
Decision-Making Tree Decide Windows Autopilot Profile Types |
Resources |
What are the challenges and persona criteria for the different profile types?
Generally, I see customers select the autopilot profile based on their business persona, such as Sales users, Managers, Field users, etc. Below are some profile types, challenges, and persona criteria.
Type 1: User-driven mode (classic autopilots)
Type 2: Self-deploying mode
Type 3: Hybrid Azure AD join
Type 4:Existing devices
Windows Autopilot Profile Types
To better understand the Windows Autopilot profile types, let’s examine the table and each column. In the comments section, let me know if you have any questions.
Type 1 | Type 2 | Type 3 | Type 4 |
---|---|---|---|
User-driven mode (classic autopilots) | Self-deploying mode | Hybrid Azure AD join | Existing Devices |
•Join device to AAD •Enroll in Intune | •Join device to AAD Enroll in Intune | •Join device to on Prem AD + registered in azure •Enroll in Intune | •Join device to AAD •Enroll in Intune |
•Require user credential for Azure AD join and Intune enrollment | •No need to provide user credentials to authenticate for Intune and Azure AD join. Instead, a TPM chip is used for authentication. | •Require user credentials for Azure AD join and Intune enrollment | • Require user credentials for AAD and Intune enrollment |
Challenges: •More user wait time. This wait time can be reduced using the white glove process. | NA | •Require user credentials for AAD and Intune enrollment • Can Copy Offline Autopilot profile | Challenges: • Require Task sequence • More End-user wait time. This wait time can be reduced using the white glove process. |
Persona criteria: •Don’t have on-premise Dependency for application and AD policy •Recommended for Remote users or sales users who don’t often connect to the corporate network | Challenges: •Require an Intune connector to be installed for AD Join. • More End-user wait time. | Persona criteria: •Don’t have on-premise Dependency for application and AD policy •Recommended for Windows 10 kiosk scenarios or shared device users | Persona criteria: • Recommended for users who have an on-premise dependency on apps and policy |
The Windows Autopilot whiteglove process can be included with the above Types 1,3,4. With Autopilot Whiteglove, the device joins Azure AD + Intune enrolled + policy and apps installation before user login. As a result, the end-user time can be saved.
Autopilot Type Description -Windows Autopilot Profile Types
Type 1 : User-Driven: In this approach, the user needs to go through the OOBE screen. After successful user authentication with Azure, the device becomes Azure AD join + Intune enrolled. Intune deploys Apps and policies.
Type 2: Self-Deploying mode: In this approach, the device joins Azure before the user logs in. The TPM chip will be the authentication parameter in Azure instead of User authentication. Before the user logs in, the device is already joined to Azure AD and Intune enrolled.
Type 3: Hybrid Autopilot: In this approach, the user goes through the OOBE screen. However, in this type, the user also authenticates against on-premise AD. Windows 10 becomes Domain Join + Azure Registered + Intune enrolled in this scenario. For more details, please refer to my previous post on Hybrid autopilot.
Type 4: Task sequence: In this approach, your existing SCCM/MDT infrastructure can be leveraged to deploy Windows 10 autopilot devices. This approach is suitable for converting existing Traditional machines to Autopilot devices.
The SCCM task sequence will wipe the existing Operating system. Then, install Win 10 and deploy an offline autopilot profile. You don’t need to register the hardware ID if we deploy an offline autopilot profile along with the Task sequence.
Decision-Making Tree Decide Windows Autopilot Profile Types
The diagram below shows some of the basic questions that help decide your autopilot profile type. This is a common challenge for customers of Azure.
- Require AD group policy for security and configuration?
- Require apps with legacy authentication?
- Is there any agent in Windows 10 that requires domain join?
Resources
- Beginners Guide Setup Windows Autopilot Deployment – https://www.anoopcnair.com/windows-autopilot-deployment/
- Learn More About Windows Autopilot – https://www.anoopcnair.com/windows-autopilot/
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Vimal has more than 10 years of experience in SCCM device management solutions. His main focus is on Device Management technologies like Microsoft Intune, ConfigMgr (SCCM), OS Deployment, and Patch Management. He writes about SCCM, Windows 10, Microsoft Intune, and MDT.
The table on this webpage for the autopilot profile types “existing devices” section appears to be incomplete. can you please complete what comes after “without”?
Dear Vimal
As per Microsoft https://docs.microsoft.com/en-us/mem/autopilot/profiles, there are two types of Deployment mode; user driven and Self Deploying(Preview). Hybrid Azure AD join and Existing Devices are missing. Am I missing anything?