In this post, I will describe how to provision windows 10 devices with AutoPilot service, how to enroll them into Intune, create deployment profile, import device information in Intune, and set up Windows 10 devices.
Provision Windows 10 with AutoPilot is part of modern technology. It seems to me everything is moving into cloud and automation. Building and managing operating systems are time-consuming, Windows Autopilot is the provisioning service.
With the help of Intune and AutoPilot, you can pre-configure, reset, re-purpose, recover your devices. You can do the customization, deploy the setting without re-imaging, which saves your lot of time.
I would not go into details for describing Windows AutoPilot, as there is a lot of Microsoft Documentation available. We also have posts from Anoop, Joy, and Vimal about Windows AutoPilot and MS Intune. Please go through with Windows AutoPilot.
While enrolling Windows 10 device to Intune, we must have to configure some pre-requisite, which are following. I would not go in detail with the licensing and other requirements that information you can get from Microsoft documents.
- Configure Device Setting
- Mobility (MDM and MAM)
- Company Branding
- Deployment Profile
- Create Groups
- Creation of Users
Configure Device Setting
To configure the device setting, you have to go to:
- Login to Azure Portal
- Navigate via Azure active directory->Devices->Device Settings
The first option is users may join devices to Azure AD, which I have selected all, you can choose selected option also if you want to have some selected users can join the machines to Azure, but in my case, I have selected all.
The next option is to create an additional local administrator for Windows 10 Azure AD joined devices.
- Here, you can select which users will have local admin rights on devices. By default, global administrators and device owners are granted local admin right on devices.
- After that, configure the other settings and click save.
Mobility (MDM and MAM)
Next step is Mobility (MDM and MAM) configurations:
- Login to Azure Portal
- Navigate to Azure Active Directory
- Open the Mobility (MDM and MAM) blade and click on Microsoft Intune
- Save the settings
Next we are going to create Azure AD group, which will be dynamic group with rules. You can complete this step either from Intune blade->Groups or Azure AD -> Groups.
NOTE! – Other option is to use Microsoft 365 Device Management portal.
- Click on New Group and provide all the information whichever you want
Configure Dynamic Query
I have selected the membership type as dynamic devices (This is same as SCCM where we create query based collection) then click on add dynamic query.
use the rule as "(device.devicePhysicalIDs -any _ -contains "[ZTDId]")"
- Now you can see in rule syntax query is added, save the setting and click on create.
Now the Azure AD group is created. So what will happen with this rule and group?
NOTE! – Once you import windows 10 device in Intune that device will add in this group automatically. And whatever profiles are assigned in this group that will be applied to devices.
Create Deployment Profile
Next step I followed is creation of deployment profile, this will be used for windows AutoPilot deployment.
- Go to Intune->Device Enrollment->Windows enrollment, right side you will see windows autopilot deployment Program.
- Click on deployment profiles then click on create profile
Configure Out-Of-Box experience (OOBE) for AutoPilot
In this window we will configure the OOBE settings for Windows AutoPilot devices.
- In Deployment Mode select the user driven
- Join to Azure AD as Azure AD joined
- Microsoft Software Licence Terms hide
- Privacy Settings hide
- Hide Change account options Hide
- User Account Type standard
- Allow While Glove OOBE No
- Apply Device name Template No
You can see on right hand all the available group are visible, you can select which group need to be assign for deployment profile.
I created Windows AutoPilot and selected that.
NOTE! – If you want to exclude any group then you can select otherwise click on next then review the settings and click on create.
Enrollment setup Page
In enrollment setup page there is default profile is created. Here we are going to create new profile for Windows Autopilot.
- Save the settings and create the profile.
NOTE! – Remember this profile can be assign to user groups only, device group wont be assigned.
Generate WindowsAutoPilotInfo file
Now we are all set, it’s time to add the existing windows 10 device in Intune.
- Before adding existing devices, we need to run few power-shell command on the new greenfield Windows 10 device
- And Import the csv file in Intune. Next i am going to login on windows 10 device.
- Open PowerShell with administrator, run the following command.
cd AutoPilot then enter then type following command
save-script -name get-WindowsAutoPilotInfo -Path C:\AutoPilot\
Now you can see in the directory, one PS file is created with the name of windowsautopilotinfo.
We will get the output file it into csv which will be used to import into Intune. run the command
.\Get-WindowsAutoPilotInfo.ps1 -outputfile C:\AutoPilot\AutoPilot.csv
You have csv file with you which have all the information of device for windows autopilot. which will have the information of Device Serial Number, Windows Product ID, and Hardware Hash
Import Device into Intune
Now open the Microsoft store for business and import the csv file.
NOTE! Might you have a question? Why am I not importing into Intune? The problem I faced is I couldn’t assign the deployment profile, which I have created. Why? Maybe, I might need to have some patience 🙂 But within Microsoft Store for Business, it appeared quick, and I could assign the profile without any problem.
- Go to Manage then devices from Microsoft Store for Business portal.
- Import the devices with OEM information which generally used by vendor (like Dell, HP, Lenovo).
- Also, you can import devices with the help of csv file which we have just now created.
- Click on add devices, then select the file which you have generated,
- Once You select, then you will see a window that will ask you to select the deployment group. I clicked on NO thanks option.
- Once device is added, then click on Profile, then select the deployment profile which is created, once profile is assigned then go back to Intune portal and see the status.
- Navigate to Microsoft Intune-> Device enrollment->Windows enrollment->Windows Autopilot Devices
- Here you can see the profile status is assigned, in initial stage status will be as signing which takes few sec and status gets change into assigned.
- All set, device is imported and deployment profile is assigned, next step is login to the windows 10 device and reset it.
Provision Windows 10 Experience with Windows Autopilot
Once you reset the windows 10 (or new machine which is autopilot enabled) and restart the device then you will see the following screen which indicates your device is ready to join windows autopilot.
Above picture says now you have some important setup to do, yes, you are going to join autopilot, exited……
Next screen will say about the complete setup.
Now login to windows 10 device with the Azure ID and pin which you have just set. and go to the settings-> accounts-> Access work or School here you can see your computer is connected to Azure AD.
When you go to the MS Intune-> Devices then you can see enrolled devices.
Newly imported windows 10 has joined windows autopilot. Now you can deploy any applications, settings, configuration, next part we will discuss on deployment on applications and software updates.
Happy Autopiloting 🙂