Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide

2

In this post, I will describe how to provision windows 10 devices with AutoPilot service, how to enroll them into Intune, create deployment profile, import device information in Intune, and set up Windows 10 devices.

Introduction

Provision Windows 10 with AutoPilot is part of modern technology. It seems to me everything is moving into cloud and automation. Building and managing operating systems are time-consuming, Windows Autopilot is the provisioning service.

With the help of Intune and AutoPilot, you can pre-configure, reset, re-purpose, recover your devices. You can do the customization, deploy the setting without re-imaging, which saves your lot of time.

I would not go into details for describing Windows AutoPilot, as there is a lot of Microsoft Documentation available. We also have posts from AnoopJoy, and Vimal about Windows AutoPilot and MS Intune. Please go through with Windows AutoPilot.

Related Post-Beginners Guide Setup Windows Autopilot Deployment, Windows Autopilot FAQ Clarifying the General Misconceptions Part 1, Windows AutoPilot and Microsoft Documentation

While enrolling Windows 10 device to Intune, we must have to configure some pre-requisite, which are following. I would not go in detail with the licensing and other requirements that information you can get from Microsoft documents.

  • Configure Device Setting
  • Mobility (MDM and MAM)
  • Company Branding
  • Deployment Profile
  • Create Groups
  • Creation of Users

Configure Device Setting

To configure the device setting, you have to go to:

  • Login to Azure Portal
  • Navigate via Azure active directory->Devices->Device Settings
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Manage Windows 10 with AutoPilot – Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide

The first option is users may join devices to Azure AD, which I have selected all, you can choose selected option also if you want to have some selected users can join the machines to Azure, but in my case, I have selected all.

The next option is to create an additional local administrator for Windows 10 Azure AD joined devices.

  • Here, you can select which users will have local admin rights on devices. By default, global administrators and device owners are granted local admin right on devices.
  • After that, configure the other settings and click save.

Mobility (MDM and MAM)

Next step is Mobility (MDM and MAM) configurations:

  • Login to Azure Portal
  • Navigate to Azure Active Directory
  • Open the Mobility (MDM and MAM) blade and click on Microsoft Intune
  • Save the settings
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Manage Windows 10 with AutoPilot – Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide

Create Group

Next we are going to create Azure AD group, which will be dynamic group with rules. You can complete this step either from Intune blade->Groups or Azure AD -> Groups.

NOTE! – Other option is to use Microsoft 365 Device Management portal.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Provision Windows 10 with AutoPilot – Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
  • Click on New Group and provide all the information whichever you want
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 1
Manage Windows 10 with AutoPilot

Configure Dynamic Query

I have selected the membership type as dynamic devices (This is same as SCCM where we create query based collection) then click on add dynamic query.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Click on Edit Manage Windows 10 with AutoPilot
 use the rule as "(device.devicePhysicalIDs -any _ -contains "[ZTDId]")"
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 2
Then click on OK Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 3
Manage Windows 10 with AutoPilot
  • Now you can see in rule syntax query is added, save the setting and click on create.

Now the Azure AD group is created. So what will happen with this rule and group?

NOTE! – Once you import windows 10 device in Intune that device will add in this group automatically. And whatever profiles are assigned in this group that will be applied to devices.

Create Deployment Profile

Next step I followed is creation of deployment profile, this will be used for windows AutoPilot deployment.

  • Go to Intune->Device Enrollment->Windows enrollment, right side you will see windows autopilot deployment Program.
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Manage Windows 10 with AutoPilot
  • Click on deployment profiles then click on create profile
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 4
Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 5
Click on Next Manage Windows 10 with AutoPilot

Configure Out-Of-Box experience (OOBE) for AutoPilot

In this window we will configure the OOBE settings for Windows AutoPilot devices.

  • In Deployment Mode select the user driven
  • Join to Azure AD as Azure AD joined
  • Microsoft Software Licence Terms hide
  • Privacy Settings hide
  • Hide Change account options Hide
  • User Account Type standard
  • Allow While Glove OOBE No
  • Apply Device name Template No
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 6
Click Next Manage Windows 10 with AutoPilot

Assignments

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 7
In Assignment click on Select groups to include Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 8
Manage Windows 10 with AutoPilot – Provision Windows 10

You can see on right hand all the available group are visible, you can select which group need to be assign for deployment profile.

I created Windows AutoPilot and selected that.

NOTE! – If you want to exclude any group then you can select otherwise click on next then review the settings and click on create.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 9
Profile is created Manage Windows 10 with AutoPilot

Enrollment setup Page

In enrollment setup page there is default profile is created. Here we are going to create new profile for Windows Autopilot.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 10
Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 11
Manage Windows 10 with AutoPilot – Provision Windows 10
  • Save the settings and create the profile.

NOTE! – Remember this profile can be assign to user groups only, device group wont be assigned.

Generate WindowsAutoPilotInfo file

Now we are all set, it’s time to add the existing windows 10 device in Intune.

  • Before adding existing devices, we need to run few power-shell command on the new greenfield Windows 10 device
  • And Import the csv file in Intune. Next i am going to login on windows 10 device.
  • Open PowerShell with administrator, run the following command.

CD\

md AutoPilot

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 12
Manage Windows 10 with AutoPilot

cd AutoPilot then enter then type following command

save-script -name get-WindowsAutoPilotInfo -Path C:\AutoPilot\

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 13
Manage Windows 10 with AutoPilot

Now you can see in the directory, one PS file is created with the name of windowsautopilotinfo.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 14
Manage Windows 10 with AutoPilot

We will get the output file it into csv which will be used to import into Intune. run the command .\Get-WindowsAutoPilotInfo.ps1 -outputfile C:\AutoPilot\AutoPilot.csv

You have csv file with you which have all the information of device for windows autopilot. which will have the information of Device Serial Number, Windows Product ID, and Hardware Hash

Import Device into Intune

Now open the Microsoft store for business and import the csv file.

NOTE! Might you have a question? Why am I not importing into Intune? The problem I faced is I couldn’t assign the deployment profile, which I have created. Why? Maybe, I might need to have some patience 🙂 But within Microsoft Store for Business, it appeared quick, and I could assign the profile without any problem. 

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Manage Windows 10 with AutoPilot
  • Go to Manage then devices from Microsoft Store for Business portal.
  • Import the devices with OEM information which generally used by vendor (like Dell, HP, Lenovo).
  • Also, you can import devices with the help of csv file which we have just now created.
  • Click on add devices, then select the file which you have generated,
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 15
Manage Windows 10 with AutoPilot
  • Once You select, then you will see a window that will ask you to select the deployment group. I clicked on NO thanks option.
Provision Windows 10
Manage Windows 10 with AutoPilot – Provision Windows 10
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 16
Manage Windows 10 with AutoPilot
  • Once device is added, then click on Profile, then select the deployment profile which is created, once profile is assigned then go back to Intune portal and see the status.
  • Navigate to Microsoft Intune-> Device enrollment->Windows enrollment->Windows Autopilot Devices
  • Here you can see the profile status is assigned, in initial stage status will be as signing which takes few sec and status gets change into assigned.
  • All set, device is imported and deployment profile is assigned, next step is login to the windows 10 device and reset it.
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 17
Manage Windows 10 with AutoPilot

Provision Windows 10 Experience with Windows Autopilot

Once you reset the windows 10 (or new machine which is autopilot enabled) and restart the device then you will see the following screen which indicates your device is ready to join windows autopilot.

Provision Windows 10
select the region Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 18
select the keyboard layout Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Manage Windows 10 with AutoPilot

Above picture says now you have some important setup to do, yes, you are going to join autopilot, exited……

Next screen will say about the complete setup.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 19
Enter user email address Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 20
Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 21
Manage Windows 10 with AutoPilot – Provision Windows 10
Provision Windows 10
change the password Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 22
Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 23
Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 24
provide the 6 digit pin number which will be used for next login Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 25
Background and logo which you are able to see is configured during the company branding Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 26
Provide more information Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 27
Manage Windows 10 with AutoPilot

Now login to windows 10 device with the Azure ID and pin which you have just set. and go to the settings-> accounts-> Access work or School here you can see your computer is connected to Azure AD.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 28
Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 29
Manage Windows 10 with AutoPilot

When you go to the MS Intune-> Devices then you can see enrolled devices.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Manage Windows 10 with AutoPilot
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide 30
Manage Windows 10 with AutoPilot

Newly imported windows 10 has joined windows autopilot. Now you can deploy any applications, settings, configuration, next part we will discuss on deployment on applications and software updates.

Happy Autopiloting 🙂

Resources

2 COMMENTS

  1. Anoop, will autopilot works for virtual devices? And is autopilot recommended for large complex environment 1.5lks devices.. how about managing legacy devices with intune win7, 8.0, 8.1 etc any options available.. any thoughts on managing server os with intune

    • I think all these 150000 devices won’t be migrated to Intune and Windows Autopilot in couple of months. So, you shall think about starting the journey towards Autopilot and Intune management for small set of devices like 100 for 1st year and then continue with the deployments.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.