Auto MDM Enrollment with AAD TokenRepurposing of existing devices is one of the decisions you want to make while getting ready with Windows Autopilot.
I’m trying to help you decide how to repurpose devices to Windows Autopilot? Is it best to use MDT or SCCM?
[Related Posts – Step by Step Guide Windows AutoPilot Process with Intune & Beginners Guide Setup Windows AutoPilot Deployment & Windows Autopilot Video Starter Kit]
Options – Repurpose Existing Devices to Windows Autopilot
I think many organizations wanted to try and test Windows Autopilot. But there is always a puzzle in the decision-making. What are opportunities to repurpose existing devices (Windows 10 and Windows 7) to Windows Autopilot?
Microsoft had announced many options, which I already explained in my previous post. Also, you can check out Ignite 2018 Windows Autopilot session.
When you already have Windows devices in Intune, how to convert existing devices into Windows Autopilot? Any of the following options will help you turn existing devices to Windows Autopilot. Applicable for Windows 10 Devices!
- Non-Intune Windows 10 Devices – Upload the CSV file via Intune Portal
- Intune Windows 10 Devices – Enable new Autopilot profile setting for all targeted devices (check the below section)
- Non-Intune Windows 10 Devices – SCCM Co-Management devices are enabled with “Automatic Enrollment into Intune.” First, get the devices into Intune via co-management and then to Autopilot (check the below section).
- Non-Intune Windows 10 Devices – Group Policy will get your device into Intune and then enable Autopilot via the following method (Tanvir mentioned https://youtu.be/1–pBivksl8?t=2636)
How to Convert Existing Intune Devices to Windows Autopilot
The following steps will help you convert existing Intune devices to Windows Autopilot. You will be using the following method to enable Windows Autopilot for the Windows 10 devices in all the above scenarios (1-4).
[Note – Only Applicable for Windows 10 devices]
- Navigate to Intune in the Azure portal
- Choose Device enrollment > Windows enrollment > Deployment Profiles > Create Profile
- Type a Name and optional Description
- Set Convert all targeted devices to Windows Autopilot to Yes
- Following the steps to complete the Autopilot profile creation
By default, Intune only applies this profile to Windows Autopilot devices. Yes, to convert all targeted, non-auto pilot devices to Autopilot so that they can receive the shape the next time they perform a factory reset.
Windows devices running version 1709 support Windows Autopilot. So make sure you’ve upgraded your devices to work with Autopilot before you attempt to convert them. This is a one-time conversion to Autopilot.
NOTE – You can also use Group Policy (Auto MDM Enrollment with AAD Token) to enroll Windows 10 1709 or later Windows 10 Devices to Microsoft Intune.
[Related Posts – Step by Step Guide Windows AutoPilot Process with Intune & Beginners Guide Setup Windows AutoPilot Deployment]
Repurpose Existing Devices to Windows Autopilot – MDT/SCCM?
You might be using SCCM-managed Windows devices in your organization. How are you planning to repurpose those Windows 7 devices to Windows Autopilot?
You might not be using managing SCCM to manage Windows devices. How to Repurpose the Windows devices managed BigFix, KACE, Puppet, etc.. to Windows Autopilot?
The answer to the above questions is it depends. There are a couple of options to repurpose devices. You can use SCCM or MDT to repurpose existing devices to Windows Autopilot.
So it’s SCCM or MDT. The decision to use either MDT or SCCM entirely depends on your organization’s infrastructure, IT support, network connectivity, etc.
The following table gives you a high-level comparison between MDT Vs. SCCM.
Select MDT to Repurpose Devices
You can use MDT for repurposing existing devices to Windows Autopilot. But before deciding to go with MDT, it would be great to analyze your environment.
If you have not already invested in SCCM, you should use MDT to repurpose existing devices to Windows Autopilot.
Do you still think you should try MDT to repurpose Windows 7 devices to Windows Autopilot? Is this because of some known issues of SCCM? I would recommend raising a support case with Microsoft.
- Easy to Install, Configure, and maintain
- Light Touch Deployment
- Best for a well-connected Network (No network replication options?)
- Less Security Controls
- No Clear Roadmap (When will be the next version release of MDT?)
- Limited Reporting
- Standalone Instances
- Free Tool
Select SCCM to Repurpose Devices
You can use SCCM for repurposing existing devices to Windows Autopilot. Microsoft SCCM provides an out of box solution to repurpose existing Windows 7 devices to Windows Autopilot.
When you already have SCCM infrastructure, use the same infra to repurpose existing Windows 7 and Windows 10 devices to Autopilot.
Do you need faster reprovisioning of Windows 7 devices to Autopilot? If so, use Michael Niehaus’s idea.
- Complex to Install, Configure, and maintain
- Zero Touch Deployment
- Best for Distributed Network (Enterprise network replication options?)
- Better Security Controls
- Clear Roadmap
- Rich Reporting
- Out of Box Solution TS for Repurpose Existing Devices
- Paid Tool
How to Remove a Device from Windows Autopilot?
You have to note that removing the profile won’t remove the devices from Windows Autopilot.
- Navigate to Intune in the Azure portal
- Choose Device enrollment > Windows enrollment > Devices
- To remove the device from Autopilot, use the Windows Autopilot devices view and Delete the device entry from Autopilot.
To complete the removal, make sure the device is removed from Azure and Intune devices.
Resources
How to make Autopilot Adoption fast – https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/
[Related Posts – Step by Step Guide Windows AutoPilot Process with Intune & Beginners Guide Setup Windows AutoPilot Deployment]
Need clarity on these points:
It’s stated somewhere in this post that only systems with OEM Win Image can use AutoPilot (Bare metal can’t)
Reading the re-purpose existing devices part seems to suggest that after you enable co-management, the existing machine without OEM image CAN be used with AutoPilot. So, if there is requirement for resetting this machine, we can use Autopilot even though it initially did not have the OEM Image? What if the machine doesn’t boot and restarts while booting, is it possible to run autopilot on such a machine.
You can repurpose the existing machines. It’s doesn’t matter whether it’s bare metal or oem if it’s can present oobe screen for autopilot user enrollment
Thanks. So would it be right to say that after you have configured co-management and installed the Intune client on the existing devices(a managed image was used to deploy them) and they are added in the autopilot group. If now we reset the machine, it would display the oobe setup and continue like a new device. Do I understand that correctly? If this is the case then it’s not just the new devices but the old devices too get autopilot enabled (for lack of a better word:) after re-purpose process. Is that right Right? We want to transition from custom image to autopilot so are exploring how to cover all the bases.
My second question was that if you have a device which doesn’t boot successfully and the device gets rebooted every time during the boot process, even if this device is in the autopilot group, how do we force it to start the oobe setup. Would autopilot be useful in this scenario?
When it fails a couple of times it might boot into recovery mode. Is there any option in the recovery mode to start oobe setup.
Thanks once again
I think you need to get the device into oobe mode you can shoes whatever way you want tbh… if it’s not getting oobe mode you need to fix it in someway … hardware or software fix … if it’s hardware fix you might need to add new hash if the device to autopilot service.
I used this method to convert a couple test devices to Autopilot (they were initially added to Intune via SCCM Cloud Attach). The devices are now showing as Autopilot devices, but the “Associated Intune Device” is showing as N/A and there is now a Azure entry for the device showing “Azure Joined”. Is there a way to link them, or will we have duplicates until the devices have been reset?
The Associated Intune Device shows N/A because the Intune device was not made an Intune device through Autopilot. You must go through OOBE, and have Autopilot enroll the device into Intune. Afterwards, you will see the Associated Intune Device in the Autopilot device blade.
Hi Anoop,
Another great article! We have an existing fleet of devices that are domain joined and we are about to hybrid join them using AAD connect. Would I be correct in expecting point 2 to be the approach we use to prepare all these devices to be AutoPilot ready in the case they are factory reset?
And if so, is it common practice to create a temporary or single AutoPilot profile that is targetted at all Windows 10 devices with this setting on to Convert all targetted devices to autopilot?
Point 2 being Intune Windows 10 Devices – Enable new Autopilot profile setting for all targeted devices (check the below section)
Thanks
Hi Anoop.
How do we go about re purposing devices that are already enrolled into Intune but the user has left the business we need to reset the device for another user to use. In our scenario where devices are hybrid joined we have found that wipe or reset does not meet this need. We have to manually go and delete the device from the Intune Portal and then run the autopilot process again. Is this the correct method, it seems long winded.
If you are unable to do Autopilot Reset with the device running, and reimage the device instead. It is suppose to still work by just deleting the Intune device from Endpoint Manager -> Devices -> Windows at least it should work most of the time.
When this fails, we usually delete the device from Intune, Autopilot and Azure AD and restart the process, which adds a lot more time to the process.
This is why I try to use Autopilot Reset as much as possible, as it is designed to take the device back to the point when you deployed it and before the user signed in.
https://learn.microsoft.com/en-us/mem/autopilot/existing-devices
Why would anyone want to use SCCM or MDT to convert existing devices into autopilot as we want to move away from these to intune?
Please refer above article and help
For “Why would anyone want to use SCCM or MDT to convert existing devices into autopilot as we want to move away from these to intune?”
My use case: I manage an SCCM environment (no Intune or azure). A parent branch of our organization has their own domain\sccm\intune. My boss asked if we could pilot reimaging an existing device to instead add it to their intune.
If a device was converted (hash stored in AP) with the “convert all targeted devices to autopilot” and that hash was removed from the console, will it return on its own or does something else have to happen? The Intune and aad object are still present, it was just the hash that was deleted from the console. Hoping it will just return on its own without having to do anything on the device itself.