Install Required Apps in Windows Autopilot Enrollment Status Page

Let’s explore the process of selecting required apps on the Windows Autopilot Enrollment Status Page. The ESP page offers a configuration option that allows you to block device access until all required apps are installed. By enabling this option, you can ensure that all necessary apps are installed and configured correctly on the device.

The Enrollment Status Page (ESP) provides a configuration option, which allows users only to access their device once all critical and necessary apps have been installed. This ensures a better user experience and minimizes any potential issues that may arise from accessing the device before the necessary apps have been installed.

One configuration option includes blocking device access until app installation is complete. This ensures that the user cannot access the desktop until the device is in the intended state.

When deciding which apps to include in the list for blocking device use until their installation is complete, the following categories should be considered:

• Critical apps – These are the apps that are crucial for device security or accessing essential services, such as antivirus software, VPN clients, and data protection and compliance software.
• Core productivity apps – These are the apps that employees are most likely to use on a daily basis, such as Microsoft 365 Apps and Teams. By blocking device use until these apps are installed, employees can access their email, collaborate with colleagues, and work on files stored in OneDrive for Business.
• Important apps – These are the apps that are essential for performing specific business functions, and their absence can result in a loss of productivity or the inability to execute tasks. It is recommended to limit this list to the most crucial apps that will likely be opened within the first 30 minutes to an hour after receiving the device.

The most common approach is to block device usage until a specific set of apps has been installed. It is essential to carefully select this list to ensure the best possible user experience. If critical apps are excluded from the installation list, the device may not be fully functional, and if too many apps are included, users may become frustrated due to the extended installation time.

• Intune Enrollment Status Page Troubleshooting
• Benefits Of Enabling Windows Autopilot Diagnostics Page

Required Apps Installation in Windows Autopilot Enrollment Status Page

To deploy the ESP to devices, you have to create an ESP profile in Microsoft Intune. Within the profile, you can configure the ESP settings that control. Here’s how you can block access to a device until a specific application is installed.

• Sign in to the Microsoft Intune admin center https://intune.microsoft.com/.
• Navigate to Devices > Windows. Select Windows enrollment > Enrollment Status Page.

Select the existing ESP from the list, The enrollment status page appears during device setup and during the first user sign in. If enabled, users can see the configuration progress of assigned apps and profiles targeted to their devices.

On the Properties. Click Edit to modify the settings. Blocking use of the device until all apps have been installed is useful in scenarios where you may have a limited number of required apps that will not take too long to install or for dedicated devices like kiosks where all apps must be installed prior to use.

This option is configured by setting Block device use until these required apps are installed if they are assigned to the user/device to All.

Here you may find the various options for controlling app installation during the Windows Autopilot Provisioning process.

• Choose Yes to Show app and profile installation progress.
• Choose Yes to Block device use until all apps and profiles are installed.
• Choose Selected for Block device use until these required apps are installed if they’re assigned to the user/device.

Choose Select apps > choose the apps > Select > Save. Specify the apps that must be installed before the user can exit the ESP. You can choose up to 100 apps.

Note! Adding apps to this list does not mean that only those apps will install during the Enrollment Status Page.

A new toggle that allows you to select whether you want to attempt to install required applications during the pre-provisioning (white glove) technician phase.

In case of an app install failure, ESP will continue except for the apps specified in the ESP profile. To enable this function, you will need to edit your Enrollment Status Page profile by selecting Yes on the Only fail selected apps in technician phase. This setting will only appear if you have blocking apps selected.

End User Experience

The end-user experience with Windows Autopilot involves a streamlined and user-friendly process for setting up and configuring their new device. This typically includes entering their credentials, selecting their desired language and region, and agreeing to any necessary terms and conditions.

The configuration option restricts device usage until the required apps are installed, thereby preventing the user from accessing the device until it reaches an expected state.

The best way to troubleshoot Windows autopilot deployment is from the Windows Enrollment status screen. I recommend reading posts about Windows Enrollment Status Screen Troubleshooting.

Author

About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.