Next Generation Windows Autopilot Deep Dive Troubleshooting Guide by VImal! The Next Generation Windows Autopilot is a powerful tool designed to simplify and speed up the deployment of Windows devices in organisations.
Issues can arise during the setup or use of any technology. This troubleshooting guide is here to help you identify and solve common problems step by step. We’ll cover everything from basic setup requirements, like ensuring the right licenses and network settings, to fixing errors during device enrollment.
You’ll learn to use tools like Event Viewer and Intune’s diagnostic options to investigate issues, understand error codes, and apply solutions. Following these can optimise performance, reduce troubleshooting time, and ensure smooth device provisioning.
Windows Autopilot device preparation is designed to facilitate device deployment. It ensures devices are set up with consistent settings, speeds up the setup process, and simplifies troubleshooting.
Table of Contents
Next Generation Windows Autopilot Deep Dive Troubleshooting
Windows Autopilot is a cloud-based deployment service that simplifies the setup and configuration of Windows devices. This post provides an overview of the Next Generation Windows Autopilot Deep Dive Troubleshooting Guide. It includes all the important details to help you understand and resolve common issues with Windows Autopilot.
The HTMD Community successfully held the HTMD Community Conference 2024, an in-person event, on 7th December 2024 in Bengaluru. The event brought together industry professionals for sessions led by Microsoft Product Group members and industry experts, who shared valuable knowledge and experiences.
- New Capabilities in Windows Autopilot Device Provisioning Real Time Monitoring App and Script Provisioning
- Guide to Configure Windows Autopilot Next Generation Device Preparation Policy with Intune
Sponsors
Microsoft, Patch My PC, Zero Touch, and Nerdio sponsored the HTMD Community Conference 2024, and these companies played a key role in making the event a success.
Windows Autopilot Next Generation
I, Vimal Das, a Senior Support Escalation Engineer at Microsoft, covered Windows Autopilot Device Preparation in this session. I explained how this process simplifies and streamlines device deployment by ensuring consistent configurations, enhancing setup speed, and improving troubleshooting efficiency.
What is Windows Autopilot Device Preparation
Windows Autopilot Device Preparation is designed to simplify the deployment process by ensuring consistent configurations, improving setup speed, and enhancing troubleshooting capabilities. By using Autopilot, organisations can achieve the following benefits.
- Reduced IT Deployment Time: Decreases IT teams’ time deploying devices.
- Lower Infrastructure Requirements: Minimizes the infrastructure needed to manage and maintain devices.
- Maximized Ease of Use: Simplifies the process for all end users, making it easier for them to get started with their devices.
- Improved Troubleshooting: Enhances the ability to troubleshoot issues quickly and effectively.
Requirements for Windows Autopilot Device Preparation
Let’s discuss the requirements for Windows Autopilot device preparation. To use Windows Autopilot Device Preparation, the following criteria must be met.
- Windows 11, version 23H2 with KB5035942 or later.
- Windows 11, version 22H2 with KB5035942 or later.
- Microsoft Entra ID: Only Microsoft Entra join is supported.
- The device should not be registered or added as a Windows Autopilot device. If registered, the Windows Autopilot profile will take priority over the Autopilot device preparation policy. To remove a device from Windows Autopilot, refer to Deregister a device.
- For additional details, check the full Windows Autopilot device preparation requirements.
- Intune Remote Help Available for OOBE Screen during Windows Autopilot Scenario
- Keyboard Layout Prompt in Windows Autopilot OOBE Process
- SCCM Customize Windows Out of Box Experience OOBE Using ConfigMgr
- Guide to Configure Windows Autopilot Next Generation Device Preparation Policy with Intune
Windows Autopilot Device Preparation VS. Windows Autopilot – End User Experience Demo
Let’s discuss the Windows Autopilot Device Preparation VS. Windows Autopilot. The table below helps you to show the features of both Windows Autopilot Device Preparation and Windows Autopilot.
Feature | Windows Autopilot Device Preparation | Windows Autopilot |
---|---|---|
Features | Support for Government Community Cloud High (GCCH) and Department of Defense (DoD) environments. Faster, more consistent provisioning experience. Near real-time monitoring and troubleshooting info. | Support for multiple device types (HoloLens, Teams Meeting Room). Many customization options for the provisioning experience. |
Supported modes | User-driven. | User-driven. Pre-provisioned. Self-deploying. Existing devices. Join types supported |
Join types supported | Microsoft Entra join. | Microsoft Entra join. Microsoft Entra hybrid join. |
Is device registration required? | No | Yes |
What do admins need to configure? | Windows Autopilot device preparation policy. Device security group with Intune Provisioning Client as owner. | Windows Autopilot deployment profile. Enrollment Status Page (ESP). |
What configurations can be delivered during provisioning? | Device-based only during the out-of-box experience (OOBE). Up to 10 essential applications (line-of-business (LOB), Win32, Microsoft Store, Microsoft 365). Up to 10 essential PowerShell scripts. | Device-based during device ESP. User-based during user ESP. Any number of applications. |
Reporting & troubleshooting | Windows Autopilot device preparation deployment report: Shows all Windows Autopilot device preparation deployments. More data available. Near real-time. | Windows Autopilot deployment report: Only shows Windows Autopilot registered devices. Not real-time. |
Supports LOB and Win32 applications in same deployment? | Yes | No |
Supported versions of Windows | Windows 11, version 23H2 with KB5035942 or later. Windows 11, version 22H2 with KB5035942 or later. | All currently supported versions of Windows 11 General Availability Channel. All currently supported versions of Windows 10 General Availability Channel. |
Why Windows Autopilot Device Preparation
Windows Autopilot Device Preparation offers several advantages. The first one is No Hardware Hash Harvesting and Import Required: This method eliminates the need to gather and import hardware hashes, simplifying and accelerating the deployment process.
- Enrollment Time Grouping Approach: Devices can be grouped at enrollment, making applying the right configurations and policies based on device or user groups easier.
- Troubleshooting and Reporting: Autopilot provides detailed troubleshooting and reporting features, enabling IT teams to quickly identify and resolve deployment issues, ensuring smoother device setup.
Enrolment Time Grouping Approach
With Enrollment Time Grouping, when a user authenticates into a device, the device is added to a pre-defined device security group during enrollment. Applications, scripts, and policies assigned to the device group are then deployed to the device.
Direct assignment of devices to the device group allows the applications, scripts, and policies assigned to the device group to deploy quicker and more efficiently versus when using a dynamic device group.
Enrolment Time Grouping Admin Configuration Demo
Let’s discuss the Enrolment Time Grouping admin configuration Demo. Add owners by selecting the service principal Intune Provisioning Client with Appld of f1346770-5b25-470b-88bd-
d5744ab7952c. Alternatively, use the Search bar to search for and select Intune Provisioning Client.
- If the Appld of f1346770-5b25-470b-88bd-d5744ab7952c isn’t available in the list of objects or when searching, see Adding the Intune Provisioning Client service principal.
Troubleshooting and Reporting
Windows Autopilot provides powerful troubleshooting and reporting features that make tracking and managing device deployments easy. The below list helps you to show more details.
- · Easily track which devices went through Autopilot.
- . Track status and deployment phase for each device in near real-time.
- . Each device has the following details in the monitoring report:
- · Device details.
- . Profile name and version.
- · Deployment status details.
- · Apps applied with status.
- · Scripts applied with status.
Work Flow and Troubleshooting Stages 1 to 10 – Stage 1 Select Region, Keyboard
The first stage involves selecting the region and keyboard layout. The screenshot below provides additional details on this step. Table of Geographical Locations lists available geographical locations with their identifiers called GEOID. These GEOIDs are used by applications when calling National Language Support (NLS) functions that accept the GEOID data type.
Stage 2 – Zero Day Patch and Update
Let’s talk about zero-day patches and updates. A zero-day patch is a fix for a security issue discovered and exploited by attackers before the software company can release a fix. It’s important to install these patches quickly to protect your system.
An update is a general improvement to software, which could include bug fixes, new features, or security patches. If an Out of Box Experience (OOBE) update is available and you attempt to install it, it will be logged under Updates for Windows.
Stage 3 – Device Rename
Give your device a unique name that makes it easy to recognise when connecting from other devices. Once you choose a name, your device will restart to apply the change. This simple step helps personalise your device and makes it easier to identify in your network.
Stage 4 – Azure Authentication
Azure Authentication is the process used to verify the identity of users, applications, or services attempting to access resources in Microsoft Azure. It ensures that only authorized users or systems can interact with Azure services and data.
Stage 5 – MDM Enrollment
Depending on the organisation’s requirements, the device is configured with specific policies, apps, and settings during MDM enrollment. This ensures that the device complies with security standards and can be remotely managed.
Stage 6 – IME Download
IME Download in Windows Autopilot typically refers to downloading specific components or configurations required for Intune Management Extension (IME). IME is a component used in Microsoft Intune to manage Windows 10/11 devices, especially when applying scripts, Win32 apps, or other advanced configurations during or after Autopilot deployment.
Stage 6 – IME Download
During the Autopilot process, devices may need to download and apply configurations or policies defined in Intune. The IME ensures these policies and scripts are executed properly.
[HKEY_LOCAL_MACHINE\software\microsoft\provisioning\AutopilotSettings]”AgilityProductName”=”Windows.Autopilot.amd64″
“AllowedTimeDriftDeltaMinutes”=DWORD:00000005
“AutopilotDiagnosticsCurrentVersion”=”1.0.0″
“AutopilotDiagnosticsOutputMocked”=DWORD:00000000
“ConciergeMsaTicketUri”=”https://dds.microsoft.com”
“ConciergeUri”=”https://cs.dds.microsoft.com/command/device/PersonalDeviceBootstrapPolicies”
“DdsZtdMsaTicketUri”=”https://ztd.dds.microsoft.com””DdsZtdUri”=”https://ztd.dds.microsoft.com/ztd/device/AutopilotDeviceBootstrapPolicies””ProfileUsingProcMon”=DWORD:00000000
“TpmAikTaskMaxTimeoutMilliseconds”=DWORD:0000ea60
“TpmNgcWaitDelayMilliseconds”=DWORD:000003e8
“UseRefactoredEsp”=”True”
“DppHeartbeatMaxFailures”=DWORD:0000000a
“DppHeartbeatMilliseconds”=DWORD:000009c4
“DisableAutopilotAgilityProductVersionTelemetry”=DWORD:00000001
“AutopilotDevicePrepHint”=DWORD:00000002
Stage 7 – IME Install
IME Install refers to installing the Intune Management Extension (IME) on a Windows device. IME is a key component in Microsoft Intune that extends Intune’s management capabilities for Windows devices.
Your device might take a few minutes to set up for work or school. During this process, your device may restart as necessary. Microsoft installs the required apps and policies to meet your organisation’s needs.
Stage 8 – Providers
The SLDM, PowerShell Scripts, and Win32Apps Provider are key in processing different tasks during Windows Autopilot device preparation. The below list and screenshot show more details.
- SLDM Provider handles Line of Business (LOB) apps and policies.
- PowerShell Scripts Provider processes custom scripts.
- Win32Apps Provider takes care of Win32 app installations.
[HKEY_LOCAL_MACHINE\software\microsoft\provisioning\AutopilotSettings\DevicePreparation\MDMProvider]”MdmAgentInstalled”=DWORD:00000000
“FirstInvocationDone”=”True”
“Id”=”1c31c6a6-1516-41df-8657-5351b09c23a7″
“FriendlyName”=”SLDM Provider”
“StartTimeInUtc”=”2024-12-05T05:11:15.2691889Z”
“Status”=”Provisioning in Progress”
Stage 8.1 – SLDM Providers Processing LOB and Policy
The registry keys and values below are part of the Windows Autopilot setup and configuration. They are used during device provisioning to manage settings, monitor progress, and simplify deployment.
[HKEY_LOCAL_MACHINE\software\microsoft\provisioning\AutopilotSettings\DevicePreparation\MDMProvider]
"MdmAgentInstalled"=DWORD:00000000
"FirstInvocationDone"="True"
"Id"="1c31c6a6-1516-41df-8657-5351b09c23a7"
"FriendlyName"="SLDM Provider"
"StartTimeInUtc"="2024-12-05T05:11:15.2691889Z"
"Status"="Provisioning Complete"
In the Registry key, the AgilityProductName specifies the product used during the Autopilot process, in this case, “Windows.Autopilot.amd64.” It also identifies the specific version or build for the provisioning process.
[HKEY_LOCAL_MACHINE\software\microsoft\provisioning\AutopilotSettings]
"AgilityProductName"="Windows.Autopilot.amd64"
"AllowedTimeDriftDeltaMinutes"=DWORD:00000005
"AutopilotDiagnosticsCurrentVersion"="1.0.0"
"AutopilotDiagnosticsOutputMocked"=DWORD:00000000
"ConciergeMsaTicketUri"="https://dds.microsoft.com"
"ConciergeUri"="https://cs.dds.microsoft.com/command/device/PersonalDeviceBootstrapPolicies"
"DdsZtdMsaTicketUri"="https://ztd.dds.microsoft.com"
"DdsZtdUri"="https://ztd.dds.microsoft.com/ztd/device/AutopilotDeviceBootstrapPolicies"
"ProfileUsingProcMon"=DWORD:00000000
"TpmAikTaskMaxTimeoutMilliseconds"=DWORD:0000ea60
"TpmNgcWaitDelayMilliseconds"=DWORD:000003e8
"UseRefactoredEsp"="True"
"DppHeartbeatMaxFailures"=DWORD:0000000a
"DppHeartbeatMilliseconds"=DWORD:000009c4
"DisableAutopilotAgilityProductVersionTelemetry"=DWORD:00000001
"AutopilotDevicePrepHint"=DWORD:00000004
Stage 8.2 – PowerShell Scripts and Win32Apps Provider
Event 205 from the BootstrapperAgent details the Scripts Provisioning process during device setup. The process was completed successfully with the following details.
- Name: Scripts Provisioning
- Current Status: Completed
- Final Result: ProvisioningComplete
- Start Time: December 5, 2024, at 5:13:32 AM
- End Time: December 5, 2024, at 5:13:33 AM
- Workloads: None
Stage 9 – Setup Complete
The registry settings under the key [HKEY_LOCAL_MACHINE\software\microsoft\provisioning\AutopilotSettings] are related to the configuration and behavior of Windows Autopilot device preparation. The screenshot below shows more details.
Stage 10 – Privacy Settings
Microsoft gives you control over your privacy settings. You can choose your preferred settings and change them at any time. You can enable location-based features, such as directions and weather updates. This allows Windows and apps to request your location, and Microsoft can use your location data to improve services.
User Logged into Desktop
The screenshot below shows that the users have successfully logged into the desktop, confirming that the login process was completed without any issues. This indicates that the authentication and device setup were successful, allowing users to access their desktop environment.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Vimal has more than 10 years of experience in SCCM device management solution. His main focus is on Device Management technologies like Microsoft Intune, ConfigMgr (SCCM), OS Deployment,Patch Management. He writes about the technologies like SCCM, Windows 10, Microsoft Intune and MDT.