Let’s review the details about Windows Autopilot updates in this blog post. The screenshots are from Michael Niehaus and Tanvir Ahmed’s Ignite session slides and demos.
Windows Autopilot streamlines the process of setting up and pre-configuring new devices, making them ready for immediate use. This powerful tool can easily deploy Windows PCs or HoloLens 2 devices.
Automatic updates ensure devices receive critical monthly updates for security and ecosystem health. This successful approach, which has been used for years with Windows 10, will also apply to Windows 11.
More details about the session details & recording are available in the below section of the post.
Ignite 2019 Coverage
- Microsoft Endpoint Management SCCM Intune Windows Updates
- Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
- iOS Android macOS Mobile Enrollment Options with Intune
- Basics of Windows Dynamic Update Explained Update Management
- WVD End User Experience Availability Updates
- MSIX Updates from Ignite Reliability Network Disk-space
- Microsoft Learning Certification Exams Updates
- On-Prem WVD Options Azure Quantum Qualys Scan Integration
- Intune Reporting Strategies Advanced Reporting
- Intune Endpoint Security Policies Enhancements
- Intune Policy Sets Collection of Workflows
- Windows Autopilot Updates Timelines
Deployment Scenarios Release Timelines
- User-Driven mode AAD Join
- Windows 10 1703 and later
- User-driven mode Hybrid Azure AD join
- Windows 10 1809 or later
- Deploy over VPN – Public Preview in Q1 2020
- Windows 10 1903 or later
- Windows Autopilot white glove
- Windows 10 1903 or later
- General availability sometime in 2020
- Self-deployment mode (preview) KIOS/Special devices
- Windows 10 1903 or later
- General Availability sometime in 2020
- Windows 10 1903 or later
- Windows Autopilot for Existing Devices
- Now it supports Hybrid Azure AD join
- Windows 10 1809 or later
Enrollment Status Page Updates & Release Timelines
Learn more details on the Enrollment Status page here. More information about Autopilot ESR updates are below.
- Enrollment Status Page (ESR)
- Windows 10 1803 onwards
- Disable ESR for Nth User in a multi-user scenario (Available now)
- ESR Integration with SCCM
- H1 2020 (Coming Soon)
- Skip user ESP for multi-user scenario
- ESP Targeting users & devices
- Sometime in the future?
- ESP Targeting users & devices
Device Life Cycle Management Updates
The basic life cycle management updates are already available in MEM Microsoft Intune (MEMI).
- Register and de-register or remove devices from Autopilot
- Performance Improvements are coming soon
- Edit Group Tag option
- Available Q4 2019
- Assign Computer names
- Available Q4 2019
Autopilot Reporting and Monitoring Enhancements
As mentioned above, this feature is also already available in Intune. I think these Windows Autopilot reporting and monitoring (enhancement) topics are aligned with Intune advanced reporting options announced.
- More detailed information about Windows Autopilot deployment and troubleshooting
- Windows Autopilot Deployment report
- It is expected to get released sometime in Q4 2019
- Windows Autopilot Log Collection
- Sometime shortly (Similar to Intune Log collection?)
- Windows Autopilot Deployment report
Windows and Device Configuration with Windows Autopilot
Intune is introducing more features to manage Windows and device firmware configurations. Some of them are given below.
- Intune DFCI Firmware configuration
- Remove list of in-box apps (coming soon)
- Add Language packs and Features (Coming soon)
Delivery Optimization with Windows Autopilot
These DO improvements will help organizations to save bandwidth-related issues. This could be a big issue when all the clients download the feature updates from the internet.
The following are some of the DO-supported scenarios for now and in the future.
- Peer to Peer Cache with DO
- UWP/Store Apps
- Intune Content
- Office 365 ProPlus install support (Preview)
- Office 365 ProPlus update support (?)
- Automatically connected cache discover for White glove (coming soon?)
Independent Windows Autopilot Update
I don’t know whether this is similar to Windows Dynamic updates, but it seems to be identical to that service. This will help you get the latest updates and features from the Autopilot service independent of Windows 10 feature updates.
- Available for Windows 10 1903 + KB 4517211 or later
- For the OEMs, it will be available only with Windows 10 1909 or later
User-Driven Azure AD Join
- Connect to a network
- Authenticate to Azure AD
- Password-less with phone sign-in
- Authenticate with FIDO2
- Password-less with phone sign-in
- Enroll to Intune
- Track the process through the Enrollment Status Page
- Policies
- Apps (Win32,MSI,UWP)
- Certificates
- Network – VPN connections
- SCCM Task Sequence status (coming soon, H1 2020)
User-driven mode Hybrid Azure AD join
NOTE! The Hybrid Azure AD Join—Ping to establish connectivity check will be removed in future versions. Microsoft added support for VPN for future versions.
Intune will push down the VPN client during the DEVICE setup stage on the Enrollment Status Page(ESP), as per Tanvir Ahmed’s demo and explanation! IT admins should deploy the VPN client as an Intune app.
NOTE! The Windows 10 sign-in page has a framework that allows the VPN to connect with the pre-authenticated token. The end user still has to authenticate with a user ID and Password.
- Connect to a network.
- Authenticate to Azure AD
- Password-less with phone sign-in
- Authenticate with FIDO2
- Password-less with phone sign-in
- Enroll to Intune
- Perform Offline Domain Join
- VPN Support Preview in Q1 2020 with Windows 10 1903
- Track the process through the Enrollment Status Page
- Policies
- Apps (Win32,MSI, UWP)
- Certificates
- Network – VPN connections
- SCCM Task Sequence status via ESP (coming soon H1 2020)
Self-Deployment Mode – Windows Autopilot
KIOS and shared devices scenario with Autopilot provisioning. The TPM 2.0 chip is required to support the Self-deployment mode scenario.
- TPM attestation to authenticate to Azure AD
- Enroll to Intune
- Track the process through the Enrollment Status Page
- Policies
- Apps (Win32,MSI, UWP)
- Certificates
- Network – VPN connections
- SCCM Task Sequence status via ESP (coming soon H1 2020)
- General Availability is sometime in next year, 2020
Windows Autopilot White-Glove
Windows autopilot White Glove is based on a self-deployment framework as per Micheal N.
White-Glove Technician Flow
- Press the Windows Key FIVE times to start
- Select Windows Autopilot Provisioning
- Confirm Settings
- Configure the User with a companion app
- Change Group Tag, Computer Name with a companion app (Q4 2020)
- Autopilot registration details with QR code and click on Provision
- Join Azure AD / Hybrid AD
- Enroll to Intune
- Install Device targDevicepps
- Install Device targeted Policies
- Install User targeted Apps (?)
White Glove User Flow Process
- Switch on the device
- SeleDevice region, Keyboard, language
- Connect to Internet Network
- The standard user driver process
- Track the process through the Enrollment Status Page
- User Policies
- User Certs / Profiles
- etc…
- Track the process through the Enrollment Status Page
New Windows Autopilot Features
- Coming Soon Features
- Future Future Features
Session Details – Windows Autopilot Updates
Whether you’re new to Windows Autopilot or looking for troubleshooting tips, this session has plenty of information, insights, and best practices.
More details – https://myignite.techcommunity.microsoft.com/sessions/81679?source=schedule
Resources
- Part 1 Windows Autopilot FAQ Clarifying the General Misconceptions
- Part 2 Windows Autopilot from the perspective of IT Admin setup
- Part 3 Windows Autopilot In-Depth Processes from Device Side
- Part 4 Windows Autopilot White Glove Provisioning Deep Dive
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
very briefly explained as always and helpful too. My 50 dollars for you.
Very nicely explained. As Deploy over VPN support was to be previewed in Q1Cy20, has this been available and is there any updated news on it.