This is a step-by-step setup instructions for Windows Autopilot. If you have never used Windows Autopilot before, this setup guide will assist you in getting Windows Autopilot configured in Microsoft Intune from the beginning.
I’ve long wanted to release a setup manual for Windows Autopilot for novice users. Anyone interested in testing Autopilot may get started with this instruction, and it can all be done in your lab. You can test using a physical device, such as a laptop, but a virtual machine would work just as well.
A lot of big businesses presently use Windows Autopilot, which is a dependable method of deploying Windows. Additionally, Microsoft is enhancing Autopilot by making more additions to it. Using Windows AutoPilot, you may install Windows 10 more quickly
Windows Autopilot – what it is ?
A group of technologies known as Windows Autopilot, according to Microsoft, are used to pre-configure and set up new devices so they are ready for productive usage. Devices can be reset, repurposed, and recovered using Autopilot (Microsoft Autopilot). With the help of the Autopilot solution, an IT department may accomplish the aforementioned goals with minimal to no infrastructure management work and a straightforward procedure.
Windows Autopilot Setup Process Overview
This will help us to better understand the Windows Autopilot process. In every company, setting up Windows OS on laptops takes the most time for IT personnel. Windows Updates, branding, and other things are deployed instead of the operating system itself. In certain businesses, re-imaging devices is a necessary but time-consuming task for IT staff.
Manufacturer-optimized Windows 10 is used by Windows Autopilot. The device comes with this version preinstalled, so you won’t need to keep up with separate drivers and images for each model of device. Reimaging a device is not necessary when you may make your current Windows 10 installation fit for business use and install company approved applications
Once the deployment is finished, you can manage these devices with Intune, Configuration Manager, or other tools. In summary, rather than installing a whole new operating system, Windows Autopilot can be used to modify the current Windows OS.
Advantages of Using Windows Autopilot
Windows Autopilot offers several advantages and enables you to:
· Connect devices to Active Directory (by Hybrid Azure AD Join) or Azure Active Directory (via Azure AD).
· Enroll devices automatically in MDM services, like Microsoft Intune (setup requires an
Azure AD Premium membership).
· Limit the establishment of Administrator accounts.
· Using a device’s profile, create configuration groups and automatically assign
devices to them.
· Tailor OOBE material to the needs of the company.
· Gives you the ability to reset Windows automatically. When a device has to be swiftly
restored to a state suitable for business use, the Reset option comes in handy.
Windows Autopilot Windows 10 Requirements
The following Windows 10 editions are supported for Windows Autopilot.
- Windows 10 Pro
- Windows 10 Pro Education
- Windows 10 Pro for Workstations
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Enterprise 2019 LTSC
Windows Autopilot Licensing Requirements
Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. For Windows Autopilot, one of the following subscriptions is required.
- Microsoft 365 Business Premium subscription
- Microsoft 365 F1 or F3 subscription
- Microsoft 365 Academic A1, A3, or A5 subscription
- Microsoft 365 Enterprise E3 or E5 subscription, which include all Windows 10, Microsoft 365, and EM+S features (Azure AD and Intune).
- Enterprise Mobility + Security E3 or E5 subscription, which include all needed Azure AD and Intune features.
- Intune for Education subscription, which include all needed Azure AD and Intune features.
- Azure Active Directory Premium P1 or P2 and Microsoft Intune subscription (or an alternative MDM service).
Networking Requirements and Configuration
Windows Autopilot is reliant on numerous web services. Autopilot has to be able to access these services in order to function correctly. Please read the official Microsoft documentation on Windows Autopilot network requirements for this.
Configure Microsoft Intune auto-enrollment
If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
Open Mobility (MDM and MAM) in Azure Active Directory and select Microsoft Intune. If you do not see Microsoft Intune, click Add application and choose Intune. For the purposes of this demo, select All under the MDM user scope and click Save.
Create a device group for Windows Autopilot
Create an Autopilot deployment profile it requires a device group and we will create it now.
- In the Microsoft Endpoint Manager admin center, choose Groups > New group.
- For Group type, choose Security.
- Type a Group name and Group description (ex: Windows Autopilot Lab).
- Azure AD roles can be assigned to the group: No
- For Membership type, choose Dynamic devices.
Azure AD dynamic group with device physical ID attribute.
Now, you can see that the rule syntax query has been added. Save the setting and click on Create.
Create the Windows Autopilot Deployment Profile
Create a deployment profile which will be used for Windows AutoPilot deployment.
Go to Intune->Device Enrollment->Windows Enrollment. On the
right side, you will see the Windows autopilot Deployment program.
Click on deployment profiles, then click on Create a profile.
Click on the NEXT button.
Configure Out-Of-Box experience (OOBE) for AutoPilot
Configure the OOBE settings for Windows AutoPilot devices in this window.
· In Deployment Mode, select the user-driven
· Join Azure AD as Azure AD joined
· Microsoft Software Licence Terms hide
· Privacy Settings hide
· Hide Change account options Hide
· User Account Type standard
· Allow While Glove OOBE No
· Apply Device name Template Yes
Click Next to continue.
In Assignment, click on Select Groups to include.
Assignments
Now, it’s time to assign the Azure AD device group to the Autopilot profile.
Select the Azure AD group to deploy the Windows Autopilot Profiles.
Build Windows device for Autopilot
Starting with Windows Autopilot can be done on a physical device that will be wiped and then have a fresh Windows 10 or Windows 11 install. Alternatively, you can test it out on a virtual computer (VM).
Capture the Hardware ID
We will obtain the Windows 10 virtual machine’s hardware ID in this phase. Later
on, this will be uploaded on the Intune portal. Launch an elevated Windows
PowerShell prompt on the client virtual machine, then execute the following
commands.
md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Install-Script -Name Get-WindowsAutopilotInfo -Force
$env:Path += “;C:\Program Files\WindowsPowerShell\Scripts”
Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
When you are prompted to install the NuGet package, choose Yes.
Finally we have the AutopilotHWID.csv file in the C:\HWID directory that is about 8 KB in size.
In the next step, we will upload this data into Intune to register your device for Autopilot. If you are using a physical device instead of a VM, you can copy the file to a USB stick. If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM).
Reset the Windows for Out-Of-Box-Experience (OOBE)
This is an important step where with the hardware ID captured in a file, we will prepare our Virtual Machine for Windows Autopilot deployment by resetting it back to OOBE.
On the Windows 10 Virtual Machine, go to Settings > Update & Security > Recovery and click on Get started under Reset this PC. Select Remove everything and Just remove my files.
If you are asked How would you like to reinstall Windows, select Local reinstall.
Finally, click on Reset.
Register your Device for Autopilot
You can add Windows Autopilot devices by importing a CSV file with their
information.
In the Microsoft Endpoint Manager admin center, choose Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program > Import.
Under Add Windows Autopilot devices, browse to a CSV file listing the devices that you want to add. The CSV file should list the serial numbers, Windows product IDs, hardware hashes, optional group tags, and optional assigned user.
Choose Import to start importing the device information. Importing can take several minutes.
After import is complete, choose Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment
Program > Sync.
A message displays that the synchronization is in progress. The process might take a few minutes to complete, depending on how many devices are being synchronized.
When you click Import, the process to import a device may take up to 15 minutes. You may click Refresh to verify your VM or device has been added.
Windows Autopilot Setup Process
Now that we’ve got our Windows 10 device up and running, let’s see how Windows Autopilot is configured.
From here your device will proceed with Auto-pilot build process. In first screen you need to select Language if multiple languages are available, select preferred Language and click Yes
Select “region” and then click on “Yes”
In next window, select the keyboard layout and Click “Yes”
Please select an additional keyboard by clicking “Add Layout” if you want to add additional Keyboard
Than it will go for a Network connection. Please select Network connection.
In the next screen, you see Setting up your device for work. There are three main steps here.
Step 1 – Device Preparation
- Securing your hardware
- Joining your organizations network
- Registering your device for mobile management
- Preparing your device for mobile management
Step 2 – Device Setup
Configures the Windows 10 device.
Step 3 – Account Setup
Configures your account.
Click OK to use Windows Hello with your account.
In order to secure this device, setup a PIN. The PIN that you specify here must be 6 characters long. Click OK.
You have successfully set the PIN now. Click OK and this completes the Windows Autopilot Setup.
Windows Autopilot Setup Complete !!!!!!!
The device should show up in Intune as an enabled Autopilot device. The icon for this device is bit different from rest. Go into the Intune Azure portal, and select Devices > All devices. Select the device and you will see a banner This device is a
Windows Autopilot device.