Table of Contents
Overview:
From the user’s perspective, it only takes a few simple operations to make their device ready to use.
- From the IT pro’s perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
Windows Autopilot enables the following functionality:
- Automatic joining of devices to Microsoft Entra ID or Active Directory (via Microsoft Entra hybrid join). For more information about the differences between these two join options, see Introduction to device management in Microsoft Entra ID.
Auto-enrollment of devices into mobile device management (MDM) services, such as Microsoft Intune (Requires a Microsoft Entra ID P1 or P2 subscription for configuration).
- Creation and auto-assignment of devices to configuration groups based on a device’s profile.
- Customization of the out-of-box experience (OOBE) content specific to the organization.
Change the edition of Windows being used to support advanced features. For example, from Windows Pro to Windows Enterprise.
2. Windows Autopilot Setup Process Overview:
When new Windows devices are initially deployed, Windows Autopilot uses the OEM-optimized version of Windows client. This version is preinstalled on the device, so custom images and drivers for every device model don’t have to be maintained. Instead of re-imaging the device, the existing Windows installation can be transformed into a “business-ready” state that can:
- Apply settings and policies.
- Install apps.
- Change the edition of Windows being used to support advanced features. For example, from Windows Pro to Windows Enterprise.
Once deployed, Windows devices can be managed with:
- Microsoft Intune.
- Windows Update client policies.
- Microsoft Configuration Manager.
- Other similar tools from non-Microsoft parties.
Supported Windows:
Windows 11:
- Windows 11 Pro.
- Windows 11 Pro Education.
- Windows 11 Pro for Workstations.
- Windows 11 Enterprise.
- Windows 11 Education.
- Windows 11 Enterprise LTSC.
Windows 10:
- Windows 10 Pro.
- Windows 10 Pro Education.
- Windows 10 Pro for Workstations.
- Windows 10 Enterprise.
- Windows 10 Education.
- Windows 10 Enterprise LTSC.
Licensing Requirements:
Windows Autopilot requires one of the following subscriptions:
- Microsoft 365 Business Premium subscription
- Microsoft 365 F1 or F3 subscription
- Microsoft 365 Academic A1, A3, or A5 subscription
- Microsoft 365 Enterprise E3 or E5 subscription includes all Windows clients, Microsoft 365, and EMS features (Microsoft Entra ID and Intune).
- Enterprise Mobility + Security E3 or E5 subscription includes all needed Microsoft Entra ID and Intune features.
- Intune for Education subscription includes all needed Microsoft Entra ID and Intune features.
- Microsoft Entra ID P1 or P2 and Microsoft Intune subscription (or an alternative MDM service).
Setup Windows Autopilot via Microsoft Intune Admin Center:
- Set up Windows automatic Intune Enrollment
- Allow users to join devices to Microsoft Entra ID
- Create a Device Group
- Assign Applications
- Create Windows Autopilot Device preparation policy
Procedure:
- Go to Devices/ Windows /Enrollment
Select Automatic Enrollment.
Ensure that MDM User is set to All.
Select: Devices / All Devices
- Goto: Device Settings & Ensure Users may join devices to Microsoft Entra to All.
- Go back to the Intune Admin portal
- Create a Security Group: Windows Autopilot device preparation group
- Provide Description (optional)
Note: The Security group name is recommended by Microsoft itself.
Select Owner: Intune Provisioning Client or Intune Autopilot Confidential Client
- Create another Security Group: Windows Autopilot deice preparation user group
- Select the Members users as per your requirement
Assign Applications:
Go to: Applications/ Windows
Select: Applications / and add Windows Autopilot device preparation group on selected applications one by one:
Device Preparation Policies creation:
Goto Devices / Windows
Under Device Onboarding Select Enrollment/
Select Device Preparation Policies
Provide meaningful name: Windows Autopilot Device Preparation Group
Add Windows Autopilot Device Preparation Group in Device Group.
- Add Apps and Scripts
Now, Go to Windows Enrollment Again
Select: Device platform restriction
Click: All users
Edit: Properties
Setup Brand New Device (Out of Box-Experience)
- Click Set up for work or school
Enter Credentials and you are good to go.
Conclusion:
In conclusion, this guide has covered in detail the steps required to set up Autopilot. However, setting up Autopilot is only the beginning of optimizing your IT environment.