Blog

Windows Autopilot 101

What is Windows Autopilot?

First, here’s Microsoft’s official description from their Overview Page:

“Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows Autopilot to reset, repurpose and recover devices.” Essentially, Autopilot takes a profile that you create and applies it to devices in your infrastructure, on an as-needed basis.

Notice it’s called Windows Autopilot and not Intune Autopilot. The confusion stems from the fact that Autopilot is meant for Windows devices but is managed from within the Intune portal. The naming makes no difference, whatsoever. Autopilot quickly adds value by simplifying deployment of systems. If your users work from home or travel often, Autopilot is a must.

How does Autopilot work?

Simply stated, Autopilot applies a profile to any device via the device management tool in Intune. However, getting to this phase of preparation does take a bit of configuration outside of Intune.

First, a list of requirements ensures everything works. It’s not long or complicated, particularly if you’re already familiar with Azure AD. Those unfamiliar with Azure AD will need to start there. Prior to the initial configuration, you’ll need to provide company branding, and permit users to join devices to Azure AD (Premium P1 or P2 required). The differences between Azure AD Premium P1 and P2 are outlined here. It has become popular for customers to have EMS + Security licensing. If your organization is one such customer, you’re in luck. Both EMS + Security options include qualifying versions of Azure AD Premium.

It's also important to note that Autopilot does not allow offline joining. Access to the internet is required. This shouldn’t come as a surprise since you will be configuring computers automatically over the internet. Consult your organization’s security team to ensure access to the following URLs are accessible on port 80 and 443:

 

Another major item to take into account is your OS. Autopilot requires Windows 10 Pro, Enterprise or EDU version 1703 or later (at least at the time this blog post was published).

One heftier requirement is that devices must be registered to the organization’s Intune portal. This can be accomplished either by the vendor or by an admin with a script that gathers hardware IDs. The script will create a csv file that must be registered with Intune. Currently, only two vendors support the automatic registration on newly purchased equipment: HP and Lenovo. But this list is likely to grow.

What can Autopilot do?

Autopilot enables you to control the following:

  • Automatically join devices to Azure AD.
  • Auto-enroll devices into MDM services.
  • Create and auto-assign devices to configurations groups based on a device’s profile.
  • Customize OOBE content specific to the organization.
  • Skip Work or Home usage selection (Automatic)
  • Skip OEM registration, OneDrive and Cortana (Automatic)
  • Skip privacy settings
  • Skip EULA (starting with Windows 10, version 1709)
  • Prevent the account used to setup the device from getting local administrator permissions

Note that Autopilot does not deploy traditional images of the OS. Instead, Autopilot lets you push profiles tailored to groups onto already-installed OS deployments and redeploy configuration profiles as needed.

Lessons Learned

Getting started with Autopilot may seem daunting. However, you should be able to get up and running relatively quickly, provided you’re careful with setup and configuration.

Be sure to double-check the CSV creation script. Sometimes the serial number field doesn’t get populated, and sometimes the columns get populated out of order. Intune’s import requires a specific order of column headers. Also, the Microsoft Intune dashboard doesn’t work properly in Chrome or Firefox on my desktop. Perform your own testing but It may be best to just stick with IE 11 for now.

In today’s IT world, IT administrators don’t have the time or resources to effectively patch enterprise landscapes. Microsoft recognizes this issue and responded by creating Autopilot.

To learn more about how Autopilot can help your organization and make your IT workstation deployment more effective and efficient, please don’t hesitate to reach out to Anexinet to take a deeper dive into all that Autopilot has to offer.

Jaime Perez
Jaime Perez Consultant, Hybrid IT & Cloud Services

With two decades in the industry, Jaime Perez is a consultant on our Hybrid, IT & Cloud Services Team, focused on Office 365, Azure Site Recovery and Azure projects. An avid Exchange, Teams, Power BI and Data Science enthusiast, Jaime also leads the Philadelphia Cloud Technologies User Group. JP is an Office 365 Solutions Associate as well as a Microsoft-certified solutions expert in productivity/messaging, Cloud Platform, infrastructure, and data science.