Let’s check the details about Windows Autopilot updates in this blog post. The screenshots are taken from the Ignite session slides and demos by Michael Niehaus and Tanvir Ahmed.
More details about the session details & recording are available in the below section of the post.
Ignite 2019 Coverage
- Microsoft Endpoint Management SCCM Intune Windows Updates
- Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
- iOS Android macOS Mobile Enrollment Options with Intune
- Basics of Windows Dynamic Update Explained Update Management
- WVD End User Experience Availability Updates
- MSIX Updates from Ignite Reliability Network Disk-space
- Microsoft Learning Certification Exams Updates
- On-Prem WVD Options Azure Quantum Qualys Scan Integration
- Intune Reporting Strategies Advanced Reporting
- Intune Endpoint Security Policies Enhancements
- Intune Policy Sets Collection of Workflows
- Windows Autopilot Updates Timelines
Deployment Scenarios Release Timelines
- User-Driven mode AAD Join
- Windows 10 1703 and later
- User-Driven mode Hybrid Azure AD join
- Windows 10 1809 or later
- Deploy over VPN – Public Preview in Q1 2020
- Windows 10 1903 or later
- Windows Autopilot white glove
- Windows 10 1903 or later
- General availability sometime in 2020
- Self-deployment mode (preview) KIOS/Special devices
- Windows 10 1903 or later
- General Availability sometime in 2020
- Windows 10 1903 or later
- Windows Autopilot for Existing Devices
- Now it supports Hybrid Azure AD join
- Windows 10 1809 or later
Enrollment Status Page Updates & Release Timelines
Learn more details Enrollment Status page here. More details about Autopilot ESR updates are below.
- Enrollment Status Page (ESR)
- Windows 10 1803 onwards
- Disable ESR for Nth User in a multi-user scenario (Available now)
- ESR Integration with SCCM
- H1 2020 (Coming Soon)
- Skip user ESP for multi-user scenario
- ESP Targeting users & devices
- Sometime in the future?
- ESP Targeting users & devices
Device Life Cycle Management Updates
The basic life cycle management updates are already available in MEM Microsoft Intune (MEMI).
- Register and de-register or remove devices from Autopilot
- Performance Improvements are coming soon
- Edit Group Tag option
- Available Q4 2019
- Assign Computer names
- Available Q4 2019
Autopilot Reporting and Monitoring Enhancements
As mentioned above, this feature is also already available in Intune. I think these Windows Autopilot reporting and monitoring (enhancement) topics are aligned with Intune advanced reporting options announced.
- More detailed information about Windows Autopilot deployment and troubleshooting
- Windows Autopilot Deployment report
- Expected to get released sometime in Q4 2019
- Windows Autopilot Log Collection
- Sometime shortly (Similar to Intune Log collection?)
- Windows Autopilot Deployment report
Windows and Device Configuration with Windows Autopilot
Intune is introducing more features to manage Windows and device firmware configurations. Some of them are given below.
- Intune DFCI Firmware configuration
- Remove list of in-box apps (coming soon)
- Add Language packs and Features (Coming soon)
Delivery Optimization with Windows Autopilot
These DO improvements will help organizations to save bandwidth-related issues. This could be a big issue when all the clients download the feature updates from the internet.
Following are some of the DO-supported scenarios in now and the future?
- Peer to Peer Cache with DO
- UWP/Store Apps
- Intune Content
- Office 365 ProPlus install support (Preview)
- Office 365 ProPlus update support (?)
- Automatically connected cache discover for White glove (coming soon?)
Independent Windows Autopilot Update
I don’t know whether this is similar to Windows Dynamic updates. But it seems to be identical to that service. This will help get the latest updates & features from Autopilot service independent of Windows 10 feature updates.
- Available for Windows 10 1903 + KB 4517211 or later
- For the OEMs, it will be available only with Windows 10 1909 or later
User-Driven Azure AD Join
- Connect to a network
- Authenticate to Azure AD
- Password-less with phone sign-in
- Authenticate with FIDO2
- Password-less with phone sign-in
- Enroll to Intune
- Track the process through Enrollment Status Page
- Policies
- Apps (Win32,MSI,UWP)
- Certificates
- Network – VPN connections
- SCCM Task Sequence status (coming soon, H1 2020)
User-Driven mode Hybrid Azure AD join
NOTE! – Hybrid Azure AD Join – Ping to establish connectivity check is removed in the future versions. Microsoft added support for VPN for future versions.
Intune will push down the VPN client during the DEVICE setup stage on Enrollment Status Page(ESP) as per the demo and explanation by Tanvir Ahmed! IT admins to deploy VPN client as Intune app.
NOTE! – And Windows 10 sign-in page has a framework to allow VPN to connect with the pre-authenticated token. End-user still has to authenticate with a user ID and Password.
- Connect to a network
- Authenticate to Azure AD
- Password-less with phone sign-in
- Authenticate with FIDO2
- Password-less with phone sign-in
- Enroll to Intune
- Perform Offline Domain Join
- VPN Support Preview in Q1 2020 with Windows 10 1903
- Track the process through Enrollment Status Page
- Policies
- Apps (Win32,MSI,UWP)
- Certificates
- Network – VPN connections
- SCCM Task Sequence status via ESP (coming soon H1 2020)
Self Deployment Mode – Windows Autopilot
KIOS and shared devices scenario with Autopilot provisioning. The TPM 2.0 chip is required to support the Self-deployment mode scenario.
- TPM attestation to authenticate to Azure AD
- Enroll to Intune
- Track the process through Enrollment Status Page
- Policies
- Apps (Win32,MSI,UWP)
- Certificates
- Network – VPN connections
- SCCM Task Sequence status via ESP (coming soon H1 2020)
- General Availability is some time in next year, 2020
Windows Autopilot White-Glove
Windows autopilot White Glove is based on a self-deployment framework as per Micheal N.
White-Glove Technician Flow
- Press Windows Key FIVE times to start
- Select Windows Autopilot Provisioning
- Confirm Settings
- Configure the User with a companion app
- Change Group Tag, Computer Name with a companion app (Q4 2020)
- Autopilot registration details with QR code and click on Provision
- Join Azure AD / Hybrid AD
- Enroll to Intune
- Install Device targDevicepps
- Install Device targeted Policies
- Install User targeted Apps (?)
White Glove User Flow Process
- Switch on the device
- SeleDevice region, Keyboard, language
- Connect to Internet Network
- The standard user driver process
- Track the process through Enrollment Status Page
- User Policies
- User Certs / Profiles
- etc…
- Track the process through Enrollment Status Page
New Windows Autopilot Features
- Coming Soon Features
- Future Future Features
Session Details – Windows Autopilot Updates
Whether you’re new to Windows Autopilot or looking for troubleshooting tips, this session has plenty of information, insights, and best practices.
More details – https://myignite.techcommunity.microsoft.com/sessions/81679?source=schedule
Resources
- Part 1 ▶ Windows Autopilot FAQ Clarifying the General Misconceptions
- Part 2 ▶ Windows Autopilot from the perspective of IT Admin setup
- Part 3 ▶ Windows Autopilot In-Depth Processes from Device Side
- Part 4 ▶ Windows Autopilot White Glove Provisioning Deep Dive
very briefly explained as always and helpful too. My 50 dollars for you.
Very nicely explained. As Deploy over VPN support was to be previewed in Q1Cy20, has this been available and is there any updated news on it.