Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices

Let’s discuss the Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices. In this post, I will describe how to provision Windows 10 devices with AutoPilot service, enrol them into Intune, create a deployment profile, import device information into Intune, and set up Windows 10 devices.

HTMD Community recommends going through 12 hours for a self-learning track to learn Intune. More details on Intune Training Course 2023. Windows Autopilot PreProvisioning Backend Process- Deep Dive – Post 4Windows Autopilot Processes from Device Side – Part 3. Windows Autopilot Behind The Scenes Secrets – Admin Side – Part 2.

Learn How to Decide Windows Autopilot Profile Types | Intune Architecture. Windows Autopilot Hybrid Azure AD Join Troubleshooting Tips.

Windows AutoPilot service is a collection of technologies to Simplify and automate the Windows Out of Box Experience (OOBE experience). There are three (3) scenarios in Windows AutoPilot. More information on the basics of Windows Autopilot is available in Windows AutoPilot Process End To End Guide.

Patch My PC

Video – Windows Autopilot Training

Latest Windows Autopilot Training by Joy Microsoft MVP. This video covers end-to-end Windows Autopilot scenarios, including Background processes, Real World Issues, FIXES, Tips, and Tricks.

  • Get to know Windows Autopilot
  • Compare and contrast Windows Autopilot with Traditional Windows Provisioning
  • Know the benefits of using Windows Autopilot
  • Deep dive into how Windows Autopilot works
Video – Windows Autopilot Training

Introduction

The provision of Windows 10 with AutoPilot is part of modern technology. It seems to me everything is moving into the cloud and automation. Building and managing operating systems is time-consuming. Windows Autopilot is the provisioning service.

With the help of Intune and AutoPilot, you can pre-configure, reset, re-purpose, and recover your devices. You can customize and deploy the setting without re-imaging, which saves you a lot of time.

I would not go into details for describing Windows AutoPilot, as a lot of Microsoft Documentation is available. We also have posts from AnoopJoy, and Vimal about Windows AutoPilot and MS Intune.

Adaptiva
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 1
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig.1

Related Post-Beginners Guide Setup Windows Autopilot Deployment, Windows Autopilot FAQ Clarifying the General Misconceptions Part 1, Windows AutoPilot and Microsoft Documentation

While enrolling Windows 10/11 devices to Intune, we must configure some pre-requisites: the following. I would not detail the licensing and other requirements that information you can get from Microsoft documents.

  • Configure Device Setting
  • Mobility (MDM and MAM)
  • Company Branding
  • Deployment Profile
  • Create Groups
  • Creation of Users

Configure Device Setting – Provision Windows 10 11 with Windows AutoPilot Step by Step Admin Guide

To configure the device setting, you have to go to:

  • Login to Azure Portal
  • Navigate via Azure active directory->Devices->Device Settings
Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 2

The first option is that users may join devices to Azure AD, which I have selected all, you can choose the desired option also if you want to have some selected users join the machines to Azure, but in my case, I have set all.

The next option is to create an additional local administrator for Windows 10 Azure AD joined devices.

  • Here, you can select which users will have local admin rights on devices. By default, global administrators and device owners are granted local admin right on devices.
  • After that, configure the other settings and click save.

Mobility (MDM and MAM)

The next step is Mobility (MDM and MAM) configurations:

  • Login to Azure Portal
  • Navigate to Azure Active Directory
  • Open the Mobility (MDM and MAM) blade and click on Microsoft Intune
  • Save the settings
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig.3
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 3

Create Azure AD Group for Windows Autopilot

Next, we will create Azure AD group, which will be a dynamic group with rules. You can complete this step either from Intune blade->Groups or Azure AD -> Groups.

NOTE! – Another option is to use Microsoft 365 Device Management portal.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices
Provision Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig.4

Click on New Group and provide all the information whichever you want.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 5
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig.5

Configure Dynamic Query

I have selected the membership type as dynamic devices (The same as SCCM where we create query-based collection) and then click on add the Azure Active Directory query. More Details – Windows AutoPilot Profile AAD Dynamic Device Groups (anoopcnair.com).

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig.6
Click on Edit Manage Windows 10 with AutoPilot 5 – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 6
 use the rule as "(device.devicePhysicalIDs -any _ -contains "[ZTDId]")"
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 7
Then click on OK Manage Windows 10 with AutoPilot 6 – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig.7

Azure AD dynamic group with device physical ID attribute.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 8
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 8
  • Now you can see in the rule syntax query is added, save the setting, and click on create.

Now the Azure AD group is created. So what will happen with this rule and group?

NOTE! – Once you import a Windows 10 device in Intune, that device will add to this group automatically. And whatever profiles are assigned in this group will be applied to devices.

Create Deployment Profile

The next step I followed was the creation of a deployment profile. This will be used for Windows AutoPilot deployment.

  • Go to Intune->Device Enrollment->Windows Enrollment. Right side, you will see the windows autopilot deployment Program.
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 9
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 9

Click on deployment profiles, then click on Create a profile.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 10
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 10

Click on the NEXT button.

Click on Next  Manage Windows 10 with AutoPilot - Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 11
Click on Next Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 11

Configure Out-Of-Box experience (OOBE) for AutoPilot

We will configure the OOBE settings for Windows AutoPilot devices in this window.

  • In Deployment Mode, select the user-driven
  • Join Azure AD as Azure AD joined
  • Microsoft Software Licence Terms hide
  • Privacy Settings hide
  • Hide Change account options Hide
  • User Account Type standard
  • Allow While Glove OOBE No
  • Apply Device name Template No

Click Next to continue.

NOTE! – You have a new option to pre-provision the apps and policies to the device so that users don’t have to wait for a long time during the Windows Autopilot enrollment process. More details on this process – Windows Autopilot WhiteGlove Provisioning Backend Process- Deep Dive.

 Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 12
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 12

Let’s have a look at the assignment of groups. You can use the Windows AutoPilot Profile AAD Dynamic Device Groups post to create dynamic groups for Autopilot devices.

  • In Assignment, click on Select groups to include.

Assignments

Now it’s time to assign the Azure AD device group to the Autopilot profile.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 13
In Assignment, click on Select groups to include Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 13

Select the Azure AD group to deploy the Windows Autopilot Profiles.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 14
Manage Windows 10 with AutoPilot – Provision Windows 10 Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 14

On the right hand, you can see all the available groups are visible, and you can select which group needs to be assigned for the deployment profile.

  • I created Windows AutoPilot and selected that.

NOTE! If you want to exclude any group, you can select otherwise, click on next, review the settings, and click on create.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 15
The Profile is created. Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 15

Enrollment setup Page

On the enrollment setup page, there is a default profile created. Here we are going to create a new profile for Windows Autopilot.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 16
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 16

create Enrollment Status Page to track the status of the enrollment of Windows 10 or 11 devices. More details – Intune Enrollment Status Page (ESP) Troubleshooting (anoopcnair.com).

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 2
Manage Windows 10 with AutoPilot – Provision Windows 10,16
  • Save the settings and create the Profile.

NOTE! – Remember, this Profile can be assigned to user groups only. The device group won’t be assigned.

Generate WindowsAutoPilotInfo file

Now we are all set. It’s time to add the existing Windows ten device to Intune.

  • Before adding existing devices, we need to run a few power-shell commands on the new greenfield Windows 10 device
  • And Import the CSV file in Intune. Next, I am going to log in on the Windows 10 device.
  • Open PowerShell with the administrator, and run the following command.

CD\

md AutoPilot

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 17
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 17
  • cd AutoPilot then enter then type the following command

save-script -name get-WindowsAutoPilotInfo -Path C:\AutoPilot\

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 18
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 18

Now you can see in the directory that one PS file is created with the name of windowsautopilotinfo.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 19
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 19

We will get the output file into CSV, which will be used to import it into Intune. run the command .\Get-WindowsAutoPilotInfo.ps1 -outputfile C:\AutoPilot\AutoPilot.csv

You have a CSV file with you which have all the information about the device for windows autopilot. which will have the knowledge of Device Serial Number, Windows Product ID, and Hardware Hash

Import Device into Intune

Now open the Microsoft Store for business and import the CSV file.

NOTE! Might you have a question? Why am I not importing into Intune? The problem I faced was that I couldn’t assign the deployment profile I had created. Why? Maybe, I might need to have some patience 🙂 But it appeared quick within Microsoft Store for Business, and I could assign the Profile without any problem. 

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 19
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 19
  • Go to Manage then devices from Microsoft Store for Business portal.
  • Import the devices with OEM information generally used by vendors (like Dell, HP, Lenovo).

Also, you can import devices with the help of a CSV file we have just created. Click on add devices, then select the file which you have generated.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 20
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 20

Once You select, you will see a window that will ask you to choose the deployment group. I clicked on the NO thanks option.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 21
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 21

Select the device from the uploaded list. Microsoft Store for Business is retiring soon. Don’t recommend using MSfB to import/register the devices into Windows Autopilot. Microsoft Store for Business Education Retirement Postponed HTMD Blog (anoopcnair.com).

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 22
Manage Windows 10 with AutoPilot Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 22

Once the device is added, click on Profile, then select the deployment profile created. Once the Profile is assigned, go back to the Intune portal and see the status.

  • Navigate to Microsoft Intune-> Device enrollment->Windows enrollment->Windows Autopilot Devices
  • Here you can see the profile status is assigned. In the initial stage, the class will be set, which takes a few visits,c and the status gets changed to assigned.
  • All set, the device is imported, and the deployment profile is assigned. The next step is to login into the Windows 10/11 machine and reset it.
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 23
Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 23

Download Windows Autopilot Deployment Flowchart

Happy Autopiloting 🙂 Bonus tip: Windows 10/11 Autopilot deployment process PDF can be downloaded from the link. You can download the Windows Autopilot Deployment Flowchart prepared by Michael Niehaus.

 Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 23.1
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 23.1

End-User Experience – Provision of Windows 10 Experience with Windows Autopilot

Once you reset the Windows 10/11 (or a new machine that is autopilot enabled) and restart the device, you will see the following screen indicating your device is ready to join Windows Autopilot.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 24
Select the region. Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 24

You need to select the keyboard layout as shown below to continue.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 25
select the keyboard layout. Manage Windows 10 with AutoPilot – Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 25

The following screenshot shows that you now have some important setup to do.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 26
Manage Windows 10 with AutoPilot Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices Fig. 26

The above picture says now you have some important setup to do. Yes, you are going to join Windows Autopilot, excited……

  • The next screen will tell about the complete form.
Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 3
Enter a user email address. Manage Windows 10 with AutoPilot 28

Enter the username and password.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 4
Manage Windows 10 with AutoPilot 29

Password used for your corp email access.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 5
Manage Windows 10 with AutoPilot – Provision Windows 10,30

If the password is expired, you might get this screen, or if the new password is enabled by the organization to have better security.

Provision Windows 10
change the password. Manage Windows 10 with AutoPilot 31

The following screen shows the Enrollment Status Page (ESP).

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 6
Manage Windows 10 with AutoPilot 32

Windows Hello for Business setup is the screen is shown now.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 7
Manage Windows 10 with AutoPilot 33

Let you set up the PIN to log in.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 8
provide the six-digit PIN, which will be used for the next login. Manage Windows 10 with AutoPilot 34

This is the configuration of MFA if you have enabled this option as part of Windows Autopilot enrollment. The background and logo, which you can see, are configured during the company branding

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 9
Manage Windows 10 with AutoPilot 35

Enter the details for Multi-Factor Authentication (MFA).

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 10
Provide more information. Manage Windows 10 with AutoPilot 36

Now it’s time to log in. ESP is completed and all the apps and policies are installed on the device before user could login.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 11
Manage Windows 10 with AutoPilot 37

Now login to the Windows 10 device with the Azure ID and pin you just set. And go to the settings-> accounts-> Access work or school here. You can see your computer is connected to Azure AD.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 12
Manage Windows 10 with AutoPilot 38

You can confirm whether the device is managed by Intune by going into Settings page.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 13
Manage Windows 10 with AutoPilot 39

When you go to the MS Intune-> Devices, then you can see enrolled devices.

Provision Windows 10 with Windows AutoPilot Step by Step Admin Guide
Manage Windows 10 with AutoPilot 40

You can see the device is enrolled and shows as compliant as per the compliance policy in Intune.

Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices 14
Manage Windows 10 with AutoPilot 41

Newly imported Windows 10 has joined Windows autopilot. Now you can deploy any applications, settings, and configuration. Next part, we will discuss the deployment of applications and software updates.

Resources

6 thoughts on “Windows AutoPilot Step by Step Admin Guide to Provision Windows 10 11 Devices”

  1. Anoop, will autopilot works for virtual devices? And is autopilot recommended for large complex environment 1.5lks devices.. how about managing legacy devices with intune win7, 8.0, 8.1 etc any options available.. any thoughts on managing server os with intune

    Reply
    • I think all these 150000 devices won’t be migrated to Intune and Windows Autopilot in couple of months. So, you shall think about starting the journey towards Autopilot and Intune management for small set of devices like 100 for 1st year and then continue with the deployments.

      Reply
    • Its really good explanation about Auto Pilot implementation .Is any thing on MDATP for windows 10 devices with Servers

      Reply
  2. I run into errors “something went wrong” during ESP page after i get prompted for MFA on the third step of ESP. How can avoid the errors or setup MFA so it will only prompt after the ESP page is completed or during company branding. Thank you

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.