Autopilot permit permit to install and preconfigure new Windows 10 devices. You can also use this platform for reset device. With Windows AutoPilot, the lifecycle of the workstation is managed. The installation, application deployment and end-of-life of the workstation can be managed from the cloud services.

It is no longer necessary for the IT department to deploy an image on the operating system. The OS preinstalled on the workstation is used. The “enterprise” configuration is applied through strategy and by installing the various applications required by the company. Later the workstation can be managed through Microsoft Intune or Endoint Configuration Manager.

Prerequities for AutoPilot

• Windows 10 version 1703 or higher (Version Enterprise, pro or education)

• Microsoft 365 Subscription (F1, Business, Enterprise E3 or E5

• Azure AD Premium P1 or P2

Attrib licence

For use Autopilot, you need attrib licence at the user. From the Azure AD Portal (https://aad.portal.azure.com), click on Azure Active Directory then on Licences.

Select Enterprise Mobility + Security or Microsoft 365 and click on Assign.

Select user or groups and click on Select. The licence has been applied.

Configure Azure Active Directory

From the Azure AD portal, click on Devices then on Devices Settings.

Enable for all users the parameter users may join devices to Azure AD. and click on Save.

Azure Active Directory is now correctly configured.

Configure Microsoft Intune

From the Intune portal (https://endpoint.microsoft.com, click on Devices then on Windows enrollment and on Automatic Enrollment.

Select All if all users can enroll device on Intune or Some for select a user group. Click on Save for save modification.

Create dynamique group

From the Azure AD portal, click on Azure Active Directory then on Groups.

Create New Group for create new group.

Enter the desired name on Group name field and select Dynamic Device on Membership type field. Click on Add dynamic query for configure query.

Click on Edit for add Rule syntax.

Enter the following query and click on OK.

(device.devicePhysicalIDs -any _ -contains "[ZTDId]")

Click on Save then on Create.

The group has been created.

Create Autopilot deployment profiles

From the Intune portal click on Devices then on Windows enrollment and on Deployment Profiles.

Click on Create profile for create new profile.

Enter the name of the profile and click on Next

Select the desired Deployment mode.

• User-Driven : The device are associated with the user. The user credential are required to provision the device.

• Self-Deploying : Devices are not associated with the user. The user credential are not required.

Select the type of joint as you want Azure AD Join or Hybrid Azure AD Joined.

Configure OOBE options. You can choose if you want show or hide windows.

Configure Yes for Apply device name template option and enter the desired template for the name. I would like configure the name of my computer as below :

• CLI-1 and a random string of number

Click on Next. Select the group that you want assign at the device and click on Next. Click on Create to launch creation.

Profile has been created.

Select the profiles and click on Properties.

Click on Edit for modify Assignments.

Select Select groups on scroll-down list and click on Select groups to include.

Select the group created previously and click on Select. Click on Review + Save then on Save.

Configure Enrollment Status Page

From the Intune portal, click on Windows / Windows Enrollment and Enrollment Status Page.

Click on Create for create new Enrollment Status.

Enter the desired name and click on Next.

Click on Yes to show app and profile configuration process and configure as you want and click on Next.

Assign Enrollment Status to the dynamic group. The Enrollment Status is now been created and assign.

Add Device on AutoPilot

We can now add a test device on AutoPilot. From Windows 10 computer that you want add at Autopilot, open a Powershell prompt and run Install-Script -Name Get-WindowsAutoPilotInfo. Enter Y for validate and begin installation.

We can now create csv file with information for autopilot. From the powershell prompt, use Get-WindowsAutoPilotInfo.ps1 -Outputfile VM-CL10.csv.

From the Intune portal, click on Devices / Windows Enrollment then on Devices.

Click on Import and select the CSV file previously created. Click on Import to import file.

Click on Sync when importation is finished.

Device appear on the console.

Click on device for verify the assigned profile

Test Autopilot profile

From the Windows 10 computer, open Windows Settings and click on Update & Security.

Click on Recovery then on Get started.

Click on Recovery then on Get started. We choose to remove everything.Select the desired action and launch reset.

Select the region and click on Yes.

Select the Keyboard layout and click on Yes

Autopilot parameter has been applied and computer restart.

Enter user ad account and click on Next. My user have EM+S and Office 365 licence.

Enter user password and click on Next. Configuration is applied.

Windows Hello must be configured. Click on Set up Pin and enter Pin code.

Computer are been enrolled on Azure AD/Intune.

Computer name has been configured and respects the naming convention defined in the Autopilot profile.

If you purchase devices directly from an OEM. That OEM can automatically register the device with autopilot.

• https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/add-devices>

See you soon for new post on Autopilot.