Configure Windows AutoPilot to deploy cloud only Windows 10 devices.

Posted on

In a fast moving world for many businesses we now can benefit from the newest IT technology on the digital workplace journey many are aiming for. One of those technologies we can use for deploying applications and clients with a out of the box experience and with minimum configuration required is Microsoft Intune – AutoPilot.

Microsoft Intune is a Mobile Device Management (MDM) and Mobile Application Management (MAM) cloud-based platform.

In this scenario we using a hybrid Azure Active Directory setup for managed domains and with some custom made Intune policies for Windows 10 devices.

Important : Before starting the AutoPilot configuration, make sure that the basic setup are done regarding Automatic Enrollment (Azure AD Premium required), Importing the AutoPilot devices via a CVS file, Create Company portal branding and do CNAME registration if using a custom domain name if not using domainname.onmicrosoft.com.

License that can be used is Enterprise Mobility + Security E3 and E5.

EMS E3 includes Azure Active Directory Premium P1

EMS E5 includes Azure Active Directory Premium P2.

Read more about the licenses here -> https://www.microsoft.com/en-us/licensing/product-licensing/enterprise-mobility-security

Configure Automatic Enrollment:

Note: In this test lab MDM and MAM Scopes is set to all users. This can be scaled down to a group of users. Select Some tab to define a custom group.

Configure the CNAME for your Tenant:

Note: Make sure that all DNS modification are made within your domain registrar regarding the Azure AD DNS. For detailed custom domain setup see -> https://docs.microsoft.com/da-dk/azure/active-directory/fundamentals/add-custom-domain

Import devices though a CSV file:

Note: Before the enrollment can happen, the Windows 10 device must be known in advance by AutoPilot. Read more about how to import a Autopilot device for enrollment here -> https://docs.microsoft.com/en-us/intune/enrollment-autopilot

Configure Company branding:

Note: Read this for configure Company branding -> https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/customize-branding

Now lets start configurating the deployment profiles.

  • Now click on Windows enrollment:
  • Click on Deployment Profiles:
  • Now Click on Create profile:
  • Fill out the required fields and click Next:

Note: For this test lab we skip Convert all target devices to AutoPilot. This test lab does not have any existing Windows 10 devices added that needs to be converted.

  • Fill out wanted configuration and click Next:

Note: When White glove is enabled its possible to pres Windows key 5 times to run OOBE without user authentication to enroll device and provision all system-context apps and settings. User-context apps and settings will be delivered when the user signs in. Requires Windows 10 1903 or later.

  • Click Next. (Optional to use Scope tags):
  • Now select a assigment group under Included groups:

Note: Select a group with Windows 10 Devices that needs the profile assigned. Its possible to excluding groups from this AutoPilot profil. Microsoft Store for business (MSFB) can also be used to manage and assign AutoPilot profiles to Windows 10 devices. Try to login to MSFB. -> https://businessstore.microsoft.com/en-us/store

  • Now review the information typed in and click Create:
  • It’s done and general informations are presented:
  • After import af device/s and all settings has been done – click Assign users (Optional) under device Under Device enrollment – Windows Enrollment – Windows Autopilot devices:

Note: Assign a user to a specific Autopilot device to pre-fills a user from Azure Active Directory in the company-branded sign-in page during Windows setup.

Lets have a little look on how it looks when turning on the our Windows 10 device just added a AutoPilot profile.

  • Select a Wifi to get internet access or use the corporate network via LAN cable

Note: Sorry for the bad picture quality !!!

  • Login with the user you assigned earlier click Next.
  • Click Set it up now (This comming from Intune device policies.)
  • Select option of choice if any is configured and available.
  • Enter the code that was received from Microsoft via SMS and click Next.
  • Read and click Accept the Terms of use if any. (Optional)
  • Wait for device setup to finish – Takes some time.
  • Login a the user assigned for this device.
  • It will go back to setup mode – wait a little for it to finish.
  • In this test lab Windows hallo is default regarding Windows Enrollment. Click Set up PIN
  • Create a Pin click OK
  • Now Windows 10 1903 is ready for use.. In out test lab we also have configured that Office 365 Pro Plus should be installed as part of the Windows Enrollment though Client apps.

Happy Deployment

Leave a Reply

Your email address will not be published. Required fields are marked *