If the Windows 10 devices just needs to be enrolled and ready for
extradition, Windows AutoPilot self-deploying mode is here. Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. This is what we can call real zero touch provisioning, without any user interaction.
My Environment:
- Windows 10 1909 (20H1) Insider
- Intune and Microsoft 365 E5 license.
Prerequisites:
- TPM 2.0 hardware.
- Window 10, version 1903 or later.
- Virtual machine not supported.
- Internet (LAN cable preferred for no network prompt and experience the full self-deploying mode without any user interaction )
Notice, limitations and know Erros:
If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network.
The following options are automatically enabled for Autopilot devices in self-deploying mode:
- Skip Work or Home usage selection
- Skip OEM registration and OneDrive configuration
- Skip user authentication in OOBE
And remember that the device can only be Azure AD joined (Active Directory join is not supported)
- 0x800705B4 – This error means that the Windows 10 device is either a virtual machine, or does not have TPM 2.0 on the motherboard, and will not be able running Autopilot self-deploying
- 0x801c03ea – This error means that the Windows 10 device has TPM 2.0, but that the TPM still needs to be upgraded from 1.2 to 2.0 to support self-deploying mode.
- 0xc1036501 – This error means that the Windows 10 device cannot do an automatically MDM enrollment, because there are multiple MDM configurations in the tenants Azure AD.
For more information on Windows AutoPilot Self-deploying mode -> https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/self-deploying
Lets start creating a Windows AutoPilot self-deploying profile.
- Login to the Intune portal -> https://devicemanagement.microsoft.com
- Browse to Device enrollment – Windows Enrollment and click Deployment profiles:
- Click on Create profile:
Give the profile a Name, Description (optional) and click Next:
- Assign a group of devices (I use a group called Kiosk devices) click Next:
Note: In this scenario I created a Group called Kiosk Devices and added a dynamic device membership rule that is calling a specific device Model value I use for my Kiosk devices.
- Click Create:
Note: Now we are finish with the self-deploying mode configuration. Remember to also create some Device configuration policies for the Windows 10 for example Kiosk mode or Share-devices.
End-user experience
Note: This picture is how it should look like when the devices is turned on. I cannot test the output ATM (Sorry) because I am waiting for my TPM 2.0 test device to arrive. When I get it I will provide the output here. To be continued.
Happy deployment