Skip to main content

Autopilot

 Windows Autopilot is a Microsoft solution that simplifies the deployment and management of Windows devices, particularly in enterprise and domain environments. Autopilot does not "image" systems in the traditional sense; instead, it provisions devices by applying configurations, policies, and apps over the cloud. Here's a detailed step-by-step guide for using Windows Autopilot for imaging and deployment:

1. Prerequisites

Before starting, ensure the following requirements are met:

  1. Licensing:

    • Microsoft 365 Business Premium, Microsoft 365 E3/E5, or equivalent license that includes Intune and Autopilot.
    • Windows 10/11 Pro or Enterprise edition installed on the devices.

  2. Infrastructure Setup:

    • Azure Active Directory (Azure AD) configured.
    • Microsoft Intune or Endpoint Manager for device management.
    • Access to the Microsoft Endpoint Manager admin center.

  3. Devices:

    • Devices must support Windows Autopilot and have internet access.
    • Obtain device hardware IDs (e.g., hardware hash).

2. Obtain the Device Hardware Hash

The hardware hash uniquely identifies each device and is required to register it with Autopilot.

Method A: From the Manufacturer

  • If purchasing devices in bulk, request the hardware hash file from the manufacturer (OEM).
  • Supported manufacturers include Dell, HP, Lenovo, and more.

Method B: Manually Collect the Hardware Hash

  1. Boot the device into Windows OOBE (Out of Box Experience).
  2. Press Shift + F10 to open the command prompt.
  3. Run the following PowerShell commands:

    Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutopilotInfo
Get-WindowsAutopilotInfo -OutputFile AutopilotHardwareHash.csv
  4. Save the resulting .csv file.

3. Register Devices in Windows Autopilot

  1. Sign in to Endpoint Manager:
  2. Upload the Hardware Hash:
    • Navigate to Devices > Windows > Windows Enrollment > Devices.
    • Click Import and upload the .csv file containing the hardware hash.
  3. Assign Profiles (optional):
    • After uploading, assign a deployment profile to the devices.

4. Create an Autopilot Deployment Profile

Deployment profiles determine how devices are configured during setup.

  1. Navigate to Profiles:
    • In the Endpoint Manager admin center, go to Devices > Windows > Windows Enrollment > Deployment Profiles.
  2. Create a New Profile:
    • Click + Create Profile and select Windows PC.
  3. Configure Settings:
    • Name: Assign a profile name.
    • Convert all targeted devices to Autopilot: (optional).
    • Out-of-Box Experience (OOBE):
      • Deployment mode: Choose between User-driven, Self-deploying, or Pre-provisioning.
      • Join to Azure AD: Select Azure AD Join or Hybrid Azure AD Join.
      • Skip Cortana, OneDrive, and OEM setup screens.
  4. Assign Profile to Devices:
    • Select the devices from the device list and assign the profile.

5. Assign Apps and Policies in Intune

  1. Configure Applications:

    • In Endpoint Manager, go to Apps > Windows Apps.
    • Add required applications (e.g., Office 365, company software).
    • Assign the apps to device groups or user groups.

  2. Set Up Policies:

    • Configuration Profiles:
      • Navigate to Devices > Configuration Profiles.
      • Create policies for settings like Wi-Fi, VPN, and BitLocker.
    • Compliance Policies:
      • Define compliance requirements (e.g., minimum OS version).
    • Security Baselines:
      • Use predefined baselines for secure configurations.

6. Deploy the Device

  1. Boot the Device:
    • Connect the device to the internet and start it in OOBE mode.
    • The device will check in with Azure AD and retrieve its assigned Autopilot profile.
  2. Autopilot Provisioning:
    • The device automatically applies the profile, joins Azure AD, and downloads assigned policies and apps.
  3. User Sign-In:
    • For user-driven deployment, the user signs in with their Azure AD credentials, and the system finishes provisioning.

7. Monitor Deployment

  1. Check Device Status:
    • In Endpoint Manager, navigate to Devices > Windows to view device statuses.
  2. Troubleshoot Issues:
    • Use the Autopilot deployment logs (%programdata%\Microsoft\IntuneManagementExtension\Logs) for detailed error information.

8. Post-Deployment Management

  1. Manage Devices in Endpoint Manager:
    • Apply updates, enforce policies, and troubleshoot issues remotely.
  2. Reprovisioning (Reset Autopilot):
    • Use the Fresh Start or Reset feature in Endpoint Manager to redeploy Autopilot.

Advantages of Windows Autopilot

  • No need for traditional imaging or on-premises infrastructure.
  • Streamlined device setup and provisioning.
  • Consistent configurations across all devices.
  • Easy integration with cloud-based management tools.

Comments

Post a Comment