Leveraging Windows AutoPilot for Device Provisioning

by | Nov 15, 2017 | Infrastructure | 1 comment

Today, it takes a lot of time to build and maintain customized operating system images. You might also spend a considerable amount of time applying these custom operating system images to new devices to prepare them for use before giving them to your end users. The Windows AutoPilot Deployment Program simplifies device provisioning. With Microsoft Intune and AutoPilot, you can give new devices to your end users without the need to build, maintain, and apply custom operating system images to the devices. Additionally, when you use Intune to manage AutoPilot devices, you can manage policies, profiles, apps, etc. on the devices after they are enrolled.

Benefits of Windows AutoPilot

As discussed, IT departments spend a great deal of time building and customizing images to deploy to devices replacing a perfectly good OS already installed on them. Traditionally, new computers have been delivered to IT professionals who then deploy the customized image to a device and finally deliver the device to the end user.

Windows AutoPilot introduces a new approach.

New hardware can now be ordered and delivered directly to the employees rather than IT.  The employees can unbox the device themselves and self-deploy.  It then only takes a few simple operations by the end user to make their device ready to use. The only interaction required from the end user is to connect to a network and to verify their credentials. Everything else is automated.

Windows AutoPilot enables you to…

  • Automatically join devices to Azure Active Directory (Azure AD)
  • Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription)
  • Restrict the Administrator account creation
  • Create and auto-assign devices to configuration groups based on a device’s profile
  • Customize Out-of-box-experience (OOBE) content specific to the organization prerequisites

Pre-requisites for Autopilot

  • Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, editions of version 1703 or later
  • Devices must be registered to the organization
  • Devices must have access to the internet
  • Azure AD Premium P1 or P2
  • Microsoft Intune or other MDM services to manage your devices

Recently Announced at Microsoft Ignite – Autopilot and Co-Management

AutoPilot was initially built for modernizing the management of Windows 10 devices using the cloud (Azure AD joined devices). However, many organizations cannot move to Azure domain joined devices immediately due to existing investments in local active directory domain joined devices. With Windows AutoPilot we will be able to take a brand new computer and get it deployed in a state where it is local active directory domain joined, managed by SCCM as well as co-managed by Intune.

The process works as follows:

  • Configure your device as Hybrid Azure AD joined
  • The device is enrolled into Intune
  • Intune installs a device VPN to connect the device to your local domain controller
  • AutoPilot uses the VPN connection to connect the device to the local domain controller to complete the local domain join
  • Intune can also deploy a minimum set of policies and settings and applications prior to the user accessing the desktop
  • Once the user accesses the desktop they will have everything they need to be productive!

Additionally, with the upcoming release of System Center Configuration Manager, Azure AD joined devices can be ConfigMgr managed.

Are you ready to simplify device set up using Windows AutoPilot Deployment?  Want to learn more?  Email us at info@peters.com. We are happy to help!