Avoid these 10 common pitfalls in IT asset management! Download the free guide now
Blog

Here’s Our Step-by-Step Guide to Setting Up Windows Autopilot in Intune

Helpful Summary

  • Overview: Windows Autopilot and Microsoft Intune together offer a complete solution for device deployment and management. Autopilot pre-configures devices for immediate use, while Intune ensures they remain secure and compliant with organizational policies.
  • Why you can trust us: BlueTally integrates with Microsoft Intune, which works closely with Windows Autopilot, so we deeply understand how Autopilot can streamline device deployment and management.
  • Why it matters: Automating device provisioning with Windows Autopilot ensures consistent configurations, enhances security, and reduces IT workload from device deployment to end-of-life management.
  • Action points: Follow detailed steps to set up Windows Autopilot, including configuring enrollment, creating profiles, and automating device setup to streamline deployment and management.
  • Further research: Explore advanced Intune configurations, security policies, and user training materials to maximize the benefits of Windows Autopilot and Intune.

Years ago, administrators had to manually configure each device, a time-consuming process that delayed device readiness for use. The introduction of a solution like Microsoft Autopilot has been a game changer.

With Autopilot, IT administrators can remotely pre-configure devices with necessary settings, security policies, and applications. This ensures that devices are ready for use right out of the box.

However, we’ve noticed that there are only a few comprehensive guides online for setting up Windows Autopilot in Microsoft Intune. Even the available guides often lack clarity, which can leave IT personnel who are new to the process in the dark. 

To address this gap, we have created a detailed guide covering all Autopilot setup aspects, including some valuable tips to enhance your deployment experience.

Why Listen To Us?

BlueTally helps businesses manage physical inventory, equipment, facilities, and other assets efficiently. With first-hand experience in BlueTally-Intune integration, we understand the critical role Windows Autopilot plays in streamlining IT operations and enhancing productivity.

You can trust us to help you get the most out of Windows Autopilot and Intune, maximizing your organization’s productivity and security.

What is Windows Autopilot?

Windows Autopilot is a suite of Microsoft technologies designed to streamline device setup, deployment, and configuration. It automates the provisioning process, making devices ready for a smooth, out-of-the-box experience.

Windows Autopilot allows for easy resetting, repurposing, and recovery of devices with minimal infrastructure management. Its straightforward process is easy to implement, helping IT departments achieve their goals efficiently.

Moreover, Windows Autopilot simplifies the entire lifecycle of Windows devices for both IT and end users, from initial deployment to end-of-life management. It significantly reduces the time spent on deploying, managing, and retiring your devices.

How Windows Autopilot Works with Intune

Windows Autopilot and Intune work together to streamline device deployment and management. Windows Autopilot automates device configuration, ensuring they are ready for business use. Meanwhile, Intune provides ongoing management and policy enforcement to maintain device security and compliance throughout its lifecycle. 

The process involves several key steps:

Device Registration

Devices are registered with the Windows Autopilot service using their unique hardware IDs. This registration process can be conducted by the device manufacturer, reseller, or the organization itself. It involves collecting and uploading the device information to the Microsoft Endpoint Manager admin center. This step ensures that each device is recognized correctly and can be configured according to the organization's policies and requirements.

Profile Assignment

IT administrators create and assign Autopilot profiles via Intune. These profiles specify how devices should be configured during the Out-Of-Box Experience (OOBE). The profiles include settings for user account types, company branding, network configurations, and privacy settings. This way, administrators can provide a tailored user experience that aligns with the organization’s standards.

Azure AD and Intune Enrollment

Registered devices are automatically joined to Azure Active Directory (Azure AD) and enrolled in Intune. This integration ensures that devices adhere to organizational security policies and are managed effectively from the start​. 

Configuration and Compliance

Intune delivers the required configurations, applications, and security policies to the devices. This includes setting up network connections, installing essential software, and enforcing security measures. Intune also provides continuous monitoring to ensure devices remain compliant with organizational policies​.

How to Set Up Windows Autopilot with Intune

Step 1—Verify Requirements for Windows Autopilot

Software - OS Requirements:

  • Windows 11: Pro, Pro Education, Pro for Workstations, Enterprise, Education.
  • Windows 10: Pro, Pro Education, Pro for Workstations, Enterprise, Education (LTSC/LTSB not supported).
  • HoloLens: Supported version of Windows Holographic.

Networking - Networking Requirements:

  • DNS name resolution.
  • Access to HTTP (port 80), HTTPS (port 443), and NTP (port 123).
  • Access to specific URLs for Windows Activation, Azure AD, Intune, diagnostics, updates, Delivery Optimization, NTP sync, DNS, diagnostics, NCSI, WNS, Microsoft Store, Microsoft 365, CRLs, and TPM attestation.

Licensing - Licensing Requirements:

  • Required: Microsoft 365 Business Premium, F1/F3, Academic A1/A3/A5, Enterprise E3/E5, EMS E3/E5, Intune for Education, Azure AD P1/P2, and Intune or alternative MDM.
  • Recommended: Microsoft 365 Apps for Enterprise, Windows Subscription Activation.

Configuration - Configurations Required:

  • Azure AD automatic enrollment.
  • User sign-in permissions for Azure AD join.
  • Optional but recommended: automatic upgrade to Windows Enterprise, custom branding in Azure AD.

Step 2—Register Devices for Autopilot

1. Collect the hardware ID from your devices using PowerShell:

2. Create a CSV file with columns "Device Serial Number" and "Hardware ID."

3. Populate the CSV with device serial numbers and hardware IDs.

4. Upload the CSV using the Microsoft Endpoint Manager admin center. Navigate to Devices > Device enrollment > Windows enrollment > Windows Autopilot Deployment Program > Devices. Within the "Devices" section under "Windows Autopilot Deployment Program," click "Import."

Step 3—Enroll your Devices in Intune with Azure AD

1. Sign in to the Azure AD admin center.

2. Navigate to Azure Active Directory > Devices > Device settings.

3. Set "Users may join devices to Azure AD" to "All."

Step 3—Verify AAD Premium Subscription

1. Ensure you have an Azure Active Directory (AAD) Premium subscription. 

2. Navigate to Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune to check your subscription status.

Step 4—Configure company branding

1. Sign in to the Azure AD admin center.

2. Navigate to Azure Active Directory > Company branding.

3. Upload your company logo and adjust colors to match your organization's theme.

Step 5—Create a Device Group for Autopilot

1. Sign in to the Azure AD admin center.

2. Click on Groups > All groups > New group.

3. Fill in:

  • Group type: Security
  • Group name: (use any name)
  • Group description: (use any description)
  • Membership type: Dynamic Device

4. Click “Add dynamic query”, click edit and use the following rule syntax:

(device.devicePhysicalIDs -any _ -contains "[ZTDId]")

5. Click on Save to save the rule.

Step 6—Create Windows Autopilot Deployment Profile

1. Sign in to the Intune admin center 

2. Navigate to Devices > Windows > Windows enrollment > Deployment Profiles > Create Profile > Windows PC.

3. Click Create Profile > Windows PC and configure the profile settings, including:

  • Profile name
  • Description
  • Settings for OOBE
  • Enrollment status page settings

Step 7—Configure Microsoft Intune Automatic Enrollment

1. In the Azure AD admin center, go to Mobility (MDM and MAM) > Microsoft Intune.

2. Set the MDM user scope to ‘All’. For specific device groups, set it to 'Some'.

Step 8—Configure the enrollment status page

1. Navigate to Windows enrollment > Enrollment Status Page.

2. Click “All users and all devices.”

3. In properties, set "Show app and profile configuration progress" to Yes.

4. Configure other settings as needed, then click review and save.

Step 9—Test Device Enrollment

1. Turn on a device that is registered with Autopilot.

2. The device should automatically connect to the internet and begin the Autopilot process.

3. The user will be prompted to sign in with their Azure AD credentials, and the device will be configured according to the assigned Autopilot profile and Intune policies.

Best Practices When Using Autopilot With Intune

Pre-Deployment Preparation

Ensure all prerequisites, such as appropriate OS versions, licensing, and network configurations, are in place. Verify that devices support Autopilot and have the necessary hardware and software requirements​.

Dynamic Device Groups

Utilize Azure AD dynamic groups to categorize devices based on specific attributes like device type, such as laptops or tablets, and operating system versions, like Windows 10 or macOS.

This helps automate the assignment of policies and profiles, streamlining the management process​.

Testing and Validation

Conduct a pilot deployment with a small group of devices to test the Autopilot setup thoroughly. This initial phase allows IT administrators to identify any potential issues in a controlled environment. Addressing these issues early helps to prevent disruptions when extending the Autopilot solution to the entire organization.

User Communication and Training

Educate users about the Autopilot process and provide clear instructions on what to expect during the initial setup. For example, inform users that during the setup, their device will automatically configure company settings and applications. This proactive approach will reduce confusion and ensure a smoother deployment experience​.

Regular Updates and Monitoring

Keep Intune configurations and Autopilot profiles up to date. Regularly monitor device compliance and deployment status using the Intune admin center to address any issues promptly​.

Create an Efficient IT Environment with BlueTally

Congratulations in advance on successfully setting up your Windows Autopilot, whether for your team or organization.

While Windows Autopilot offers a streamlined deployment experience, managing your IT assets can still be challenging. That's where BlueTally comes in. With BlueTally, you can efficiently manage your IT assets, ensuring you have complete visibility and control over your inventory.

Get started with BlueTally and transform your IT asset management today.

Get started for free now

Sign up for a free account and manage up to 50 assets. Upgrade anytime.

Get started
Asset Management Software Made Simple.
Legal
© 2024 BlueTally - Asset Management Software Made Simple.