Windows Autopilot | How It Works & How to Set It Up

Рет қаралды 168,733

Жыл бұрын

These are the best practices and tips to set yourself up for success with Windows Autopilot. Windows Autopilot is a feature within Intune that allows you to send devices directly from hardware providers to end users.
New device provisioning is foundational to cloud attach and cloud-based update management. During initial Windows setup, Autopilot enables users to enroll their device through Intune device management, so PCs get to a managed and productive state without reimaging.
Principal GPM for Microsoft Windows, Jason Githens, compares Intune enrollment options, including the Company Portal, Workplace Join, Azure AD Join, and Windows Autopilot, then shows how to enable Windows Autopilot for easy device enrollment.
► QUICK LINKS:
00:00 - Introduction
00:39 - Options to enroll devices into Intune
02:56 - Benefits and tradeoffs of Windows Autopilot
04:05 - Admin setup
05:07 - Autopilot settings
07:37 - Tips for success
08:43 - Wrap up
► Link References:
Get started at aka.ms/WindowsAutopilotDocs
Check out our playlist for Windows cloud-based management at aka.ms/ManagementMechanics
► Unfamiliar with Microsoft Mechanics?
As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
• Subscribe to our KZbin: kzbin.info
• Talk with other IT Pros, join us on the Microsoft Tech Community: techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
• Watch or listen from anywhere, subscribe to our podcast: microsoftmechanics.libsyn.com/website
• To get the newest tech for IT in your inbox, subscribe to our newsletter: www.getrevue.co/profile/msftmechanics
► Keep getting this insider knowledge, join us on social:
• Follow us on Twitter: MSFTMechanics
• Share knowledge on LinkedIn: www.linkedin.com/company/microsoft-mechanics/
• Enjoy us on Instagram: msftmechanics
• Loosen up with us on TikTok: www.tiktok.com/@msftmechanics
#CloudManagement #WindowsAutopilot #Intune #PCEnrollment #Windows #AzureAD #PCConfiguration #Config

Пікірлер: 55

@pastorjesse49 Жыл бұрын

well produced! and great info, thanks!

@MarsorryIckuatuna Жыл бұрын

I love these videos, keep it up!

@djladieslove1 Жыл бұрын

Thanks brother, clean and a great video

@reguitarded Жыл бұрын

Great video! Now all we need is a video just like this, but 1 hour long with more details for every step! :)

@JoseSetien Жыл бұрын

Lol

@danny.cuevas Жыл бұрын

Agreed (:

@MisterMonkeySpanker Жыл бұрын

You should check out intune training KZbin channel, they have a few videos on the topic with setup walkthrough

@levancanh3927 5 ай бұрын

Thank you so much, so useful and informative

@saminanaz3912 Жыл бұрын

excellent explanation within 10 minuts instead of long long videos

@MSFTMechanics Жыл бұрын

Glad it was helpful!

@seanricks7986 Жыл бұрын

Great Great Video. Thank you. I'm a subscriber now & I've shared the link to this video with my Team : )

@aizat27 Жыл бұрын

Good video. Quick overview. No long winded explanation - which we can find in other videos if we want to.

@MSFTMechanics Жыл бұрын

Glad you liked it

@ITNetworking-it3bc 2 ай бұрын

Thank you for this video

@narayananbaskaran6655 Жыл бұрын

Nice Explanation about autopilot process

@MSFTMechanics Жыл бұрын

Thank you!

@Sabs761010 7 ай бұрын

@Microsoft Mechanics, My question would be, if you do not have the Hardware IDs, can you use auto pilot using only a user account that has permissions and license to join computers to Azure and that Azure has auto enrollment configured?

@centaurs63 Жыл бұрын

Is there a way to enroll already registered intune devices to autopilot?

@leroyadsouza 8 ай бұрын

Does Windows Autopilot ESP honour Delivery Optimization settings?

@elvisalan6953 5 ай бұрын

What kind of job envirment requieres this type of work?

@TheSlowestZombie Жыл бұрын

At 6:05 there's mention of assigning an Autopilot device to a user and having it say "Welcome ". I thought this was disabled because of security concerns? Or was that only preprovisioning that was affected?

@drrich1755 Жыл бұрын

It was disabled

@gabrich1991 Жыл бұрын

hello great video may i when you create profile and the assign group what is better assign it to groups that containing users or computers

@MSFTMechanics Жыл бұрын

It depends on the scenario. User assignment is a bit more future proof, but if you buy a batch group of machines that need the same config from the profile, then the device group could be better, but not always.

@paulh43 Жыл бұрын

2.40 I see that a Apple Macbook now also works with Windows 11 and Autopilot. Are there no extra steps needed for Apple?

@jroceastvan Жыл бұрын

There are a lot of extra steps for Apple devices. You'll need to pay for expensive Microsoft hand holding. This is a shit solution from a shit company. Good luck even following their documentation. It's like a portal to the dyslexic dimension.

@pedroduarte5052 Жыл бұрын

Hi there so if I have already devices as hybrid that is being synced from AD if I make them an Autopilot device they will be added as a serial number I assum they also have to be in Intune so I can trigger a fresh start? I’m a bit confused with already existing devices, for brand new devices it is easy though, any help would be great

@ganyrehs Жыл бұрын

Another video explained you will have to run a script for already joined AD devices.

@FAli1900 Жыл бұрын

Hmm regarding the point made at 1:20 - I've had users self enroll from the settings page and their devices DO infact register to Azure as Hybrid Joined devices. Am i missing something?

@MSFTMechanics Жыл бұрын

Depends on automatic device enrollment configuration in Azure AD. This article also explains the pros and cons of each Intune enrollment option: learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods

@FAli1900 Жыл бұрын

@@MSFTMechanics ahh ok that makes sense, thanks for that. Panicked for a sec thinking id have to go back and vhange everything 😅

@mintlou Жыл бұрын

Additional tip for success: Don't use the enrolment status page unless you have a good reason to.

@reguitarded Жыл бұрын

Want to elaborate? :) Is this true for both AADJ as well as Autopilot?

@mintlou Жыл бұрын

@@reguitarded yes for both. You don't want an endpoint to fail the whole enrolment just because there is some latency issue outside of your control. In most cases, it is fine to let the user get straight to their desktop and the remaining tasks will complete in the background.

@reguitarded Жыл бұрын

@@mintlou I agree with your reasoning, but wouldn't this be solved by setting "Block device use until all apps and profiles are installed" to "No"?

@christophercass5713 Жыл бұрын

ESP equals more IT headaches.

@drrich1755 Жыл бұрын

Depends on the security policies in place. Every company is different. Many would want base security agents to be installed prior to a user hitting the desktop. As long as your apps are packaged and scripted properly and you don't mix LOB and Win32 apps, ESP is very reliable - although I'd agree about disabling the User ESP portion

@jessestark8716 5 ай бұрын

Can anyone provide some hardware vendors that can add newly purchased devices into Windows Autopilot? Im currently buying devices from Best Buy and importing them on my own.

@stephendetomasi1701 Жыл бұрын

Everyone says that Intune and Autopilot are replacing system imaging, but I don't really see how this does anything close. It lacks a LOT of features and settings that I'd come to expect from a replacement of a system image.

@harmstrongg Жыл бұрын

The basic answer is that MS expects you to be fine with the VLSC image and just tweak it with scripts, policies and configuration URIs. It's not supposed to "replace" OSD, it's supposed to obsolete OSD. That was the original idea. Stick around a year or two and the goalposts will shift 500 miles and it'll all be rebranded again.

@seththomas3194 Жыл бұрын

Exactly, a lot of work, and of course, additional licensing needed for this functionality, and I can make an image in 15 minutes for what I need, refresh the image once in awhile, and have everything I need for most user groups. I get what they are trying to do here, but it is just a big licensing/dependency play for MS to get your $$$$ and really not save you any time in the process.

@theclutch19 Жыл бұрын

It would have been great if you showed exactly what the user needs to do right after they open up the box. I.e. - is it hit the Windows key 5 times. And then show what happens.

@christophercass5713 Жыл бұрын

But what about PPKG’s? Why not cover them Microsoft? Autopilot is great, just not for shared devices. FYI, Windows Configuration Design locks down to a single tenant during getting the bulk token, this makes MSP life difficult. I have to run WCD in VMs and revert checkpoints each time I make a new ppkg for a different clients. WCD also let’s me add Wifi and apps, settings to the device via a ppkg (At OOBE, Windows 10/11 have to be Pro to use a ppkg).

@bw_merlin Жыл бұрын

Some love for PPKG's would be really welcome.

@kendrick9380 Жыл бұрын

Is Ms autopilot works only on Windows 11?

@MSFTMechanics Жыл бұрын

It also works for supported Windows 10 releases.

@skynetintex5878 Жыл бұрын

First (again) - wow, I'm great :P.

@skynetintex5878 Жыл бұрын

Oh yeah and good video (again) ;).

@Thecolonelshinn Жыл бұрын

I guess what I don't understand is how is an Admin going to enforce a certain OOBE when the device isn't connected to AAD to sync with the policy in the first place? It's like a chicken before the egg problem in my head.

@MSFTMechanics Жыл бұрын

That's exactly what this solves for. Before the device connects to the Internet, its unique hardware ID is associated with your org and AAD tenant, then in OOBE once you connect to the internet for specialization, it pushes policy down to the device. It's like you've identified the chicken so your org owns it before it crosses the road

@Thecolonelshinn Жыл бұрын

@@MSFTMechanics but the deployment profiles are group-based. And the device can't be assigned to a group until it checks in with AAD. I can't tell the device how to perform the OOBE until the user powers on the device and allows the check in with AAD. By then the OOBE is over.

@RojmaEsbog1 Жыл бұрын

@@Thecolonelshinn That's not entirely correct. There is a difference between an AAD joined device and an Autopilot registered device. An Autopilot registered device doesn't necessarily have any AAD object associated with it. Instead, the Autopilot device is recognized via the hardware hash of the device. The hardware hash is imported into Intune (or other MDM solution) and then becomes an Autopilot device via the hardware hash. You can build device groups that contain Autopilot devices, and then assign the Autopilot profile to that device group. When OOBE runs, it checks to see if any Autopilot registered device (NOT AAD device) has an Autopilot profile deployed to it, and if it does, it picks up the Autopilot profile and runs it.

@hussienalsafi1149 Жыл бұрын

🤠🤠🤠🤠🤠😎😎😎😎

@seththomas3194 Жыл бұрын

So you are showing a Macbook with Windows running on it???? Left off the part about all of the additional licensing and costs per user this requires, otherwise, all of this is moot. Part of MS's master plan to put everybody on their cloud and have all of their server, devices, licensing etc...more than increasing your costs in the end by 8 fold.