This guide covers creating Autopilot deployment profiles, Azure AD groups and importing Windows devices into Endpoint Manager for Autopilot configuration.
HOW AUTOPILOT WORKS
Autopilot uses deployment profiles, these let you detail how the device is enroll whether it's self-deploying (Enrolls without needing a user to log in) or user driven (User logs in before it enrolls).
These deployment profiles need to be linked to the devices you want it to apply to, this is where the Azure AD group comes into play. Once you have imported your Windows devices, you will need to add them to the group that is associated with your deployment profile. When you boot up the device, it will realise it is has an Autopilot profile assigned and then begins to follow that during the OOBE.
CREATING A GROUP FOR YOUR DEVICES
This group can be used for targeting your configuration policies, app deployments, conditional access, etc.
CREATING AN AUTOPILOT DEPLOYMENT PROFILE
You will get the option of User Driven or Self-Deploying.
- User Driven - The device is associated with a user, during the OOBE the user needs to log in with their Azure AD credentials. Once they log in, it will enroll into Endpoint and apply the security configurations, install the user's applications and setup it up ready for them to use.
- Self-Deploying - The device will enroll into Endpoint but won't require a user to log in. It will then display the Windows log in screen and during the first log in it will apply the security and device configuration.
I use the self-deploying profile in production but it's a matter of what better fits your enviornment.
Follow through the rest of the setup, selecting your desired options, setting the default language and device name. Device name can use the value %SERIAL% to use the serial in the name or %RAND:4% for random numbers with the number representing how many random numbers (4 in this case)
Finally under the 'Included' groups, select your Azure AD group created for your devices.
IMPORTING YOUR WINDOWS DEVICE INTO ENDPOINT MANAGER
In this example, I will show you how to manually get the Hardware IDs and import the device into Intune.
You need to boot up the laptop and open Command Prompt. If you are in the OOBE then press Shift+F10 to open it up. Once open, enter 'PowerShell' to start PowerShell. Enter the command below.
New-Item -Type Directory -Path "C:\HWID"
Set-Location -Path "C:\HWID"
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo -OutputFile AutoPilotHWID.csv
This will generate a CSV in the C:\HWID directory. Run the command 'explorer.exe' to open Windows Explorer and copy this CSV to a pendrive. Back in Endpoint under 'Windows Enrollment > Autopilot > Devices' you want to select the 'Import' option then upload your CSV.
Once it has imported, you will need to add it to your Azure AD group. Under the Autopilot Devices menu, your device will get an Assigned status under the 'Profile Status' column which means the Autopilot Deployment Profile has successfully been assigned to that device.
Now you just need to reboot the device, go back into the OOBE and it should start the Autopilot process.