Since the announcement of Windows Autopilot there has been a lot of interest and questions about how it actually works, will it blend easily in our environment, etc. While at the beginning there was some major drawback compared to what a Task sequence’s configured computer can deliver, with the latest updates to the service, it is now a good time to start your journey with it. In this post, we will detail all the requirements and how to set up an environment for Microsoft AutoPilot and Windows 10 devices.

This post is part of a series on Windows Autopilot that will be published in the following weeks. In the next posts, we will cover the following subjects :

Microsoft AutoPilot Windows 10 Requirements

  • Windows 10 version 1703 or higher
  • Only the following Windows 10 editions are supported :
    • Pro
    • Education
    • Enterprise
  • The latest Windows 10 2019 LTSC is also supported
    • other LTSC/LTSB releases are not supported


There are multiples options for licensing to be used with Autopilot.

  • Microsoft 365
    • Business
    • F1
    • Academic
    • Enterprise E3 or E5
  • Enterprise mobility + Security (EMS) E3 or E5
  • Intune for Education
  • Azure AD Premium P1 or P2

You can also begin with trial licenses for Enterprise Mobility and Security (EMS). This would cover everything we need for Autopilot.

To begin your testing, assign one of those license to a test account. Eventually, this will be required on all users you wish they can use Windows Autopilot to provision a computer.

For more details about licensing, see Microsoft docs

Access and rights

If your enterprise is new to anything related to Azure and Intune, it is easier to begin with Global administrators rights in Azure.

Once the various requirements will be done, Intune Administrators along with rights for the Windows Store for business will be enough.

Network Configurations

No matter what kind of network configuration you have, it’s a good idea to review the list of requirements on the network side.

Review the list of recommendation on Microsoft docs.

Azure Configurations

  • Connect to Azure portal
  • Browse to Azure Active Directory and select Devices
  • Select Device settings
  • Enable Users may join devices to Azure AD for all and click Save
Microsoft AutoPilot Windows 10

Configure Azure AD Company Branding

While this step isn’t mandatory, it helps the look and feel when authenticating against the Azure AD/Office 365.

  • Back to Azure Active Directory, select Company Branding
Microsoft AutoPilot Windows 10
  • Click Configure
  • Provide the various images required with the format.

Configure Intune

Everything related to Windows Autopilot itself is part of Microsoft Intune. First step is to setup Intune as the MDM authority

  • In the Azure portal, go to Microsoft Intune/Device Enrollment/Choose MDM Authority. Select Intune MDM authority
Microsoft AutoPilot Windows 10
  • Under Microsoft Intune/Device Enrollment – Windows Enrollment, select Automatic Enrollment
Microsoft AutoPilot Windows 10
  • Specify a group or if All MDM user can enroll devices.

Now that requirements have been covered, it’s time to dive into Autopilot itself.

Create an Autopilot deployment profile

The autopilot deployment profile is the configuration of the out-of-the-box experience(OOBE) to set up a Windows 10 device.
It will allow to manage the following component :

  • Cortana configuration
  • Automatically setup for work or school
  • Customized Azure AD sign-in page
  • Skip privacy settings and EULA
  • Disable local admin account

To create an Autopilot deployment profile:

  • Go to the Azure portal
  • Go to Microsoft Intune and select Device Enrollment
Microsoft AutoPilot Windows 10
  • Select Windows Enrollment from the left pane and then Deployment profiles from the right pane
  • Select Create Profile
Microsoft AutoPilot Windows 10
  • Provide the name for the profile
    • Select the deployment mode: User-driven
    • The option to Convert all targeted devices to Autopilot will be for later on when testing have been conducted.
Microsoft AutoPilot Windows 10
Deployment mode

The user-driven mode will follow the user with simples tasks to complete the Windows 10 original setup. The high-level process will be the following :

  • Unbox the device, plug it in and turn it on.
  • Choose a language, locale, and keyboard.
  • Connect it to a wireless or wired network with internet access.
  • Specify your e-mail address and password for your organization account.

Microsoft recently released the Self-deploying mode in a preview. This mode is mainly for Kiosk computers, digital signage device or shared devices. The idea is to remove most, if not all, user interaction to provision a computer with Autopilot, therefore Azure AD join, required applications and configurations.

For more details about deployment modes, see Microsoft docs

  • Clicking on Out-of-box experience/Default configuration brings another pane
Microsoft AutoPilot Windows 10
Apply device name template

The option to Apply device name template gives the opportunity to set up a standard naming convention.

Microsoft AutoPilot Windows 10

Using custom ID may not be possible depending on the requirement. In that case, a computer can be renamed straight from Intune.

Microsoft AutoPilot Windows 10

  • Click Create to complete profile creation
Microsoft AutoPilot Windows 10
  • Once created, make sure to create the Assignment to target the All Autopilot devices group.
Microsoft AutoPilot Windows 10

For mode details about Autopilot profiles, see Microsoft docs

Enrollment Status page(Preview)

The enrollment status page allows us to bring autopilot configuration closer than what a task sequence looks like. It will prevent the user from login while many key configurations happen automatically. Note that this feature is in preview, but we had great success so far with it.

Microsoft AutoPilot Windows 10
  • Browse to Intune/Device Enrollment – Windows Enrollment and click on Enrollment status page(Preview)
Microsoft AutoPilot Windows 10
  • A default profile already exist and assigned, but nothing is actually enabled. Click on it to edit.
Microsoft AutoPilot Windows 10
  • Under Settings set Show App and profile installation progress to Yes
Microsoft AutoPilot Windows 10
  • Select Yes for Block device use until all apps and profiles are installed
Important Info

The Block device use until these required apps option allows us to prevent using the computer until applications are downloaded and installed. This feature is for now limited to policies, Office 365 desktop apps, Appx/MSIX and standalone MSI installed by the Enterprise desktop app Management CSP.

This leaves the Win32 applications out of this option for now.

In clear words, this means that any Win32 applications installation, will occurs after the users log in the first time. Fortunately enough, this happen really fast after the initial setup, so it’s not really an issue.

Also note that Win32 applications dependencies is coming soon to Microsoft Intune.

For more details about Enrollment Status page, see Microsoft docs

Create Azure AD Group

This group will be targeted by the Autopilot profile.

  • Go to Azure Protal
  • Under Azure Active Directory, select Groups
Microsoft AutoPilot Windows 10
  • Select New Group
    • Group type : security
    • Group name : All Autopilot devices
    • Membership type : Dynamic device
Microsoft AutoPilot Windows 10
  • On the right pane, select Advanced rule for the dynamic membership
    • rule : (device.devicePhysicalIDs -any _ -contains “[ZTDId]”)
    • This will add devices that are part of Autopilot, no matter which method was used to add the computer to Autopilot
Microsoft AutoPilot Windows 10
Other dynamic query

  • Autopilot devices with a specific order ID :
    • (device.devicePhysicalIds -any _ -eq “[OrderID]:179887111881”)
  • Autopilot devices with a specific Purchase Order ID:
    • (device.devicePhysicalIds -any _ -eq “[PurchaseOrderId]:76222342342”)

  • Click Create

Add a test device

The easiest way to add a test device is to manually register it with the Get-WindowsAutoPilotInfo script. This will generate a unique device ID that we’ll be able to import in Autopilot.

  • On the test device, open a Powershell console with elevated privileges
  • Run the following command
    • Command line :Install-Script -Name Get-WindowsAutoPilotInfo
    • Answer Yes to questions to complete the install-script
Microsoft AutoPilot Windows 10
Important Info

More information about the Get-WindowsAutoPilotInfo script can be found on PowershellGallery

  • Run the script
    • Command line: Get-WindowsAutoPilotInfo.ps1 -Outputfile Jo-Surface.csv
Microsoft AutoPilot Windows 10
  • The .CSV is created and contain the Hardware Hash to be used by Autopilot to identify the computer
Microsoft AutoPilot Windows 10
  • Go to Azure portal
  • Browse to Intune/Device Enrollment/Windows enrollment/Devices
Microsoft AutoPilot Windows 10
  • Click Import and select the .CSV file generated earlier.
Microsoft AutoPilot Windows 10
Important Info

The import process can take up to 15minutes

  • Once the import is completed, hit Sync
Microsoft AutoPilot Windows 10
  • Once sync is completed, the device will show up. Hitting refresh may be required to see it.
Microsoft AutoPilot Windows 10
  • Looking at the group members, we can see our machine
Microsoft AutoPilot Windows 10

Add existing devices options

Many options exist in order to support currently used computers in the company to be able to be refreshed using Windows Autopilot.

Use SCCM inventory report to get device IDs for autopilot

Since SCCM 1802, a new report is available under Hardware – General.

Microsoft AutoPilot Windows 10

This reports give all the required information for Autopilot. This can be later used to import those computer using the same method as the test computer.

Microsoft AutoPilot Windows 10

For Windows 10 devices already managed by Intune

This requires to have computer managed by Intune or Co-Managed with SCCM.

The option to convert all targeted devices to Autopilot can automatically convert managed devices by Intune or Co-Managed with SCCM to Autopilot ready devices.

For more information on existing devices, see Microsoft docs

Add new devices to Microsoft Autopilot

New devices can be automatically added to your Autopilot by your device vendor. as of now, Dell, HP, Lenovo and Toshiba. We’ve heard of possible small fee per computer. So don’t be supprised if it happen.

For specific steps to be taken, contacting your vendor is the best option you have. From past experience, at was mostly paper work and providing the Tenant ID so the provider know where to add newly bought devices.

Here some key configuration you can look for from your provider :

  • Provide a generic image free of unsanctioned software
  • Choose your Windows 10 build
  • Get latest drivers delivered day 1

For more details about how to add computers to Autopilot, see Microsoft docs

Assign the profile to Azure AD group

  • Go to Intune
  • Browse to Device enrollment – Windows enrollment/Deployment profiles
Microsoft AutoPilot Windows 10
  • Double click on the profile created previously
  • Under Assignment select the group created earlier to be targeted by the Autopilot deployment profile
Microsoft AutoPilot Windows 10
  • The computer imported and added to group is now displayed under Assigned devices
Microsoft AutoPilot Windows 10

Test Microsoft Autopilot Windows 10 deployment profile

  • On the test computer, hit Reset this PC under Settings/Update & Security/Recovery
  • Wait for the reset to complete.
  • Provide necessary user customization like Country, language, and keyboard.
  • Then the user’s email and password will be asked.
Microsoft AutoPilot Windows 10
  • Once provided, the setup will complete the following :
    • Azure AD join
    • Enroll the device in Intune
    • Apply policies
    • Apply some applications
Microsoft AutoPilot Windows 10
  • When the Out-of-the-box experience is completed, the user will be logged on. Remaining applications, like Win32 Apps will begin to install right away.

Hope this as help you begin your journey with Microsoft Autopilot and Windows 10.


Comments (12)


06.16.2020 AT 12:28 AM
Hey Jonathan This procedure has helped in setting up automatic enrollement. Still i have a small doubt though, when i start the process in the testing laptop i have a tab saying "Domain join instead". Can we block this ?? If so, How?


06.22.2020 AT 01:56 AM
Hi Jonathan Any update on this

setup office

03.24.2020 AT 03:53 PM
After installing the on your computer system, your existing MS account or create a new account and enter the product key.

office setup

03.24.2020 AT 03:51 PM
Microsoft Office 2019 is the latest Office Suite of Microsoft launched by Microsoft this year, it is the one of the most advanced suite till now.


02.27.2020 AT 10:29 AM
Worked with one device. The next just loaded the desktop imediately during "Setting up your device for work" on step 3... no checkmark. I see no progress as when clicking on "show details" This guide is missing the information how to open when autopilot when on desktop

Ernest Houle

12.25.2019 AT 10:09 PM
What do you recommend for me to play a virtual flight simulator on my Win 10 lap top. I've enjoyed the 95 version in the past and don't know what to choose with my newer operating system that's compatible. Also a joy stick that's in sink with the program. I anxiously wait your will and pleasure.


11.06.2019 AT 09:08 AM
How does one retrieve the device IDs from SCCM? What database view has the data? Thanks!


11.06.2019 AT 09:11 AM
Nevermind, found an article where the report is under Hardware - General

Tina A

09.26.2019 AT 04:05 PM
Hi, how can we differentiate autopilot devices for different autopilot profiles? Is this even possible? Can we assign autopilot profiles to user groups instead of device groups?


06.05.2019 AT 02:16 AM
Hey there, I think the OOBE sign-in picture at the end is not correct. If there is "sign in with microsoft" written the device has no deployment profile assigned , or am i wrong ? There should be your company branding and tenants name. Kind Regards


04.15.2019 AT 12:52 PM
The stylized blog quotes on the autopilot dynamic membership rule are causing an error. They need to be replaced with normal quotation marks. (device.devicePhysicalIDs -any _ -contains "[ZTDId]")