Configuration Manager has been the mainstay of machine builds in corporate IT for the longest time. With services like Microsoft Intune in the cloud, what if we could simplify machine builds? Fortunately, that’s exactly what Windows AutoPilot is designed to do.
I’ve worked with Microsoft Configuration Manager since the 2007 version. I’ve seen and worked with many things relating to machine builds like creating Task Sequences, Operating System Images and keeping those images up-to-date, patched, and tested. Things have got much better since these early days, however, this is still IT-driven and requires extensive amounts of manual time-intensive testing and work.
By taking advantage of modern Windows 10 devices and management we can use cloud-based technologies to make the process slicker and even enable the serve themselves.
So what is Windows AutoPilot?
Windows Autopilot is a cloud-based service that lives under the Microsoft Intune banner. The idea behind Autopilot is that machines are shipped from your hardware vendor of choice in a state which is ready to be enrolled in your environment.
Using the User-driven Mode in Windows AutoPilot a user can be issued a device straight from the factory-supplied box, power it on, enter a few specifics such as their keyboard layout, time zone, connect the device to a network, enter their Azure AD credentials, and the device and Windows AutoPilot does the rest for you. This scenario means that user devices could even be delivered directly to their homes if you wanted!
What manufacturers support Windows Autopilot?
The list of vendors that work with Microsoft to support Windows Autopilot is surprisingly large. Microsoft Surface device family is top of the tree as you would expect to be a Microsoft device and a Microsoft service. Next up, the big three all support it: Dell, HP, and Lenovo. There are other vendors supported too. For the latest list, refer to https://www.microsoft.com/en-gb/microsoft-365/windows/windows-autopilot.
How do you set-up Windows Autopilot?
There are two core parts to setting up Autopilot. First is working with your hardware supplier and providing them with the information they need to integrate your devices into Azure AD so that they leave the factory in a ready state. The second part is to configure a Windows Autopilot Deployment Profile.
Once the two elements are set, users can simply drive their own machine builds. If you want to keep IT in the process there is another option called White-Glove which allows IT to pre-stage the device leaving the user to do the final step of connecting to a network like a home Wi-Fi connection and then entering their username and password.
What about domain join?
This is a great question and one that many people will want the answer to with Windows Autopilot. The product is geared towards devices which are modern. A modern device refers to a Windows 10 device that is Azure AD Joined and receives management, policy, and control through Azure AD. If you have a requirement to domain join devices to Active Directory you can still Windows Autopilot for machine builds though.
From Microsoft Intune, we can download, install, and configure the Intune Connector for Active Directory. This connector acts as a broker for performing the domain join of the device. In this scenario, there are two things to note.
- The device being built must have a line of sight to a Domain Controller which means the ability for users to drive builds from home becomes a problem. There is work afoot to enable VPN scenarios.
- The device will become Hybrid Azure AD Joined which means that the device exists in Active Directory and also is registered in Azure AD.
What about apps and software?
Windows Autopilot enables applications and software to be deployed as part of your machine builds. Software is packaged up in Microsoft Intune as a Client App and assigned to the relevant group containing the Windows Autopilot devices. Apps are downloaded and installed during the provisioning process. This is where the White-Glove scenario comes into play as you can have IT pre-stage these apps on the devices to make the User-Driven experience even faster if you want.
Intune Client Apps can include existing Win32 executables and not just cloud apps and modern stuff by using the Win32 Content Prep Tool from https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool.
Can we add our existing devices to Windows AutoPilot?
Absolutely yes you can. Existing devices can be brought into the scope of Windows Autopilot to enable them to be re-imaged to Windows 10 from a previous version such as Windows 7 or can even be refreshed to the latest version of Windows 10 and rebuilt via Windows Autopilot.
Depending on your current set-up there may be some additional work required to get this going such as configuring Hybrid Azure AD Join and getting the devices enrolled, however, everything is possible.
Get modern with Windows Autopilot machine builds
If after reading this, you’re thinking why are you spending so much time and effort maintaining task sequences with Configuration Manager or Endpoint Manager you’d be right! Speak to you to find out how you can enable and get started with the modern way of provisioning new and existing Windows 10 machines with AutoPilot.