Administrators used to spend hours upon hours building and customizing images that would later be used to deploy devices. But with Autopilot, you do not need to reimage or manually set up new devices before giving them to your end users.
Devices can be shipped to your users directly from the vendor. It only takes a few simple actions to make the device ready to use. The end user just connects to the network and verifies their credentials. Beyond that, everything else is automated by Autopilot. Here are some of the key benefits:
Easy Device Setup Users connect their devices to the Internet and answer some quick setup questions, and Autopilot installs all preconfigured user, device, and app policies.
Increased Employee Satisfaction Devices configured with Autopilot provide users with an easy login experience that reduces the need for tech support.
Saves Time and Resources Instead of setting up devices, you can create a customized OOBE of preconfigured apps and settings, and then deploy them to users’ devices using the cloud.
Ability to Use the Device Anywhere Devices configured using Autopilot can be shipped anywhere and set up wherever. The user only needs an Internet connection.
Autopilot Prerequisites
Autopilot relies on specific capabilities that are available in Windows 10/11, Azure AD, and MDM services. Let’s take a look at the requirements for Autopilot.
Software Requirements
In order to use Autopilot, a supported version of Windows 11 or Windows 10 semiannual channel is required.
Networking Requirements
The network requirements depend on various Internet- based services. Access to these services must be provided for Autopilot to function properly:
■ Ensure DNS name resolution for Internet DNS names
■ Allow access to all hosts through ports 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
Licensing Requirements
Autopilot depends on specific capabilities available in Windows 10/11 and Azure AD and an MDM service such as Microsoft Intune. One of the following subscriptions is required:
■ Microsoft 365 Business Premium subscription
■ Microsoft 365 F1 or F3 subscription
■ Microsoft 365 Academic A1, A3, or A5 subscription
■ Microsoft 365 Enterprise E3 or E5 subscription, which include all Windows 10, Microsoft 365, and Enterprise Mobility and Security (EM+S) features (Azure AD and Intune)
■ Enterprise Mobility + Security E3 or E5 subscription
■ Intune for Education subscription
■ Azure Active Directory Premium P1 or P2 and Microsoft Intune subscription (or an alternative MDM service)
According to Microsoft, the following subscriptions are also recommended, but not required:
■ Microsoft 365 Apps for Enterprise (formerly Office 365 Pro Plus)
■ Windows Subscription Activation, to automatically upgrade devices from Windows 10 Pro to Windows 10 Enterprise
Configuration Requirements
Before Autopilot can be used to support common Autopilot scenarios, the following configuration tasks must be done:
■ Configure Azure AD automatic enrollment.
■ Configure Azure AD custom branding.
■ Enable Windows Subscription Activation.
Some scenarios have other requirements. There are typically two tasks that should be done:
■ Device registration: Devices must be added to Autopilot to support most Autopilot scenarios.
■ Profile configuration: Once devices have been added to Autopilot, a profile of settings must be applied to each device.
Autopilot Profiles
Autopilot profiles control how Windows is installed on user devices. The profiles contain settings that are automatically set and optional settings that you can configure manually. Automatically set options include the following:
Skip Cortana, OneDrive, And OEM Registration This option will skip the installation of apps such as Cortana and OneDrive.
Sign- in Experience With Your Company Brand If you have an “Add your company branding to Microsoft 365 Sign- In page,” then the device will get that experience when signing in.
MDM Auto-e nrollment With Configured AAD Accounts The user identity will be managed by Azure AD. The user will log in using their Microsoft 365 Business Premium credentials.
Manually set options include:
Skip Privacy Settings (Off by Default) If this is set to On, the user will not see the license agreement for the device and Windows when they first sign in.
Don’t Allow The User To Become The Local Admin If this is set to On, the user will not be able to install any personal apps.
Deployment Scenarios
You have several ways to deploy Autopilot:
■ User- driven mode
■ Self- deploying mode
■ Windows Autopilot Reset
■ Pre- provisioning
■ Support for existing devices
User- Driven Mode
Autopilot user- driven mode allows you to configure new Windows devices to automatically transform them from their factory state to a ready- to- use state. This process doesn’t require that an administrator even touch the device. The devices can be shipped or distributed to the end user directly with the following instructions:
- Unbox the device, plug it in, and turn it on.
- Choose a language, locale, and keyboard.
- Connect the device to a wireless or wired network with Internet access.
- Specify your corporate email address and password.
The rest of the process is automated. The device will automatically:
- Join the organization.
- Enroll in Intune (or another MDM service).
- Get configured as defined by your company.
Self- Deploying Mode
Self- deployment mode is very similar to user- driven mode. This mode allows you to deploy a device with little to no user interaction. For devices with an Ethernet connection, no user interaction is required. However, for devices connected using Wi-F i, the user must only:
■ Choose the language, locale, and keyboard
■ Make a network connection
Self- deploying mode provides the following:
■ Joins the device to Azure Active Directory
■ Enrolls the device in Intune (or another MDM service) using Azure AD for automatic MDM enrollment
■ Makes sure that all policies, applications, certificates, and networking profiles are provisioned on the device
■ Uses the Enrollment Status Page to prevent access until the device is fully provisioned
Self- deploying mode does not support Active Directory Join or Hybrid Azure AD Join. All devices will be joined to Azure AD.
