With the Windows 10 Fall Creators Update (1709) Microsoft has introduced Windows AutoPilot Deployment. As part of the Microsoft vision for Modern Management, AutoPilot enables an organization to ship devices with Windows 10 and then apply customizations with their MDM solution such as Windows Intune. It accomplishes this without requiring any infrastructure or using a traditional deployment image to build the devices.
What Is Windows AutoPilot Deployment and Why Use It?
If your organization run on Microsoft System Center Configuration Manager (ConfigMgr), you can benefit from AutoPilot by leveraging co-management and a cloud management gateway to deliver your baseline applications and user-profiled applications through ConfigMgr once it has been enrolled using AutoPilot and Intune. For more information on co-management and modern management please see our previous blog.
You may be accustomed to building and maintaining your image on premises. However, the key benefits of moving to AutoPilot is the reduction of cost of building and maintaining an image, and time to deliver your service. Users can begin using the device right away, working while additional policies and applications are delivered and applied.
Windows AutoPilot Reset allows you to easily reset a device which maintains the MDM management and AAD connect state. If your organization has remote office users, performing a reset and re-provisioning the device does not require shipping back the device to the home office to be re-imaged. In these scenarios, you are again saving on cost and time.
Enhanced Personalization gives you the ability to pre-assign a device to a specific employee in the organization. One downside to AutoPilot can be unwanted software included by the OEM. This software can be removed using scripts during provisioning.
What Are the Requirements?
Check with your OEM and ensure they are set up to support Windows AutoPilot if you will be shipping devices directly to your end users. At Ignite 2017 several OEMs have announced their support:
Otherwise, you can collect data from the devices once they have shipped onsite and upload them into the Windows Store for Business to register the devices.
The following are requirements to use AutoPilot:
- Devices must be registered to the organization
- Company branding needs to be configured
- Devices should be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
- Devices must have access to the internet
- Azure AD Premium P1 or P2
- Microsoft Intune or other MDM services to manage your devices
How Do I Set It Up?
The Implementing Windows AutoPilot – the future of device deployment blog provides a good step-by-step overview of implementing Windows AutoPilot. At a high-level you must configure Windows Intune automatic enrollment, configure a deployment policy in Windows Store for Business portal, and either register your device information in the Windows Business portal or have your OEM register it on your behalf.
What Is the User Experience?
Users receive a new Windows 10 PC which they unbox and power up. They are prompted by setup for their language, keyboard layout and connecting to a network. Once connected setup recognizes the device belongs to your organization and the user is prompted to register it as a personal or corporate device. Additional prompts are configured through your Windows AutoPilot deployment policy (privacy, OEM registration, Cortana, OneDrive, etc.).
The user is prompted to sign in with their Azure AD email address and password. The sign-in experience is company branded. After authentication is successful the device joins the Azure AD and is enrolled in Microsoft Intune. As the user logs on to the machine additional software and configuration is applied. This happens either through the MDM policies or through SCCM if you are using Windows Intune with SCCM co-management with a cloud gateway (for Internet-facing clients).
Check out AutoPilot in action in this Microsoft Mechanics video.