Windows Autopilot | How It Works & How to Set It Up
Вставка
- Опубліковано 7 сер 2024
- These are the best practices and tips to set yourself up for success with Windows Autopilot. Windows Autopilot is a feature within Intune that allows you to send devices directly from hardware providers to end users.
New device provisioning is foundational to cloud attach and cloud-based update management. During initial Windows setup, Autopilot enables users to enroll their device through Intune device management, so PCs get to a managed and productive state without reimaging.
Principal GPM for Microsoft Windows, Jason Githens, compares Intune enrollment options, including the Company Portal, Workplace Join, Azure AD Join, and Windows Autopilot, then shows how to enable Windows Autopilot for easy device enrollment.
► QUICK LINKS:
00:00 - Introduction
00:39 - Options to enroll devices into Intune
02:56 - Benefits and tradeoffs of Windows Autopilot
04:05 - Admin setup
05:07 - Autopilot settings
07:37 - Tips for success
08:43 - Wrap up
► Link References:
Get started at aka.ms/WindowsAutopilotDocs
Check out our playlist for Windows cloud-based management at aka.ms/ManagementMechanics
► Unfamiliar with Microsoft Mechanics?
As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
• Subscribe to our UA-cam: ua-cam.com/users/MicrosoftMe...
• Talk with other IT Pros, join us on the Microsoft Tech Community: techcommunity.microsoft.com/t...
• Watch or listen from anywhere, subscribe to our podcast: microsoftmechanics.libsyn.com...
• To get the newest tech for IT in your inbox, subscribe to our newsletter: www.getrevue.co/profile/msftm...
► Keep getting this insider knowledge, join us on social:
• Follow us on Twitter: / msftmechanics
• Share knowledge on LinkedIn: / microsoft-mechanics
• Enjoy us on Instagram: / msftmechanics
• Loosen up with us on TikTok: / msftmechanics
#CloudManagement #WindowsAutopilot #Intune #PCEnrollment #Windows #AzureAD #PCConfiguration #Config - Наука та технологія
well produced! and great info, thanks!
Great video! Now all we need is a video just like this, but 1 hour long with more details for every step! :)
Lol
Agreed (:
You should check out intune training UA-cam channel, they have a few videos on the topic with setup walkthrough
Great Great Video. Thank you. I'm a subscriber now & I've shared the link to this video with my Team : )
I love these videos, keep it up!
Thanks brother, clean and a great video
Thank you so much, so useful and informative
Good video. Quick overview. No long winded explanation - which we can find in other videos if we want to.
Glad you liked it
Most informative!
Thank you.
excellent explanation within 10 minuts instead of long long videos
Glad it was helpful!
Thank you for this video
Nice Explanation about autopilot process
Thank you!
@Microsoft Mechanics, My question would be, if you do not have the Hardware IDs, can you use auto pilot using only a user account that has permissions and license to join computers to Azure and that Azure has auto enrollment configured?
Is there a way to enroll already registered intune devices to autopilot?
Does Windows Autopilot ESP honour Delivery Optimization settings?
What kind of job envirment requieres this type of work?
At 6:05 there's mention of assigning an Autopilot device to a user and having it say "Welcome ". I thought this was disabled because of security concerns? Or was that only preprovisioning that was affected?
It was disabled
I have around 20 machines which has all been azure joined a while back, and as summer ends and school starts again, I am resetting them with Auto pilot reset, but it has been saying pending on around 15 of them for 4 hours now, what is up with that? :)
2.40 I see that a Apple Macbook now also works with Windows 11 and Autopilot. Are there no extra steps needed for Apple?
There are a lot of extra steps for Apple devices. You'll need to pay for expensive Microsoft hand holding. This is a shit solution from a shit company. Good luck even following their documentation. It's like a portal to the dyslexic dimension.
Is MS Endpoint Manager called Intune now?
hello great video may i when you create profile and the assign group what is better assign it to groups that containing users or computers
It depends on the scenario. User assignment is a bit more future proof, but if you buy a batch group of machines that need the same config from the profile, then the device group could be better, but not always.
Hi there so if I have already devices as hybrid that is being synced from AD if I make them an Autopilot device they will be added as a serial number I assum they also have to be in Intune so I can trigger a fresh start? I’m a bit confused with already existing devices, for brand new devices it is easy though, any help would be great
Another video explained you will have to run a script for already joined AD devices.
Can anyone provide some hardware vendors that can add newly purchased devices into Windows Autopilot? Im currently buying devices from Best Buy and importing them on my own.
Hmm regarding the point made at 1:20 - I've had users self enroll from the settings page and their devices DO infact register to Azure as Hybrid Joined devices. Am i missing something?
Depends on automatic device enrollment configuration in Azure AD. This article also explains the pros and cons of each Intune enrollment option: learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-methods
@@MSFTMechanics ahh ok that makes sense, thanks for that. Panicked for a sec thinking id have to go back and vhange everything 😅
Everyone says that Intune and Autopilot are replacing system imaging, but I don't really see how this does anything close. It lacks a LOT of features and settings that I'd come to expect from a replacement of a system image.
The basic answer is that MS expects you to be fine with the VLSC image and just tweak it with scripts, policies and configuration URIs. It's not supposed to "replace" OSD, it's supposed to obsolete OSD. That was the original idea. Stick around a year or two and the goalposts will shift 500 miles and it'll all be rebranded again.
Exactly, a lot of work, and of course, additional licensing needed for this functionality, and I can make an image in 15 minutes for what I need, refresh the image once in awhile, and have everything I need for most user groups. I get what they are trying to do here, but it is just a big licensing/dependency play for MS to get your $$$$ and really not save you any time in the process.
It would have been great if you showed exactly what the user needs to do right after they open up the box. I.e. - is it hit the Windows key 5 times. And then show what happens.
Is Ms autopilot works only on Windows 11?
It also works for supported Windows 10 releases.
But what about PPKG’s? Why not cover them Microsoft? Autopilot is great, just not for shared devices. FYI, Windows Configuration Design locks down to a single tenant during getting the bulk token, this makes MSP life difficult. I have to run WCD in VMs and revert checkpoints each time I make a new ppkg for a different clients. WCD also let’s me add Wifi and apps, settings to the device via a ppkg (At OOBE, Windows 10/11 have to be Pro to use a ppkg).
Some love for PPKG's would be really welcome.
Additional tip for success: Don't use the enrolment status page unless you have a good reason to.
Want to elaborate? :) Is this true for both AADJ as well as Autopilot?
@@reguitarded yes for both. You don't want an endpoint to fail the whole enrolment just because there is some latency issue outside of your control. In most cases, it is fine to let the user get straight to their desktop and the remaining tasks will complete in the background.
@@mintlou I agree with your reasoning, but wouldn't this be solved by setting "Block device use until all apps and profiles are installed" to "No"?
ESP equals more IT headaches.
Depends on the security policies in place. Every company is different. Many would want base security agents to be installed prior to a user hitting the desktop. As long as your apps are packaged and scripted properly and you don't mix LOB and Win32 apps, ESP is very reliable - although I'd agree about disabling the User ESP portion
I guess what I don't understand is how is an Admin going to enforce a certain OOBE when the device isn't connected to AAD to sync with the policy in the first place? It's like a chicken before the egg problem in my head.
That's exactly what this solves for. Before the device connects to the Internet, its unique hardware ID is associated with your org and AAD tenant, then in OOBE once you connect to the internet for specialization, it pushes policy down to the device. It's like you've identified the chicken so your org owns it before it crosses the road
@@MSFTMechanics but the deployment profiles are group-based. And the device can't be assigned to a group until it checks in with AAD. I can't tell the device how to perform the OOBE until the user powers on the device and allows the check in with AAD. By then the OOBE is over.
@@Thecolonelshinn That's not entirely correct. There is a difference between an AAD joined device and an Autopilot registered device. An Autopilot registered device doesn't necessarily have any AAD object associated with it. Instead, the Autopilot device is recognized via the hardware hash of the device. The hardware hash is imported into Intune (or other MDM solution) and then becomes an Autopilot device via the hardware hash. You can build device groups that contain Autopilot devices, and then assign the Autopilot profile to that device group. When OOBE runs, it checks to see if any Autopilot registered device (NOT AAD device) has an Autopilot profile deployed to it, and if it does, it picks up the Autopilot profile and runs it.
First (again) - wow, I'm great :P.
Oh yeah and good video (again) ;).
🤠🤠🤠🤠🤠😎😎😎😎
he is like a robot hahahah
So you are showing a Macbook with Windows running on it???? Left off the part about all of the additional licensing and costs per user this requires, otherwise, all of this is moot. Part of MS's master plan to put everybody on their cloud and have all of their server, devices, licensing etc...more than increasing your costs in the end by 8 fold.