Implementing Windows Autopilot - the future of device deployment

By Paul Winstanley, Microsoft System Center Configuration Manager Consultant, SCCM Solutions Ltd. He has 22 years experience in IT and is a community leader at Windows Management User Group (WMUG) and blogs at sccmentor.com. He was recently awarded MVP in Enterprise Mobility.

Microsoft has recently unveiled Autopilot, a new and emerging solution designed to allow you to setup and pre-configure devices for your environment, with little or no infrastructure in place.

The idea behind Autopilot is to remove some of the complexity of your current operating system deployment, reducing the task down to a set of simple settings and operations that can get your device ready to use, out of the box, quickly and efficiently.

Autopilot is a cloud-centric solution, your devices will need line of site to the Internet to pick up settings and configure correctly.

The Windows 10 Creators Update is required to get you started with Autopilot. Current configuration choices are limited but this is expected to grow with the Fall update due imminently.

If you are already aware of the Apple Device Enrollment Program (DEP), then Autopilot is similar. A unique hardware identifier can be pre-registered before the device is turned on, and when shipped to the user and connected to the Internet all the configuration, branding, software and compliancy can be pushed down to the device.

The following pre-requisites must be in place for Autopilot to work:

  • A device, pre-installed with Windows 10 Creators Update (1703 release) and with Internet access
  • Sufficient rights to the Azure portal
  • Intune account, or another MDM solution, to manage devices
  • Sufficient rights on the Windows Store for Business
  • An Azure AD premium P1 or P2 subscription

You can try Autopilot right now. The following details what you need to do to experience this first hand.

Gather data for Autopilot

You'll need to gather some information from your device. The idea with Autopilot is that your suppliers will be able to populate this information for you, but you can upload this information yourself.

You can either collect this information from within the OS and reset the machine, or you can invoke a CMD prompt from the OOBE phase, when the device powers on for the first time, to do this press Shift+F10.

Three bits of information are required and to collate this run the following commands (Note the last two commands are PowerShell commands and that you need administrator rights to execute) :

 wmic bios get serialnumber
 Get-ItemPropertyValue "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey\" "ProductId"
 $wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'"
$wmi.DeviceHardwareData | Out-File "($env:COMPUTERNAME).txt"

The resultant information needs to be stored in a .csv file and the format needed is comma separated as follows:

 Device Serial Number,Windows Product ID,Hardware Hash
9695-7543-8434-9503-5022-9771-82,00330-80000-00000-AA342,T0GoAQEAHAAAAAoA4wHXOgAACgCetcetc

You can repeat this process for all the devices you wish to Autopilot and add them to the same .csv file.

Configuring Autopilot in the Windows Store for Business

With data collected and ready to upload, go to the Windows Store for Business portal and log in. Then click Manage\Devices

 

2017-08-28 16_52_12-Microsoft Store for Business.jpg

 

Click the AutoPilot deployment drop down and choose Create New Profile

 

2017-08-28 16_55_19-Microsoft Store for Business.jpg

 

At present the following choices are available to the Windows 10 Creators Update:

  • Skipping Work or Home usage selection (Automatically enabled)
  • Skipping OEM registration, OneDrive and Cortana (Automatically enabled)
  • Skipping privacy settings
  • Preventing the account used to set-up the device from getting local administrator permissions

Enable Skip Privacy Settings and Disable local admin account creation on the device. Then click Create.

 

2017-08-28 16_57_11-Microsoft Store for Business.jpg

 

Next you need to import the device or devices from the csv file that was created. To do this, click the Add Devices link.

 

2017-08-28 17_01_53-Microsoft Store for Business.jpg

 

Select the csv file for import.

 

2017-08-28 17_02_56-Open.jpg

 

Enter a relevant name for the group of devices you are importing.

 

2017-08-28 17_03_45-Microsoft Store for Business.jpg

 

Notice that the devices are being imported and you have to wait for this process to complete.

 

2017-08-28 17_04_52-Microsoft Store for Business.jpg

 

With the device/s imported, the next step is to assign the Autopilot profile to the device. Select the device/s and click the Autopilot deployment drop down and choose your profile. Once again, you will be informed that the request is being processed.

 

2017-08-28 17_07_02-Microsoft Store for Business.jpg

 

Once the profile has applied, you will see it assigned against against the device.

 

2017-08-29 20_09_25-Microsoft Store for Business.jpg

 

You are now in a position to fire up your Windows 10 device and let Autopilot do its work.

Autopilot in action

Before you fire up your Windows 10 device, make sure that you are auto enrolling your devices in Intune, or other MDM solution. Microsoft has an excellent guide on how to do this here.

With your Windows 10 device Internet connected, you'll be prompted to choose the region and keyboard settings that you prefer. After this is done your device will inform you that things are happening

 

OOBE-004.JPG

 

After a restart, you will be presented with your work login. It's as simple as that. 

 

OOBE-015.JPG

 

With your MDM solution of choice in place, you can start to push down applications, compliancy and settings to the device or end user. For example, you can push the latest Office 365 release direct from Intune, and this will stream down in the background.

It's going to be interesting to see where Microsoft takes Autopilot with the next release, the Creators Update, and what impact this will have overtime on traditional on-prem Windows image deployment mechanisms.

Further viewing

Microsoft has published a couple of Autopilot videos that are worth taking a look at.