Modernizing Windows deployment with Windows AutoPilot


Windows AutoPilot is a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. As Rob Lefferts announced this morning, the Windows AutoPilot Deployment service marks the start of these capabilities. With Windows AutoPilot, IT professionals can customize the Out of Box Experience (OOBE) for Windows 10 PCs and enable end users to take a brand-new Windows 10 device and—with just a few clicks—have a fully-configured device ready for business use. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Most importantly, users can go through the process independently, without making any decisions and without needing to involve IT.

I'm Sidd Mantri, Principal PM Manager for Windows AutoPilot and I'll now explain Windows AutoPilot in a little more detail.

How does Windows AutoPilot Deployment work?

With Windows 10, version 1703 (also referred to as the Creators Update), you can register your organization’s devices with the Windows AutoPilot Deployment service to your Azure Active Directory (Azure AD) tenant and customize the OOBE for your end users using a cloud configuration. This enables users to walk through the self-service deployment of their new Windows 10 devices without needing IT assistance.

Here’s how it works:

  • Hand out a brand new Windows 10 PC to the user.
  • The user unboxes and powers on the new Windows 10 device. With a few clicks (select language, choose keyboard layout, connect to a network), the device is recognized as your organization’s device and delivers the customized OOBE you configured. (Additional steps in the standard Windows 10 OOBE such as choosing between a personal device or a work device, selecting privacy settings, OEM registration, Cortana setup, and OneDrive setup can be skipped using Windows AutoPilot Deployment.)*
  • Once connected to the network, Windows prompts the user to sign with their Azure AD e-mail address and password. (The sign-in experience is branded with your organization’s name and logo before your employee enters their Azure AD sign-in information.)
  • Upon successful authentication, the device joins Azure AD and is automatically enrolled in Microsoft Intune or other mobile device management (MDM) solution.**

Of course, there is no better way to understand this process than to see it in action. Watch this short Microsoft Mechanics video for an overview:

Don’t have time to watch this video now? Bookmark it for easy viewing later.

Some of the benefits of Windows AutoPilot are:

  • Intune can push policies, settings, and configuration to the device, and install Office 365 and other apps without IT ever having to touch the device or apply a custom image to the device.
  • Intune can configure Windows Update for Business to apply the latest updates.
  • The device can automatically upgrade from Windows 10 Pro to Windows 10 Enterprise seamlessly using AAD–no product keys to manage, no reboots, no prompts for the user.***

For Windows AutoPilot Deployment to work, you must register your organization-owned Windows 10 devices to your organization’s Azure AD tenant. This is possible for new Windows 10 PCs acquired from OEMs, distributors, and resellers participating in the Windows AutoPilot Deployment Program. It will soon be possible for OEMs and resellers to take care of this registration automatically on your behalf when fulfilling device orders in the future. Contact your device reseller or OEM partner for their plans to support the Windows AutoPilot Deployment Program.

The Surface team is working with customers and partners to roll out the Windows AutoPilot Deployment program and expects to make it broadly available to customers later this year. Contact your Microsoft Sales team representative for details.

Alternatively, for existing Windows 10 PCs running version 1703 (or higher), you can query the DeviceIDs programmatically and build the deviceID file to register applicable devices into the Windows AutoPilot Deployment service.

When can I start using Windows AutoPilot?

These capabilities are available today for Windows 10, version 1703. To try them out, check out the Windows AutoPilot documentation, which will walk you through the process. The Microsoft Store for Business and Cloud Solution Provider program will provide organizations and partners with the ability to register devices and configure Windows AutoPilot Deployment in the near future. We’re also working with MDM partners to integrate the AutoPilot Deployment configuration experience.

For scenarios where IT will be configuring the device with traditional on-premises or cloud-based modern IT scenarios, Windows Configuration Designer can be used to help automate the process. For simpler school scenarios, the Set Up School PCs app (announced last year) can be used as well. For a comparison of these scenarios, see the Windows AutoPilot overview.

As we move down the path towards modern IT, we will continue to add additional capabilities to Windows AutoPilot to ensure that the process is as simple as possible for both IT and the end user. At the same time, we will strive to provide additional "stepping stone" capabilities for organizations who feel they need to move in more measured increments toward this modern IT future.

New capabilities to Windows AutoPilot that will be added in the Windows 10 Fall Creators Update release later this year include:

  • Self-service deployment for Active Directory domain-joined devices – Windows AutoPilot Deployment will enable self-service deployment capabilities to get new Windows 10 devices into an Active Directory domain-joined state along with Microsoft Intune enrollment.
  • Enhanced personalization for self-service deployment – Windows AutoPilot will offer the ability to pre-assign a new Windows 10 device to a specific user in your organization and deliver a highly-personalized OOBE.
  • Windows AutoPilot Reset – A new reset capability In Windows AutoPilot will enable organizations to easily reset their configured devices while still maintaining MDM enrollment and the Azure AD join state, and automatically get the device back into a business-ready state.

* Starting with Windows 10, version 1703, captive portals are supported in the Windows 10 OOBE, so users can still leverage self-service deployment with Windows AutoPilot when using a Wi-Fi hotspot.

** Automatic enrollment requires an Azure AD Premium subscription.

*** Requires a Windows 10 Enterprise E3 subscription.

How can I learn more about Windows AutoPilot?

For tips on how to best take advantage of Windows AutoPilot in your organization, and a walkthrough of common usage scenarios, stay tuned to this blog and follow us on Twitter @MSWindowsITPro for an announcement about a special Windows AutoPilot webcast in late July.

We'll also be hosting a one-hour "Ask Microsoft Anything" about Windows 10 management event at 9:00 a.m. Pacific Time on July 25th. Members of the Windows engineering and product teams will be standing by to answer your questions.

Windows 10 management AMA

Note: You must be a member of Tech Community to post questions so save the date for the AMA event and visit http://aka.ms/community/Windows10 to join the Windows 10 Tech Community today.

 


Continue the conversation. Find best practices. Visit the Windows 10 Tech Community.

Looking for support? Visit the Windows 10 IT pro forums.


 

Comments (2)

  1. Peter Arians says:

    Hi,

    I’m following the Microsoft Autopilot ideas and I’m trying to automate the deploy of BYOD devices such as Windows Surface and Windows 10 laptops. I have new machines following the OOTB experience to sign in to Azure AD and AutoEnroll in Intune MDM. Once connected I can get machines shipped with Windows 10 Pro to convert to Enterprise and have a number of Policy settings applied however having applications delived overt the MDM channel fails because I cannot set the Timezone remotely and out of the box the Windows Autotimezone Service is not running and I cannot use the custom policy CSP to modify Service setting in the registry so the Autopilot idea fails at this early stage. How can I set the timezone so applications install as soon as the device connects to Intune MDM?
    I’ve asked this question through the Intune MDM support team and they have referred me to the Autopilot team.

    Thanks
    Peter

    1. We are looking at a way to automatically set the timezone for the next feature update due later this year. E-mail me directly (mniehaus@microsoft.com) if you have any questions.

Skip to main content