Andrew Bettany, profile picture
Uploaded byAndrew Bettany
PPTX, PDF5,413 views

5 modern desktop - windows autopilot

Windows Autopilot provides a streamlined way to deploy Windows 10 devices with minimal user interaction. It involves three main steps: 1) registering devices in Azure Active Directory, 2) assigning an Autopilot profile in Intune to configure settings, and 3) shipping devices to end users who can sign in and be productive immediately. Key benefits include reduced IT workload and costs compared to traditional imaging. Various deployment modes like user-driven or self-deploying are available. Windows Autopilot requires Azure AD Premium and Microsoft Intune for device management capabilities.

Embed presentation

Downloaded 342 times
Windows Autopilot Andrew Bettany MCT, MVP IT Masterclasses Ltd andrew@itmasterclasses.com
Traditional Windows deployment // The old way Build a custom image, gathering everything else that’s necessary to deploy Time means money, making this an expensive proposition Deploy image to a new computer, overwriting what was originally on it DRIVERS POLICIES OFFICE & APPS SETTINGS
Modern Windows deployment // The new way Un-box and turn on off-the-shelf Windows PC Device is ready for productive use Transform with minimal user interaction
Key Benefits: No more maintenance of images and drivers No need for IT to touch the devices Simple process for users and IT Integration in the device supply chain Reset device back to a business ready state Device lifecycle management with Windows Autopilot and Intune Business ready Break fix RetirementManagementProcurement Deployment
OEM-optimized Windows 10 + Software + Settings + Updates + Features + User data Ready for productive use The transformation
Windows Autopilot deployment Three simple steps Register devices Assign an Autopilot profile to the devices Ship the device to the user Cloud driven
Administering Windows Autopilot Microsoft Store for Business Microsoft Intune / Microsoft 365 Device Management Partner Center Microsoft 365 Business
Step 1. Registering devices
OEM Device registration Clean images  Free  $30/PC offering (Targeting later CY19)  $3 option  $5/device  Free; additional offerings at $5/PC and $8-35/PC  Free  Free Major OEM status Notes: Initially customers will register existing devices for testing/validation They will want to know about OEM offerings, to make sure they can eventually have the OEM register devices for them Dell: $30/PC offering includes device registration, clean image or custom image loading, and choice of N, N-1, or N-2 Windows 10 releases Lenovo: $5/PC offering removes most apps from the OS; $8-35/PC offering allows choice of N, N-1, N-2 Windows 10 releases and offers preloading of up to five Win32 apps HP: Pilot program available today, they will e-mail a spreadsheet to the customer so the customer can upload the devices via MSfB
OEMs, distributors, and resellers make the process easy: • Automatically add new devices to Azure tenant at time of shipment • Associate devices to customer’s purchase order for easy device grouping • Tag devices with a customer specified label • Provide an preinstalled image that is ready for configuration* For a list of those supporting Windows Autopilot supply chain integration please visit: https://aka.ms/WindowsAutopilot Registering new devices Supply chain integration
If you have existing Windows 10 devices: • Enable new Autopilot profile setting for all targeted devices • Ensure the Autopilot profile is assigned to a group containing the existing Windows 10 devices If your existing Windows 10 devices are not yet Intune- managed: • Enable co-management with ConfigMgr via the “Automatic enrollment into Intune” setting. (See https://docs.microsoft.com/en- us/sccm/core/clients/manage/co-management-overview#enable-co-management) • Ensure all new Intune-enrolled Windows 10 devices are part of a group with an assigned Autopilot profile Registering existing devices Automatically for all Intune-managed Windows 10 devices
To register existing devices: • Use the PowerShell script available at https://www.powershellgallery.com/packages/Get- WindowsAutopilotInfo • Run for each device (requires Windows 10 1703 or higher) • Upload resulting CSV file via Intune portal • See https://docs.microsoft.com/en- us/windows/deployment/windows-autopilot/add- devices#collecting-the-hardware-id-from-existing-devices- using-powershell for more information Great for testing and validation with existing devices and virtual machines Registering existing devices Manually for existing devices
Registering devices // Summary Microsoft IntunePartner CenterOEM API
Step 2. Assign profile
Configure important details: • Deployment mode • Specific settings required for the deployment mode • New! BitLocker encryption even for non-admin users (requires Windows 10 1809) • Out-of-box experience (OOBE) settings • New! Hide change account options (requires Windows 10 1809) • New! Device naming pattern, supporting variable substitution (requires Windows 10 1809): • %SERIAL% • %RAND:x% (where X is the number of digits) Creating an Autopilot profile
If you have existing Windows 10 devices: • An Azure AD device object is automatically created for each imported Autopilot device • Create one or more Azure AD groups • Assign an Autopilot profile to the Azure AD group • Intune will automatically assign the profile to all members of the assigned group Options for grouping: • Dynamic group with all Autopilot devices • Dynamic group based on purchase order ID • Dynamic group based on device tag (orderID) • Manual Assigning an Autopilot profile Automated using groups
Creating a group with all Autopilot devices
Creating a group for a device tag (Order ID)
Assigning a profile
Registering devices // Flow
Step 3. Deploy!
Windows Autopilot overview Configure Windows Autopilot profile Self-servicedeploy Device IDs Hardware Vendor IT Admin Ship Deliver direct to Employee Employee unboxes device, self-deploys IntuneWindows Autopilot Device sync Autopilot profile sync
Windows Autopilot // Licensing requirements One of the following, to provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality: • Microsoft 365 Business subscriptions • Microsoft 365 F1 subscriptions • Microsoft 365 Academic subscriptions • Microsoft 365 Enterprise E3 or E5 subscriptions • Enterprise Mobility + Security E3 or E5 subscriptions, which include all needed Azure AD and Intune features • Azure Active Directory Premium P1 or P2 and Intune subscriptions (or an alternative MDM service)
Azure Active Directory https://docs.microsoft.com/en-us/intune/windows- enroll#enable-windows-10-automatic-enrollment https://docs.microsoft.com/en-us/azure/active- directory/fundamentals/customize-branding Intune:
Ensure policies, apps and settings are complete prior to the end user gaining access to the desktop Confirm minimum baseline requirements Protect data during device set up Deliver a compliant secure device Personalize the out of box experience New! Unlock Windows 10 in S mode (requires Windows 10 1809) Requirements Windows 10, version 1803 (with May cumulative update or later) Azure Active Directory Premium Microsoft Intune Windows Autopilot Enrollmentstatuspage
Scenarios
AVAILABLE in 1809AVAILABLE in 1809AVAILABLE in 1809AVAILABLE Windows Autopilot // Deployment Scenarios User-driven mode with Azure AD Join Windows 10 1703 and above Join device to Azure AD, enroll in Intune/MDM Windows Autopilot for existing devices Windows 10 1809 and above Windows 7 to Windows 10 ConfigMgr task sequence, followed by Windows Autopilot user-driven mode Self-deploying mode Windows 10 1809 and above No need to provide credentials, automatically joins Azure AD User-driven mode with Hybrid Azure AD join Windows 10 1809 and above Join device to AD, enroll in Intune/MDM
User-driven deployment with Azure AD
Windows Autopilot // User-driven deployment with Azure AD Prerequisites: Windows 10 version 1703 Azure Active Directory Premium Microsoft Intune Steps: 1. Device connected to internet network 2. Register device with Windows Autopilot 3. Assign Intune Autopilot Profile configured for Azure AD join 4. Boot device
Design notes Should be done by the end user User authenticates with Azure AD from the start Choose between admin and non-admin Typically for single-user (not shared) devices
User-driven deployment with Azure AD
Self-deploying mode
Windows Autopilot // Self-deploying mode with Azure AD Prerequisites: Windows 10 version 1809 Azure Active Directory Premium Microsoft Intune Device with TPM 2.0 Steps: 1. Device connected to internet 2. Register device with Windows Autopilot 3. Assign Intune Autopilot Profile configured for self-deploying mode 4. Boot device
VDI clients Digital signage Single app kiosk Multi app kiosk Shared PC How would you use Autopilot to deploy…
Design notes Technicians usually set up these types of devices No defined user to auth or set up the device May not have peripherals (keyboards, mice, etc.) Typically involve “walk up and use” scenarios
Self-deploying mode (kiosks)
for existing devices
Windows Autopilot // Windows Autopilot for existing devices Prerequisites: Windows 10 version 1809 Azure Active Directory Premium Microsoft Intune System Center Configuration Manager OneDrive for Business Steps: 1. Create task sequence to deploy generic Windows 10 image with needed drivers (wipe-and-load) 2. Migrate data to OneDrive for Business (in advance) 3. Deploy task sequence to existing Windows 7 devices, installing Windows 10 and proceeding through Windows Autopilot user-driven process to join device to Azure AD
January 14, 2020
Windows Autopilot
Design notes Upgrading the OS is just part of the problem Need to migrate user data from Win7 to Win10 Unable to harvest hardware hashes in Win7
Autopilot for existing devices
Roadmap
AVAILABLE in 1903AVAILABLE in 1903AVAILABLE in 1903 Windows Autopilot // New in Windows 10 1903! Windows Autopilot “White Glove” Windows 10 1903 and above White glove partners or IT staff can pre-provision Windows 10 PC to be fully configured and business- ready for an org or user ESP enhancements Windows 10 1903 and above ESP tracks Intune Management Extensions, SCCM and Office installs IT admin can choose what apps block during ESP through Intune Cortana voiceover disabled in OOBE Windows 10 1903 and above Cortana voiceover disabled by default for Pro and above SKUs AVAILABLE in 1903 Self-updating Autopilot Windows 10 1903 and above Enable new Windows Autopilot functionality without updating Windows.
White Glove
Continue in English? English Next Would you like to continue in English?  Next Let’s take an alternate path though by pressing a key combination
Now we can go look for any updates…  Alright, you’re connected. Now we can go look for any updates…
Setting up your device for work This could take a while and your device may need to reboot. Device preparation Show details Joined to Hybrid/Azure AD and enrolled into Intune
Setting up your device for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
Setting up your device for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
Setting up your device for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
Setting up your device for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
Setting up your device for work This could take a while and your device may need to reboot. Device setup Account setup Device preparation Show details Show details Show details {optionally} user- targeted apps can be processed
Setting up your device for work This could take a while and your device may need to reboot. Device setup Account setup Device preparation Show details Show details Show details
Setting up your device for work This could take a while and your device may need to reboot. Device setup Account setup Device preparation Show details Show details Show details
Now the device (with all apps, updates, and policies applied) can be shipped to the user…
5 modern desktop - windows autopilot

More Related Content

PDF
Windows Autopilot (1).pdf
byabhipotdar
 
PPTX
End to End Guide Windows AutoPilot Process via Intune
byAnoop Nair
 
PDF
Modern Devices Management
byAtanas Gergiminov
 
PDF
Microsoft Intune - Global Azure Bootcamp 2018
byJoTechies
 
PPTX
Modernise your Windows 10 deployment with Windows Autopilot
byAndrew Bettany
 
PPTX
Modern deployment with Autopilot and Azure AD
byFabian Niesen
 
PPTX
Get started with Windows AutoPilot Deployment
byMicrosoft
 
PPTX
Managing iOS with Microsoft Intune
bySimon May
 
Windows Autopilot (1).pdf
byabhipotdar
 
End to End Guide Windows AutoPilot Process via Intune
byAnoop Nair
 
Modern Devices Management
byAtanas Gergiminov
 
Microsoft Intune - Global Azure Bootcamp 2018
byJoTechies
 
Modernise your Windows 10 deployment with Windows Autopilot
byAndrew Bettany
 
Modern deployment with Autopilot and Azure AD
byFabian Niesen
 
Get started with Windows AutoPilot Deployment
byMicrosoft
 
Managing iOS with Microsoft Intune
bySimon May
 

What's hot

PDF
Windows Autopilot - Workplace Nijna Summmit 2020
byRonni Pedersen
 
PPTX
Microsoft 365 UG Windows Autopilot 1st May 2019
byAndrew Bettany
 
PDF
Introduction to Microsoft 365 Enterprise
byRobert Crane
 
PPTX
Microsoft intune
byManishKumar959920
 
PDF
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
byDavid J Rosenthal
 
PPTX
Windows intune
byIron Cove Solutions
 
PPTX
Enterprise Mobility Suite-Microsoft Intune
byLai Yoong Seng
 
PPTX
EPC Group Intune Practice and Capabilities Overview
byEPC Group
 
PDF
An introduction to Defender for Business
byRobert Crane
 
PDF
Working with MS Endpoint Manager
byGeorge Grammatikos
 
PPTX
Azure active directory
byRaju Kumar
 
PPTX
Microsoft Intune-Windows Hello-Presentation
byfirassaltal
 
PPTX
Azure Automation and Update Management
byUdaiappa Ramachandran
 
PPTX
Modern Workplace with Microsoft 365
byRavikumar Sathyamurthy
 
PPTX
Learn More About Microsoft Teams
byDock 365
 
PDF
Azure Active Directory
bySovelto
 
PPTX
Intune Concept.pptx
byjmbrrvgzhr
 
PDF
Introduction to microsoft teams
byStuartDow5
 
PPTX
Microsoft Azure cloud services
byNajeeb Khan
 
PDF
Introduction to Azure
byRobert Crane
 
Windows Autopilot - Workplace Nijna Summmit 2020
byRonni Pedersen
 
Microsoft 365 UG Windows Autopilot 1st May 2019
byAndrew Bettany
 
Introduction to Microsoft 365 Enterprise
byRobert Crane
 
Microsoft intune
byManishKumar959920
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
byDavid J Rosenthal
 
Windows intune
byIron Cove Solutions
 
Enterprise Mobility Suite-Microsoft Intune
byLai Yoong Seng
 
EPC Group Intune Practice and Capabilities Overview
byEPC Group
 
An introduction to Defender for Business
byRobert Crane
 
Working with MS Endpoint Manager
byGeorge Grammatikos
 
Azure active directory
byRaju Kumar
 
Microsoft Intune-Windows Hello-Presentation
byfirassaltal
 
Azure Automation and Update Management
byUdaiappa Ramachandran
 
Modern Workplace with Microsoft 365
byRavikumar Sathyamurthy
 
Learn More About Microsoft Teams
byDock 365
 
Azure Active Directory
bySovelto
 
Intune Concept.pptx
byjmbrrvgzhr
 
Introduction to microsoft teams
byStuartDow5
 
Microsoft Azure cloud services
byNajeeb Khan
 
Introduction to Azure
byRobert Crane
 

Similar to 5 modern desktop - windows autopilot

PPTX
SpiceWorks All Access IT 2019 Windows Autopilot
byAndrew Bettany
 
PPTX
MD-102T00-Exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx .pptx
bymloga861
 
PDF
Llunitebe2018 implement modern management as like brewing a beer
byKenny Buntinx
 
PPTX
Microsoft 365 Endpoint Administrator Presentation
byHamzaShafiq57
 
DOCX
Windows Autopilot & Microsoft Intune_ Key Features, Benefits, and Drawbacks.docx
byEnterprise Laplink
 
PDF
MCT Global Summit 2018 - AutoPilot - The power of user-based deployment
byFabian Niesen
 
PPTX
Windows 10 Autopilot #BITPro User Group Event
byAnoop Nair
 
PPTX
MS Experiences 2017 - Mise en œuvre du concept de Modern IT ou comment vous s...
byMaelle Glemarec
 
PDF
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
byAlexander Benoit
 
PPTX
Security at the endpoint or flying by autopilot
byOwen Allen
 
PPTX
Hied device Autopilot in Microsoft inTune
byRafaelw23
 
PDF
Modern Desktop Management Series Sessions
byssuserea3aad1
 
PPTX
Tdswe 1810 learn how to create a secure and modern windows device
byPer Larsen
 
PPTX
SCUGDK 1803 Windows Autopilot
byPer Larsen
 
PDF
July 2018 Azure Need to Know Webinar
byRobert Crane
 
PPTX
Ewug 1902 what is new in modern management
byPer Larsen
 
PDF
Ngn ngi windows 10 beheer
byNgi-NGN Online
 
PPTX
Understand_device_management_using_Microsoft_Intune_(1)[1].pptx
byAsif Alam
 
PDF
Device Setup with Zero-Touch Deployment for Windows 10 and 11.pdf
byIT Partner
 
PDF
828275126-INTUNE-Instructor-Handout-V1-7.pdf
byYohannaMonsalvez1
 
SpiceWorks All Access IT 2019 Windows Autopilot
byAndrew Bettany
 
MD-102T00-Exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx .pptx
bymloga861
 
Llunitebe2018 implement modern management as like brewing a beer
byKenny Buntinx
 
Microsoft 365 Endpoint Administrator Presentation
byHamzaShafiq57
 
Windows Autopilot & Microsoft Intune_ Key Features, Benefits, and Drawbacks.docx
byEnterprise Laplink
 
MCT Global Summit 2018 - AutoPilot - The power of user-based deployment
byFabian Niesen
 
Windows 10 Autopilot #BITPro User Group Event
byAnoop Nair
 
MS Experiences 2017 - Mise en œuvre du concept de Modern IT ou comment vous s...
byMaelle Glemarec
 
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...
byAlexander Benoit
 
Security at the endpoint or flying by autopilot
byOwen Allen
 
Hied device Autopilot in Microsoft inTune
byRafaelw23
 
Modern Desktop Management Series Sessions
byssuserea3aad1
 
Tdswe 1810 learn how to create a secure and modern windows device
byPer Larsen
 
SCUGDK 1803 Windows Autopilot
byPer Larsen
 
July 2018 Azure Need to Know Webinar
byRobert Crane
 
Ewug 1902 what is new in modern management
byPer Larsen
 
Ngn ngi windows 10 beheer
byNgi-NGN Online
 
Understand_device_management_using_Microsoft_Intune_(1)[1].pptx
byAsif Alam
 
Device Setup with Zero-Touch Deployment for Windows 10 and 11.pdf
byIT Partner
 
828275126-INTUNE-Instructor-Handout-V1-7.pdf
byYohannaMonsalvez1
 

More from Andrew Bettany

PPTX
4 Modern Security - Integrated SecOps and incident response with MTP
byAndrew Bettany
 
PPTX
3 Modern Security - Secure identities to reach zero trust with AAD
byAndrew Bettany
 
PPTX
2 Modern Security - Microsoft Information Protection
byAndrew Bettany
 
PPTX
1 Modern Security - Keynote
byAndrew Bettany
 
PPTX
4 Modern Desktop - Planning a Modern Desktop Deployment
byAndrew Bettany
 
PPTX
3 modern desktop - office 365 pro plus deployment + servicing
byAndrew Bettany
 
PPTX
2 modern desktop - windows deployment & servicing
byAndrew Bettany
 
PPTX
1 modern desktop - shift to a modern desktop
byAndrew Bettany
 
PDF
Windows User Group June 2016 Windows 10
byAndrew Bettany
 
PPTX
Threescore years and ten
byAndrew Bettany
 
4 Modern Security - Integrated SecOps and incident response with MTP
byAndrew Bettany
 
3 Modern Security - Secure identities to reach zero trust with AAD
byAndrew Bettany
 
2 Modern Security - Microsoft Information Protection
byAndrew Bettany
 
1 Modern Security - Keynote
byAndrew Bettany
 
4 Modern Desktop - Planning a Modern Desktop Deployment
byAndrew Bettany
 
3 modern desktop - office 365 pro plus deployment + servicing
byAndrew Bettany
 
2 modern desktop - windows deployment & servicing
byAndrew Bettany
 
1 modern desktop - shift to a modern desktop
byAndrew Bettany
 
Windows User Group June 2016 Windows 10
byAndrew Bettany
 
Threescore years and ten
byAndrew Bettany
 

Recently uploaded

PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
API-First Architecture in Financial Systems
bycyy111112
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 

5 modern desktop - windows autopilot

  • 1.
    Windows Autopilot Andrew BettanyMCT, MVP IT Masterclasses Ltd andrew@itmasterclasses.com
  • 2.
    Traditional Windows deployment// The old way Build a custom image, gathering everything else that’s necessary to deploy Time means money, making this an expensive proposition Deploy image to a new computer, overwriting what was originally on it DRIVERS POLICIES OFFICE & APPS SETTINGS
  • 3.
    Modern Windows deployment// The new way Un-box and turn on off-the-shelf Windows PC Device is ready for productive use Transform with minimal user interaction
  • 4.
    Key Benefits: No moremaintenance of images and drivers No need for IT to touch the devices Simple process for users and IT Integration in the device supply chain Reset device back to a business ready state Device lifecycle management with Windows Autopilot and Intune Business ready Break fix RetirementManagementProcurement Deployment
  • 5.
    OEM-optimized Windows 10 +Software + Settings + Updates + Features + User data Ready for productive use The transformation
  • 6.
    Windows Autopilot deployment Three simplesteps Register devices Assign an Autopilot profile to the devices Ship the device to the user Cloud driven
  • 7.
    Administering Windows Autopilot Microsoft Storefor Business Microsoft Intune / Microsoft 365 Device Management Partner Center Microsoft 365 Business
  • 8.
  • 10.
    OEM Device registrationClean images  Free  $30/PC offering (Targeting later CY19)  $3 option  $5/device  Free; additional offerings at $5/PC and $8-35/PC  Free  Free Major OEM status Notes: Initially customers will register existing devices for testing/validation They will want to know about OEM offerings, to make sure they can eventually have the OEM register devices for them Dell: $30/PC offering includes device registration, clean image or custom image loading, and choice of N, N-1, or N-2 Windows 10 releases Lenovo: $5/PC offering removes most apps from the OS; $8-35/PC offering allows choice of N, N-1, N-2 Windows 10 releases and offers preloading of up to five Win32 apps HP: Pilot program available today, they will e-mail a spreadsheet to the customer so the customer can upload the devices via MSfB
  • 11.
    OEMs, distributors, andresellers make the process easy: • Automatically add new devices to Azure tenant at time of shipment • Associate devices to customer’s purchase order for easy device grouping • Tag devices with a customer specified label • Provide an preinstalled image that is ready for configuration* For a list of those supporting Windows Autopilot supply chain integration please visit: https://aka.ms/WindowsAutopilot Registering new devices Supply chain integration
  • 12.
    If you haveexisting Windows 10 devices: • Enable new Autopilot profile setting for all targeted devices • Ensure the Autopilot profile is assigned to a group containing the existing Windows 10 devices If your existing Windows 10 devices are not yet Intune- managed: • Enable co-management with ConfigMgr via the “Automatic enrollment into Intune” setting. (See https://docs.microsoft.com/en- us/sccm/core/clients/manage/co-management-overview#enable-co-management) • Ensure all new Intune-enrolled Windows 10 devices are part of a group with an assigned Autopilot profile Registering existing devices Automatically for all Intune-managed Windows 10 devices
  • 13.
    To register existingdevices: • Use the PowerShell script available at https://www.powershellgallery.com/packages/Get- WindowsAutopilotInfo • Run for each device (requires Windows 10 1703 or higher) • Upload resulting CSV file via Intune portal • See https://docs.microsoft.com/en- us/windows/deployment/windows-autopilot/add- devices#collecting-the-hardware-id-from-existing-devices- using-powershell for more information Great for testing and validation with existing devices and virtual machines Registering existing devices Manually for existing devices
  • 14.
    Registering devices //Summary Microsoft IntunePartner CenterOEM API
  • 15.
  • 16.
    Configure important details: •Deployment mode • Specific settings required for the deployment mode • New! BitLocker encryption even for non-admin users (requires Windows 10 1809) • Out-of-box experience (OOBE) settings • New! Hide change account options (requires Windows 10 1809) • New! Device naming pattern, supporting variable substitution (requires Windows 10 1809): • %SERIAL% • %RAND:x% (where X is the number of digits) Creating an Autopilot profile
  • 17.
    If you haveexisting Windows 10 devices: • An Azure AD device object is automatically created for each imported Autopilot device • Create one or more Azure AD groups • Assign an Autopilot profile to the Azure AD group • Intune will automatically assign the profile to all members of the assigned group Options for grouping: • Dynamic group with all Autopilot devices • Dynamic group based on purchase order ID • Dynamic group based on device tag (orderID) • Manual Assigning an Autopilot profile Automated using groups
  • 18.
    Creating a groupwith all Autopilot devices
  • 20.
    Creating a groupfor a device tag (Order ID)
  • 22.
  • 24.
  • 25.
  • 26.
    Windows Autopilot overview Configure Windows Autopilotprofile Self-servicedeploy Device IDs Hardware Vendor IT Admin Ship Deliver direct to Employee Employee unboxes device, self-deploys IntuneWindows Autopilot Device sync Autopilot profile sync
  • 27.
    Windows Autopilot //Licensing requirements One of the following, to provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality: • Microsoft 365 Business subscriptions • Microsoft 365 F1 subscriptions • Microsoft 365 Academic subscriptions • Microsoft 365 Enterprise E3 or E5 subscriptions • Enterprise Mobility + Security E3 or E5 subscriptions, which include all needed Azure AD and Intune features • Azure Active Directory Premium P1 or P2 and Intune subscriptions (or an alternative MDM service)
  • 28.
  • 29.
    Ensure policies, appsand settings are complete prior to the end user gaining access to the desktop Confirm minimum baseline requirements Protect data during device set up Deliver a compliant secure device Personalize the out of box experience New! Unlock Windows 10 in S mode (requires Windows 10 1809) Requirements Windows 10, version 1803 (with May cumulative update or later) Azure Active Directory Premium Microsoft Intune Windows Autopilot Enrollmentstatuspage
  • 30.
  • 31.
    AVAILABLE in 1809AVAILABLEin 1809AVAILABLE in 1809AVAILABLE Windows Autopilot // Deployment Scenarios User-driven mode with Azure AD Join Windows 10 1703 and above Join device to Azure AD, enroll in Intune/MDM Windows Autopilot for existing devices Windows 10 1809 and above Windows 7 to Windows 10 ConfigMgr task sequence, followed by Windows Autopilot user-driven mode Self-deploying mode Windows 10 1809 and above No need to provide credentials, automatically joins Azure AD User-driven mode with Hybrid Azure AD join Windows 10 1809 and above Join device to AD, enroll in Intune/MDM
  • 32.
  • 33.
    Windows Autopilot //User-driven deployment with Azure AD Prerequisites: Windows 10 version 1703 Azure Active Directory Premium Microsoft Intune Steps: 1. Device connected to internet network 2. Register device with Windows Autopilot 3. Assign Intune Autopilot Profile configured for Azure AD join 4. Boot device
  • 34.
    Design notes Should bedone by the end user User authenticates with Azure AD from the start Choose between admin and non-admin Typically for single-user (not shared) devices
  • 35.
  • 37.
  • 38.
    Windows Autopilot //Self-deploying mode with Azure AD Prerequisites: Windows 10 version 1809 Azure Active Directory Premium Microsoft Intune Device with TPM 2.0 Steps: 1. Device connected to internet 2. Register device with Windows Autopilot 3. Assign Intune Autopilot Profile configured for self-deploying mode 4. Boot device
  • 39.
    VDI clients Digital signage Singleapp kiosk Multi app kiosk Shared PC How would you use Autopilot to deploy…
  • 40.
    Design notes Technicians usuallyset up these types of devices No defined user to auth or set up the device May not have peripherals (keyboards, mice, etc.) Typically involve “walk up and use” scenarios
  • 41.
  • 43.
  • 44.
    Windows Autopilot //Windows Autopilot for existing devices Prerequisites: Windows 10 version 1809 Azure Active Directory Premium Microsoft Intune System Center Configuration Manager OneDrive for Business Steps: 1. Create task sequence to deploy generic Windows 10 image with needed drivers (wipe-and-load) 2. Migrate data to OneDrive for Business (in advance) 3. Deploy task sequence to existing Windows 7 devices, installing Windows 10 and proceeding through Windows Autopilot user-driven process to join device to Azure AD
  • 45.
  • 46.
  • 47.
    Design notes Upgrading theOS is just part of the problem Need to migrate user data from Win7 to Win10 Unable to harvest hardware hashes in Win7
  • 48.
  • 50.
  • 51.
    AVAILABLE in 1903AVAILABLEin 1903AVAILABLE in 1903 Windows Autopilot // New in Windows 10 1903! Windows Autopilot “White Glove” Windows 10 1903 and above White glove partners or IT staff can pre-provision Windows 10 PC to be fully configured and business- ready for an org or user ESP enhancements Windows 10 1903 and above ESP tracks Intune Management Extensions, SCCM and Office installs IT admin can choose what apps block during ESP through Intune Cortana voiceover disabled in OOBE Windows 10 1903 and above Cortana voiceover disabled by default for Pro and above SKUs AVAILABLE in 1903 Self-updating Autopilot Windows 10 1903 and above Enable new Windows Autopilot functionality without updating Windows.
  • 52.
  • 54.
    Continue in English? English Next Wouldyou like to continue in English?  Next Let’s take an alternate path though by pressing a key combination
  • 58.
    Now we cango look for any updates…  Alright, you’re connected. Now we can go look for any updates…
  • 59.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device preparation Show details Joined to Hybrid/Azure AD and enrolled into Intune
  • 60.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
  • 61.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
  • 62.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
  • 63.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device setup Device preparation Show details Show details Device-targeted apps and settings are processed
  • 64.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device setup Account setup Device preparation Show details Show details Show details {optionally} user- targeted apps can be processed
  • 65.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device setup Account setup Device preparation Show details Show details Show details
  • 66.
    Setting up yourdevice for work This could take a while and your device may need to reboot. Device setup Account setup Device preparation Show details Show details Show details
  • 68.
    Now the device(with all apps, updates, and policies applied) can be shipped to the user…

Editor's Notes

  • #6 5
  • #9 3:00
  • #12 2:00
  • #13 12
  • #14 13
  • #15 14
  • #18 17
  • #19 18
  • #35 4:00
  • #46 1:13
  • #56 4:00
  • #63 Woodgrove will use a wired connection for the best performance, so no wireless connection details are needed.
  • #64 The device is joined to Azure Active Directory on behalf of Juliet, the user who will receive this device. It will also be enrolled in Intune on behalf of Anna, so that user-targeted apps and policies can be targeted as expected.
  • #65 Apps and policies targeting the machine are processed. Depending on the number of Wn32 apps, this might take a while…
  • #68 IWs and Admins prefer to know details about what’s happening as opposed to simplified spinner experience (User research). This can take a few minutes to an hour. Hero moment where we instill trust by being transparent with user and affirm the device will be set up for their work environment
  • #69 Now user-targeted apps and policies can be applied.