Microsoft has come a long way to modernize the way IT interacts with Windows devices, adopting simpler and easier approaches that leverage cloud-based services and help users to be more productive. Remember the good old Windows NT days with all those complicated installation procedures involving the command line and whatnot? I do! Then came the revolutionary Windows XP, which changed everything with its ease of use and simple user interface. Since then, there’s been no looking back, and Microsoft has always had its eyes set on improving technology. With Windows 10, things have progressed to a whole new level of IT wizardry. Microsoft has already announced its plans to modernize the way IT interacts with Windows devices through a new feature called Windows AutoPilot.
Windows 10 comes as part of Microsoft 365, discover how it will help you grow your business. Take our free certification and become a certified reseller!
In most organizations, whenever a new PC is purchased, it can’t be handed over to employees directly. You would need to configure the device with a custom image of the Windows OS based on the needs of your company. If you need to deploy new devices in your organization, you typically end up creating your own custom Windows image. For that, you need to assemble all the right drivers, apps, policies, and settings and maintain all of these for every device you support.
For every new PC you deploy, you wipe the Windows OS that came preinstalled and replace it with your custom image, or worse—you have to set up a device manually. As the IT owner, you may do this yourself or have your hardware vendor do it for you. Either way, it costs you precious time and money, significantly complicating the process of deploying new devices.
I always wished I could take a new device straight out of the box and configure it for productive use with just a few clicks. And if I’m being really honest, I’ve also wished that any member of my company could easily set up a new device without needing any IT assistance. But that’s a pipe dream, right? Not anymore.
What is Windows AutoPilot?
Windows AutoPilot is a new cloud service. It’s essentially a collection of programs you can use to set up and pre-configure new Windows 10 devices, and it allows IT to customize the Windows 10 out-of-box setup experience without any supervision. This means you no longer have to re-image or manually set up new devices before distributing them to your users. With AutoPilot taking care of the installation process for you, devices can even be shipped from your hardware vendor directly to your employees. Specific Windows settings can be automatically applied, appropriate business apps installed, Office 365 set up, and everything will be ready to go without any headaches.
AutoPilot is intended to make the process of setting up a new PC a breeze. More importantly, it could potentially help accelerate the adoption of Windows 10 in the business world. Anything that makes organizing the deployment of a new OS easier is obviously going to be popular and welcomed.
What are the Benefits of Windows AutoPilot?
From the user’s perspective, it only takes a few simple operations to make their device ready to use.
From the IT technician’s perspective, the only interaction required with an end user is having them connect to a network and verifying their credentials. Everything after that is automated.
Windows AutoPilot allows you to:
- Automatically connect devices to Azure Active Directory (Azure AD)
- Auto-enroll devices in Mobile Device Management (MDM) services, such as Microsoft Intune
- Restrict Administrator account creation
- Assign devices to configuration groups based on a device’s profile
- Customize out-of-box experience (OOBE) content, specific to the organization
- Upgrade devices automatically from Windows 10 Pro to Windows 10 Enterprise, with nothing required from end users—no product keys, system reboots, prompts, etc.
- Intune can push policies, settings, and configurations to the device. This allows you to install Office 365, line-of-business, and other apps without ever having to touch or apply a custom image to the device.
- Intune can configure Windows Update for Business to apply the latest updates
What are Windows AutoPilot Pre-requisites?
The Windows AutoPilot service has certain requirements:
- Devices must be registered with the organization (see the How Does it Work section below for more details)
- Devices must be pre-installed with the Windows 10 Creators Update (version 1703 or later)
- Devices must have internet access. When devices can’t connect, they display the default Windows out-of-box experience screens.
- Azure AD Premium P1 or P2: AutoPilot is heavily dependent on Microsoft’s Azure Active Directory service. Each device needs to be registered with an organization’s Azure AD.
- Microsoft Intune or other MDM services: A subscription to Microsoft Intune or other mobile device management (MDM) service is required to configure your devices. Enrolling the device in an MDM requires Azure Active Directory Premium.
- You also need to use the Microsoft Store for Business or Partner Center admin portal
For users with Azure AD Premium subscriptions, AutoPilot will automatically enroll users under Microsoft Intune management or another MDM solution, although IT pros need to set that up in Azure AD. It’s likely that an integration of the service with vendor MDM software providers will be seen in a future update.
How Does Windows AutoPilot Work?
There are three key entities involved in Windows Autopilot deployment: the hardware vendor, the IT admin, and the user. Each playing an important role. There are three easy steps to get everything working properly.
1) Device Registration
When you acquire new devices for your organization, your hardware vendor sends you a file containing device IDs. You need to upload this device ID file to the Windows AutoPilot deployment service at the Microsoft Store for Business or Partner Central admin portal using your Admin AD account. This allows you to claim ownership of these devices for your organization. In the future, your hardware vendor can automatically perform this step on your behalf.
2) Profile Creation and Assignment
Create your deployment profile, and apply it to your devices in Windows Autopilot deployment. You can customize your user set up experience and configuration by creating a deployment profile through the Partner Center, as demonstrated below.
To create this profile, select the steps and settings you wish to skip. In the Windows 10 out-of-box setup experience, choose whether the user must be restricted to a standard account or allowed to have an admin account on the device.
Once you create a profile, you can assign it to your organization’s devices. You can also mark a profile as default so all devices automatically get assigned this profile.
3) Shipping
You can now get your new Windows 10 devices shipped from your hardware vendor directly to an employee. Your end user simply needs to unbox the device, power it on, and go online. As soon as the device is online, even before the user enters their organization email address, the Windows Autopilot deployment service recognizes that the device belongs to your organization and delivers a customized setup experience based on the profile assigned to the device. Once the user signs in, the device enrolls in MDM and begins automatically pushing policies, settings, and apps to the device. The user is up and running with all the apps and settings they need without IT having to do anything, and all in just a few clicks!
Windows AutoPilot User Experience
Let’s say a new employee of a company receives a new laptop directly from the company’s vendor. The IT team of the company has already configured AutoPilot deployment for this user.
After the user powers up the device, the only things they need to select are a few minor settings, such as their preferred language or keyboard layout.
This is the first screen that the user sees after powering on the device:
Next up, choose your preferred keyboard layout:
Of course, you also need to accept the License Agreement:
Now, you need connect your computer to a network. Any network will do, such as at home, at work or even a public Wi-Fi hotspot. As soon as the device connects to your chosen network, the Windows Autopilot deployment connects to Azure AD to check if this is a known device.
It immediately recognizes that the device belongs to the user’s company and customizes the setup experience, taking the user to the organization’s custom sign-in page.
This page can be personalized with your company’s name and logo. The device knows that the computer belongs to a specific company just by connecting to the network. All of this magic is powered by Windows Autopilot!
All that’s left for the user to do is simply enter the password to log in.
If you ever set up a Windows 10 device prior to the release of Windows AutoPilot, you may notice that several steps are missing, such as:
- choosing between personal device and a work device
- setting up Cortana
- selecting privacy settings
- registering with the original equipment manufacturer
Windows Autopilot deployment takes care of all these decisions on your behalf
Once all the above steps are completed, the device will join Azure Active Directory, automatically enroll in Intune (or another MDM), and connect with the desktop. At this point, Intune can automatically push the apps the user needs, including line of business apps, Office, and others.
Note that the user will have a standard account. Usually, any user who sets up Windows using the out-of-box setup experience always receives an admin account, as they’re the first user of the device. The Windows Autopilot deployment allows you to restrict the user to a standard account, and is in fact the only means of doing so.
At last, the device joins the Azure Active Directory and is enrolled in Intune for management. If the IT admin assigned a Windows enterprise license to the Azure AD user identity, Windows AutoPilot can also automatically upgrade from Windows 10 Pro to Windows 10 Enterprise, if needed. This works just like assigning an Office 365 license—there are no product keys or reboots, and you don’t even need an enterprise activation server on your corporate network.
Windows AutoPilot Additional Capabilities
Microsoft announced its plans to add new capabilities to Windows AutoPilot in the Windows 10 Fall Creators Update, which is set to release this month. These include:
- Self-service deployment for Active Directory domain-joined devices – Windows AutoPilot Deployment will enable self-service deployment capabilities to get new Windows 10 devices into an Active Directory domain-joined state, along with Microsoft Intune enrolment.
- Enhanced personalization for self-service deployment – Windows AutoPilot will offer the ability to pre-assign a new Windows 10 device to a specific user in your organization via cloud configuration. This will deliver a highly-personalized out-of-box experience, even before the user enters their corporate email address.
Windows AutoPilot Reset – A new reset feature in Windows AutoPilot will enable organizations to easily reset a fully configured device to a “business-ready state”. These reset devices will retain both Active Directory domain join, and MDM enrollment states.
Microsoft is rolling out the options to add devices and create an AutoPilot profile in the Microsoft Business Store. You can find these options under Manage >> Devices in the Store for Business app.
The Future of Cloud Technology
Windows AutoPilot is completely powered by the Cloud and hints at a new future of device management that relies on cloud computing. This could prove to be a complete game changer for IT consultants in the near future.
AutoPilot is attractive for many companies that are still operating on-premises and interested in using cloud services. The adoption of AutoPilot will require a mass shift in several new technologies and force companies to choose more cloud-based services. The link between system center configuration manager (SCCM) and Intune will also gain attention. Those who have not yet signed up for Azure Active Directory will likely begin exploring these new options.
There will also be an overlap between running a SCCM on-premises, and Intune in the cloud. This will cause confusion and significantly increase complexity for certain companies that are accustomed to having hardware vendors deliver devices pre-imaged at a cost. AutoPilot could mean that these vendors’ services may no longer be required.
I’m interested in seeing how AutoPilot is received by companies and the IT community. Though it foreshadows the retirement of SCCM as a device management system, AutoPilot is a key step forward as cloud technologies continue to advance.
