deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-22 10:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 5234: 1/10 AM Publish

Browse Source
This commit is contained in:
Alma Jenks 2018-01-10 18:30:55 +00:00
commit 14b7e444ff
13 changed files with 597 additions and 445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.openpublishing.redirection.json
View File

@ -6,8 +6,8 @@
"redirect_document_id": true
},
{
"source_path": "windows/devices/surface/surface-device-compatibility-with-windows-10-ltsb.md",
"redirect_url": "/windows/devices/surface/surface-device-compatibility-with-windows-10-ltsc",
"source_path": "devices/surface/surface-device-compatibility-with-windows-10-ltsb.md",
"redirect_url": "/devices/surface/surface-device-compatibility-with-windows-10-ltsc",
"redirect_document_id": true
},
{

10
devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.date: 10/19/2017
ms.date: 01/10/2018
ms.localizationpriority: medium
---
@ -30,6 +30,14 @@ PowerShell scripts to help set up and manage your Microsoft Surface Hub.
- [Accepting external meeting requests](#accept-ext-meetings-cmdlet)
## Prerequisites
To successfully execute these PowerShell scripts, you will need to install the following prerequisites:
- [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950)
- [Microsoft Azure Active Directory Module for Windows PowerShell (64-bit version)](http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185)
- [Windows PowerShell Module for Skype for Business Online](https://www.microsoft.com/download/details.aspx?id=39366)
## <a href="" id="scripts-for-admins"></a>PowerShell scripts for Surface Hub administrators

8
devices/surface-hub/change-history-surface-hub.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
ms.date: 11/15/2017
ms.date: 01/10/2018
ms.localizationpriority: medium
---
@ -16,6 +16,12 @@ ms.localizationpriority: medium
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
## January 2018
New or changed topic | Description
--- | ---
[PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | Added prerequisites for running the scripts
## November 2017
New or changed topic | Description

6
store-for-business/release-history-microsoft-store-business-education.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.date: 11/30/2017
ms.date: 1/8/2018
---
# Microsoft Store for Business and Education release history
@ -15,6 +15,10 @@ Microsoft Store for Business and Education regularly releases new and improved f
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
## November 2017
- **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
## October 2017
- Bug fixes and permformance improvements.

14
store-for-business/whats-new-microsoft-store-business-education.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.date: 11/30/2017
ms.date: 1/8/2018
---
# What's new in Microsoft Store for Business and Education
@ -15,11 +15,9 @@ Microsoft Store for Business and Education regularly releases new and improved f
## Latest updates for Store for Business and Education
**November 2017**
**December 2017**
| | |
|-----------------------|---------------------------------|
| ![Microsoft Store for Business Edcucation, Export users link.](images/msfb-wn-1711-export-user.png) |**Export list of Minecraft: Education Edition users**<br /><br />Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.<br /><br />**Applies to**:<br /> Microsoft Store for Education |
Weve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
<!---
Weve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
@ -32,8 +30,12 @@ Weve been working on bug fixes and performance improvements to provide you a
## Previous releases and updates
[November 2017](release-history-microsoft-store-business-education.md#november-2017)
- Export list of Minecraft: Education Edition users
- Bug fixes and performance improvements
[October 2017](release-history-microsoft-store-business-education.md#october-2017)
- Bug fixes and permformance improvements.
- Bug fixes and permformance improvements
[September 2017](release-history-microsoft-store-business-education.md#september-2017)
- Manage Windows device deployment with Windows AutoPilot Deployment

6
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -2755,12 +2755,18 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-system.md#system-bootstartdriverinitialization" id="system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disableenterpriseauthproxy" id="system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disableonedrivefilesync" id="system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-disablesystemrestore" id="system-disablesystemrestore">System/DisableSystemRestore</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-feedbackhubalwayssavediagnosticslocally" id="system-feedbackhubalwayssavediagnosticslocally">System/FeedbackHubAlwaysSaveDiagnosticsLocally</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics" id="system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
</dd>

104
windows/client-management/mdm/policy-csp-system.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 12/14/2017
ms.date: 12/19/2017
---
# Policy CSP - System
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -46,12 +48,18 @@ ms.date: 12/14/2017
<dd>
<a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
<dd>
<a href="#system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
</dd>
<dd>
<a href="#system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
</dd>
<dd>
<a href="#system-disablesystemrestore">System/DisableSystemRestore</a>
</dd>
<dd>
<a href="#system-feedbackhubalwayssavediagnosticslocally">System/FeedbackHubAlwaysSaveDiagnosticsLocally</a>
</dd>
<dd>
<a href="#system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
</dd>
@ -603,6 +611,50 @@ ADMX Info:
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-disableenterpriseauthproxy"></a>**System/DisableEnterpriseAuthProxy**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**
<!--StartSKU-->
@ -731,6 +783,56 @@ ADMX Info:
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-feedbackhubalwayssavediagnosticslocally"></a>**System/FeedbackHubAlwaysSaveDiagnosticsLocally**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
<!--EndDescription-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - False. The Feedback Hub will not always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so.
- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
<!--StartSKU-->

1
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
New or changed topic | Description
--- | ---
[ConnectivityProfiles](wcd/wcd-connectivityprofiles.md) | Added settings for VPN **Native** and **Third Party** profile types.
[Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) | Clarified that the TopMFUApps elements in layoutmodification.xml are not supported in Windows 10, version 1709.
## November 2017

26
windows/configuration/wcd/wcd-connectivityprofiles.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 09/06/2017
ms.date: 01/10/2018
---
# ConnectivityProfiles (Windows Configuration Designer reference)
@ -114,15 +114,33 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
| Setting | Description |
| --- | --- |
| **ProfileType** | Choose between **Native** and **Third Party** |
| RememberCredentials | Select whether credentials should be cached |
| AlwaysOn | Set to **True** to automatically connect the VPN at sign-in |
| LockDown | When set to **True**:</br>- Profile automatically becomes an "always on" profile</br>- VPN cannot be disconnected</br>-If the profile is not connected, the user has no network connectivity</br>- No other profiles can be connected or modified |
| ByPassForLocal | When set to **True**, requests to local resources on the same Wi-Fi neetwork as the VPN client can bypass VPN |
| DnsSuffix | Enter one or more comma-separated DNS suffixes. The first suffix listed is usedas the primary connection-specific DNS suffix for the VPN interface. The list is added to the SuffixSearchList. |
| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
| LockDown | When set to **True**:</br>- Profile automatically becomes an "always on" profile</br>- VPN cannot be disconnected</br>-If the profile is not connected, the user has no network connectivity</br>- No other profiles can be connected or modified |
| Proxy | Configure to **Automatic** or **Manual** |
| ProxyAutoConfigUrl | When **Proxy** is set to **Automatic**, enter the URL to automatically retrieve the proxy settings |
| ProxyServer | When **Proxy** is set to **Manual**, enter the proxy server address as a fully qualified hostname or enter `IP address:Port` |
| RememberCredentials | Select whether credentials should be cached |
| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
When **ProfileType** is set to **Native**, the following additional settings are available.
Setting | Description
--- | ---
AuthenticationUserMethod | When you set **NativeProtocolType** to **IKEv2**, choose between **EAP** and **MSChapv2**.
EAPConfiguration | When you set **AuthenticationUserMethod** to **EAP**, enter the HTML-encoded XML to configure EAP. For more information, see [EAP configuration](https://docs.microsoft.com/windows/client-management/mdm/eap-configuration).
NativeProtocolType | Choose between **PPTP**, **L2TP**, **IKEv2**, and **Automatic**.
RoutingPolicyType | Choose between **SplitTunnel**, in which traffic can go over any interface as determined by the networking stack, and **ForceTunnel**, in which all IP traffic must go over the VPN interface.
Server | Enter the public or routable IP address or DNS name for the VPN gateway. It can point to the exteranl IP of a gateway or a virtual IP for a server farm.
When **ProfileType** is set to **Third Party**, the following additional settings are available.
Setting | Description
--- |---
PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations as well as defaults.
PluginProfilePackageFamilyName | Choose between **Pulse Secure VPN**, **F5 VPN Client**, and **SonicWALL Mobile Connect**.
PluginProfileServerUrlList | Enter a comma-separated list of servers in URL, hostname, or IP format.
## WiFiSense

165
windows/deployment/windows-10-deployment-scenarios.md
View File

@ -16,62 +16,54 @@ author: greg-lindsay
**Applies to**
- Windows 10
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task.
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
The following tables summarize different Windows 10 deployment options and requirements.
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
- Modern deployment methods are recommended unless you have a specific need to use a different procedure.
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
- Traditional deployment methods use tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.<br>&nbsp;
| Scenario | Description | More information |
| :---: | :---: | :---: |
| [Windows AutoPilot](#windows-autopilot) | Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured. |[Overview of Windows AutoPilot](https://docs.microsoft.com/en-us/windows/deployment/windows-10-autopilot) |
| [In-place upgrade](#in-place-upgrade) | Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old. |[Perform an in-place upgrade to Windows 10 with MDT](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit)<br>[Perform an in-place upgrade to Windows 10 using Configuration Manager](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager) |
| [Subscription Activation](#windows-10-subscription-activation) | Switch from Windows 10 Pro to Enterprise when a subscribed user signs in. |[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) |
| [AAD / MDM](#dynamic-provisioning) | The device is automatically joined to AAD and configured by MDM. |[Azure Active Directory integration with MDM](https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm) |
| [Provisioning packages](#dynamic-provisioning) | Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices. |[Configure devices without MDM](https://docs.microsoft.com/windows/configuration/configure-devices-without-mdm) |
| [Bare metal](#new-computer) | Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt)<br>[Install a new version of Windows on a new computer with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/install-new-windows-version-new-computer-bare-metal) |
| [Refresh](#computer-refresh) | Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. |[Refresh a Windows 7 computer with Windows 10](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10)<br>[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager) |
| [Replace](#computer-replace) | Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device. |[Replace a Windows 7 computer with a Windows 10 computer](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer)<br>[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager) |
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
OS requirements:
<br>&nbsp;
[Analyze log files](#analyze-log-files) in order to determine the files or registry entires that are blocking data migration.
<table border="1" align='left'>
<tr style="text-align:center;">
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Category</b>
</td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Scenario</b>
</td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Windows 10 1703 or later</b>
</td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'>
<b>Windows 7 up to Windows 10 1607</b>
</td>
</tr>
<tr>
<td align="center" valign="middle" style="width:16%; border:1;" rowspan="2">
Modern
This error can be due to a problem with user profiles. It can occur due to corrupt registry entries under **HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList** or invalid files in the **\\Users** directory.
Note: If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory.
To repair this error, ensure that deleted accounts are not still present in the Windows registry and that files under the \\Users directory are valid. Delete the invalid files or user profiles that are causing this error. The specific files and profiles that are causing the error will be recorded in the Windows setup log files.
</table>
<table border="1">
<tr><td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Category</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Scenario</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Description</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>More information</b></td></tr>
<tr><td align='center' valign='middle' style='width:16%; border:1;' rowspan="2">Modern</td>
<td align="center">
[Windows AutoPilot](#windows-autopilot)</td>
<td align="center" style="width:16%; border:1;">
Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured.
</td>
<td align="center" style="width:16%; border:1;">
Windows AutoPilot
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
</td>
<td align="center" style="width:16%; border:1;">
X
<a href="https://docs.microsoft.com/en-us/windows/deployment/windows-10-autopilot">Overview of Windows AutoPilot</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
In-place upgrade
[In-place upgrade](#in-place-upgrade)
</td>
<td align="center" style="width:16%; border:1;">
Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit">Perform an in-place upgrade to Windows 10 with MDT</a><br><a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager">Perform an in-place upgrade to Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
@ -79,91 +71,99 @@ OS requirements:
Dynamic
</td>
<td align="center" style="width:16%; border:1;">
Subscription Activation
[Subscription Activation](#windows-10-subscription-activation)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.
</td>
<td align="center" style="width:16%; border:1;">
X
<a href="https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation">Windows 10 Subscription Activation</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
AAD / MDM
[AAD / MDM](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
The device is automatically joined to AAD and configured by MDM.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm">Azure Active Directory integration with MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
Provisioning packages
[Provisioning packages](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/configuration/configure-devices-without-mdm">Configure devices without MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;" rowspan="3">
Traditional
</td>
<td align="center" style="width:16%; border:1;">
Bare metal
<td align="center" style="width:16%; border:1;">
[Bare metal](#new-computer)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Deploy a new device, or wipe an existing device and deploy with a fresh image.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/sccm/osd/deploy-use/install-new-windows-version-new-computer-bare-metal">Install a new version of Windows on a new computer with System Center Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
Refresh
[Refresh](#computer-refresh)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
Replace
[Replace](#computer-replace)
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
</td>
<td align="center" style="width:16%; border:1;">
<b></b>
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
</table>
<br>&nbsp;
>[!NOTE]
>There is no pre-existing OS in the Windows AutoPilot or bare metal scenarios, so apps and settings are not migrated. In all other scenarios the existing apps and user settings are typically migrated to the new operating system.
## Windows AutoPilot
>[!IMPORTANT]
>The Windows AutoPilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.<br>
>Except for clean install scenarios such as traditional bare metal and Windows AutoPilot, all the methods described can optionally migrate apps and settings to the new OS.
## Modern deployment methods
Modern deployment methods embrace both traditional on-prem and cloud services to deliver a simple, streamlined, cost effective deployment experience.
### Windows AutoPilot
Windows AutoPilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows AutoPilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device after just a few clicks. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
For more information about Windows AutoPilot, see [Overview of Windows AutoPilot](https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) and [Modernizing Windows deployment with Windows AutoPilot](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/).
## Windows 10 Subscription Activation
Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation).
## In-place upgrade
### In-place upgrade
For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
@ -188,26 +188,27 @@ There are some situations where you cannot use in-place upgrade; in these situat
- Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS.
- Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken.
## Dynamic provisioning
For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image, because this was often faster and easier than leveraging the preinstalled version. But this is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it is now possible to avoid this.
The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
- Changing the Windows edition with a single reboot. For organizations that have Software Assurance for Windows, it is easy to change a device from Windows 10 Pro to Windows 10 Enterprise, just by specifying an appropriate product or setup key. When the device restarts, all of the Windows 10 Enterprise features will be enabled.
### Windows 10 Subscription Activation<A ID="windows-10-subscription-activation"></A>
- Configuring the device with VPN and Wi-Fi connections that may be needed to gain access to organization resources.
- Installation of additional apps needed for organization functions.
- Configuration of common Windows settings to ensure compliance with organization policies.
- Enrollment of the device in a mobile device management (MDM) solution, such as Microsoft Intune.
Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation).
There are two primary dynamic provisioning scenarios:
- **Azure Active Directory (Azure AD) Join with automatic mobile device management (MDM) enrollment.** In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed.
### Azure Active Directory (AAD) join with automatic mobile device management (MDM) enrollment
- **Provisioning package configuration.** Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Azure Active Directory integration with MDM](https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
Either way, these scenarios can be used to enable “choose your own device” (CYOD) programs where the organizations users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
### Provisioning package configuration
Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
These scenarios can be used to enable “choose your own device” (CYOD) programs where the organizations users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
While the initial Windows 10 release includes a variety of provisioning settings and deployment mechanisms, these will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for additional features through the Windows Feedback app or through their Microsoft Support contacts.
@ -226,6 +227,7 @@ The traditional deployment scenario can be divided into different sub-scenarios.
- **Computer replace.** A replacement of the old machine with a new machine (with user-state migration and an optional full WIM image backup).
### New computer
This scenario occurs when you have a blank machine you need to deploy, or an existing machine you want to wipe and redeploy without needing to preserve any existing data. The setup starts from a boot media, using CD, USB, ISO, or Pre-Boot Execution Environment (PXE). You can also generate a full offline media that includes all the files needed for a client deployment, allowing you to deploy without having to connect to a central deployment share. The target can be a physical computer, a virtual machine, or a Virtual Hard Disk (VHD) running on a physical computer (boot from VHD).
The deployment process for the new machine scenario is as follows:
@ -241,6 +243,7 @@ The deployment process for the new machine scenario is as follows:
After taking these steps, the computer is ready for use.
### Computer refresh
A refresh is sometimes called wipe-and-load. The process is normally initiated in the running operating system. User data and settings are backed up and restored later as part of the deployment process. The target can be the same as for the new computer scenario.
The deployment process for the wipe-and-load scenario is as follows:
@ -260,6 +263,7 @@ The deployment process for the wipe-and-load scenario is as follows:
After taking these steps, the machine is ready for use.
### Computer replace
A computer replace is similar to the refresh scenario. However, since we are replacing the machine, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
The deployment process for the replace scenario is as follows:
@ -271,6 +275,7 @@ The deployment process for the replace scenario is as follows:
**Note**<br>In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
## Related topics
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Upgrade to Windows 10 with System Center Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)

16
windows/deployment/windows-autopilot/TOC.md
View File

@ -1,8 +1,8 @@
# [Overview of Windows AutoPilot](windows-10-autopilot.md)
## [The Windows AutoPilot Deployment Program in Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
## [The Windows AutoPilot Deployment Program in Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
## [The Windows AutoPilot Deployment Program in Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
## [The Windows AutoPilot Deployment Program in Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
## [Demo the Windows AutoPilot Deployment Program on a Virtual Machine](windows-10-autopilot-demo-vm.md)
# [Overview of Windows AutoPilot](windows-10-autopilot.md)
## [The Windows AutoPilot Deployment Program in Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
## [The Windows AutoPilot Deployment Program in Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
## [The Windows AutoPilot Deployment Program in Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
## [The Windows AutoPilot Deployment Program in Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
## [Demo the Windows AutoPilot Deployment Program on a Virtual Machine](windows-10-autopilot-demo-vm.md)

416
windows/deployment/windows-autopilot/windows-10-autopilot-demo-vm.md
View File

@ -1,209 +1,209 @@
---
title: Demo the Windows AutoPilot Deployment Program on a Virtual Machine
description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows AutoPilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/21/2017
---
# Demo the Windows AutoPilot Deployment Program on a Virtual Machine
**Applies to**
- Windows 10
In this topic you'll learn how to set-up a Windows AutoPilot deployment for a Virtual Machine using Hyper-V.
## Prerequisites
These are the thing you'll need on your device to get started:
* Installation media for the latest version of Windows 10 Professional or Enterprise (ISO file)
* Internet access (see [Network connectivity requirements](windows-10-autopilot.md#network-connectivity-requirements))
* Hypervisor needs to be unoccupied, or used by Hyper-V, as we will be using Hyper-V to create the Virtual Machine
See additional prerequisites in the [Windows AutoPilot overview topic](windows-10-autopilot.md#prerequisites).
## Create your Virtual Machine
### Enable Hyper-V
The first thing to do, is to enable the Hyper-V feature on your device.
>[!IMPORTANT]
>If you already have Hyper-V enabled, skip this step.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
```
You will be prompted to restart your device, so save all your work and restart it before you continue.
### Create and start your demo Virtual Machine
Now that Hyper-V is enabled, proceed to create your Virtual Machine.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
New-VMSwitch -Name AutoPilotExternal -NetAdapterName <Name of Network Adapter with internet access> -AllowManagementOS $true
New-VM -Name WindowsAutoPilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutoPilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutoPilotExternal
Add-VMDvdDrive -Path <Path to Windows 10 ISO> -VMName WindowsAutoPilot
Start-VM -VMName WindowsAutoPilot
```
>[!IMPORTANT]
>Make sure to replace <*Name of Network Adapter with internet access*> and <*Path to Windows 10 ISO*> with the appropriate values.
>Additionally, note that all Virtual Machine related data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the above.
### Install Windows 10
Now that the Virtual Machine was created and started, open **Hyper-V Manager** and connect to the **WindowsAutoPilot** Virtual Machine.
Make sure the Virtual Machine booted from the installation media you've provided and complete the Windows installation process.
Once the installation is complete, create a checkpoint. You will create multiple checkpoints throughout this process, which you can later use to go through the process again.
To create the checkpoint, open a PowerShell prompt **as an administrator** and run the following:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "Finished Windows install"
```
## Capture your Virtual Machine's hardware ID
On the newly created Virtual Machine, open a PowerShell prompt **as an administrator** and run the following:
```powershell
md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
```
>[!NOTE]
>Accept all prompts while running the above cmdlets.
### Mount the Virtual Hard Drive (VHD)
To gain access to the AutoPilotHWID.csv that contains the hardware ID, stop the Virtual Machine to unlock the Virtual Hard Drive.
To do that, on your device (**not** on the Virtual Machine), open a PowerShell prompt **as an administrator** and run the following:
```powershell
Stop-VM -VMName WindowsAutoPilot
```
Once the Virtual Machine has stopped, create a checkpoint:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "HWID captured"
```
With the checkpoint created, continue to mount the VHD:
```powershell
Mount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
```
Once mounted, navigate to the new drive and copy **AutoPilotHWID.csv** to a location on your device.
Before you proceed, unmount the VHD to unlock it and start the Virtual Machine:
```powershell
Dismount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
Start-VM -VMName WindowsAutoPilot
```
## Reset Virtual Machine back to Out-Of-Box-Experience (OOBE)
With the hardware ID captured, prepare your Virtual Machine for Windows AutoPilot deployment by resetting it back to OOBE.
On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**.
Select **Remove everything** and **Just remove my files**. Finally, click on **Reset**.
![Reset this PC final prompt](images/autopilot-reset-prompt.jpg)
Resetting your Virtual Machine can take a while. Proceed to the next steps while your Virtual Machine is resetting.
![Reset this PC screen capture](images/autopilot-reset-progress.jpg)
## Configure company branding
>[!IMPORTANT]
>If you already have company branding configured in Azure Active Directory, you can skip this step.
Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding).
>[!IMPORTANT]
>Make sure to sign-in with a Global Administrator account.
Click on **Configure** and configure any type of company branding you'd like to see during the OOBE.
![Configure button in Company branding](images/autopilot-aad-configure.jpg)
Once finished, click **Save**.
>[!NOTE]
>Changes to company branding can take up to 30 minutes to apply.
## Configure Microsoft Intune auto-enrollment
>[!IMPORTANT]
>If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
Navigate to [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**.
For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**.
![MDM user scope in the Mobility blade](images/autopilot-aad-mdm.jpg)
## Register your Virtual Machine to your organization
Navigate to [Microsoft Store for Business device management](https://businessstore.microsoft.com/en-us/manage/devices). Click on **Add devices** and select the **AutoPilotHWID.csv** you've saved earlier. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your Virtual Machine added.
![Add devices through Microsoft Store for Business](images/autopilot-devices-add.jpg)
## Create and assign a Windows AutoPilot deployment profile
Navigate to [Windows enrollment in Microsoft Intune](https://portal.azure.com/#blade/Microsoft_Intune_Enrollment/OverviewBlade/windowsEnrollment).
Make sure to sync the device you've just registered, by clicking on **Devices** under **Windows Autopilot Deployment Program (Preview)** and selecting **Sync**. Wait a few moments before refreshing to see your Virtual Machine added.
![Microsoft Intune sync Windows devices](images/autopilot-intune-sync.jpg)
### Create a Windows AutoPilot deployment profile
Click on **Deployment profiles** under **Windows Autopilot Deployment Program (Preview)** and select **Create profile**.
![Microsoft Intune create deployment profile](images/autopilot-intune-profile-add.jpg)
In the **Create profile** blade, set the name to **AutoPilot Intune Demo**, click on **Out-of-box experience (OOBE)** and configure the following:
| Setting name | Value |
|---|---|
|Privacy Settings|Hide|
|End user license agreement (EULA)|Hide|
|User account type|Standard|
Click on **Save** and **Create**.
![Create a new deployment profile in Microsoft Intune](images/autopilot-intune-profile-configure.jpg)
### Assign a Windows AutoPilot deployment profile
With the deployment profile created, go back to **Devices** under **Windows Autopilot Deployment Program (Preview)** and select your Virtual Machine. Click on **Assign profile** and in the **Assign Profile** blade select **AutoPilot Intune Demo** under the **AutoPilot profile**. Click on **Assign**.
![Assign AutoPilot Profile in Microsoft Intune](images/autopilot-intune-profile-assign.jpg)
Wait a few minutes for all changes to apply.
## See Windows AutoPilot in action
By now, your Virtual Machine should be back to OOBE. Make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding)
, otherwise those changes might not show up.
Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
![OOBE sign-in page](images/autopilot-oobe.jpg)
Windows AutoPilot will now take over to automatically join your Virtual Machine into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings.
---
title: Demo the Windows AutoPilot Deployment Program on a Virtual Machine
description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows AutoPilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/21/2017
---
# Demo the Windows AutoPilot Deployment Program on a Virtual Machine
**Applies to**
- Windows 10
In this topic you'll learn how to set-up a Windows AutoPilot deployment for a Virtual Machine using Hyper-V.
## Prerequisites
These are the thing you'll need on your device to get started:
* Installation media for the latest version of Windows 10 Professional or Enterprise (ISO file)
* Internet access (see [Network connectivity requirements](windows-10-autopilot.md#network-connectivity-requirements))
* Hypervisor needs to be unoccupied, or used by Hyper-V, as we will be using Hyper-V to create the Virtual Machine
See additional prerequisites in the [Windows AutoPilot overview topic](windows-10-autopilot.md#prerequisites).
## Create your Virtual Machine
### Enable Hyper-V
The first thing to do, is to enable the Hyper-V feature on your device.
>[!IMPORTANT]
>If you already have Hyper-V enabled, skip this step.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
```
You will be prompted to restart your device, so save all your work and restart it before you continue.
### Create and start your demo Virtual Machine
Now that Hyper-V is enabled, proceed to create your Virtual Machine.
Open a PowerShell prompt **as an administrator** and run the following:
```powershell
New-VMSwitch -Name AutoPilotExternal -NetAdapterName <Name of Network Adapter with internet access> -AllowManagementOS $true
New-VM -Name WindowsAutoPilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutoPilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutoPilotExternal
Add-VMDvdDrive -Path <Path to Windows 10 ISO> -VMName WindowsAutoPilot
Start-VM -VMName WindowsAutoPilot
```
>[!IMPORTANT]
>Make sure to replace <*Name of Network Adapter with internet access*> and <*Path to Windows 10 ISO*> with the appropriate values.
>Additionally, note that all Virtual Machine related data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the above.
### Install Windows 10
Now that the Virtual Machine was created and started, open **Hyper-V Manager** and connect to the **WindowsAutoPilot** Virtual Machine.
Make sure the Virtual Machine booted from the installation media you've provided and complete the Windows installation process.
Once the installation is complete, create a checkpoint. You will create multiple checkpoints throughout this process, which you can later use to go through the process again.
To create the checkpoint, open a PowerShell prompt **as an administrator** and run the following:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "Finished Windows install"
```
## Capture your Virtual Machine's hardware ID
On the newly created Virtual Machine, open a PowerShell prompt **as an administrator** and run the following:
```powershell
md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
```
>[!NOTE]
>Accept all prompts while running the above cmdlets.
### Mount the Virtual Hard Drive (VHD)
To gain access to the AutoPilotHWID.csv that contains the hardware ID, stop the Virtual Machine to unlock the Virtual Hard Drive.
To do that, on your device (**not** on the Virtual Machine), open a PowerShell prompt **as an administrator** and run the following:
```powershell
Stop-VM -VMName WindowsAutoPilot
```
Once the Virtual Machine has stopped, create a checkpoint:
```powershell
Checkpoint-VM -Name WindowsAutoPilot -SnapshotName "HWID captured"
```
With the checkpoint created, continue to mount the VHD:
```powershell
Mount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
```
Once mounted, navigate to the new drive and copy **AutoPilotHWID.csv** to a location on your device.
Before you proceed, unmount the VHD to unlock it and start the Virtual Machine:
```powershell
Dismount-VHD -path (Get-VMHardDiskDrive -VMName WindowsAutoPilot).Path
Start-VM -VMName WindowsAutoPilot
```
## Reset Virtual Machine back to Out-Of-Box-Experience (OOBE)
With the hardware ID captured, prepare your Virtual Machine for Windows AutoPilot deployment by resetting it back to OOBE.
On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**.
Select **Remove everything** and **Just remove my files**. Finally, click on **Reset**.
![Reset this PC final prompt](images/autopilot-reset-prompt.jpg)
Resetting your Virtual Machine can take a while. Proceed to the next steps while your Virtual Machine is resetting.
![Reset this PC screen capture](images/autopilot-reset-progress.jpg)
## Configure company branding
>[!IMPORTANT]
>If you already have company branding configured in Azure Active Directory, you can skip this step.
Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding).
>[!IMPORTANT]
>Make sure to sign-in with a Global Administrator account.
Click on **Configure** and configure any type of company branding you'd like to see during the OOBE.
![Configure button in Company branding](images/autopilot-aad-configure.jpg)
Once finished, click **Save**.
>[!NOTE]
>Changes to company branding can take up to 30 minutes to apply.
## Configure Microsoft Intune auto-enrollment
>[!IMPORTANT]
>If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
Navigate to [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**.
For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**.
![MDM user scope in the Mobility blade](images/autopilot-aad-mdm.jpg)
## Register your Virtual Machine to your organization
Navigate to [Microsoft Store for Business device management](https://businessstore.microsoft.com/en-us/manage/devices). Click on **Add devices** and select the **AutoPilotHWID.csv** you've saved earlier. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your Virtual Machine added.
![Add devices through Microsoft Store for Business](images/autopilot-devices-add.jpg)
## Create and assign a Windows AutoPilot deployment profile
Navigate to [Windows enrollment in Microsoft Intune](https://portal.azure.com/#blade/Microsoft_Intune_Enrollment/OverviewBlade/windowsEnrollment).
Make sure to sync the device you've just registered, by clicking on **Devices** under **Windows Autopilot Deployment Program (Preview)** and selecting **Sync**. Wait a few moments before refreshing to see your Virtual Machine added.
![Microsoft Intune sync Windows devices](images/autopilot-intune-sync.jpg)
### Create a Windows AutoPilot deployment profile
Click on **Deployment profiles** under **Windows Autopilot Deployment Program (Preview)** and select **Create profile**.
![Microsoft Intune create deployment profile](images/autopilot-intune-profile-add.jpg)
In the **Create profile** blade, set the name to **AutoPilot Intune Demo**, click on **Out-of-box experience (OOBE)** and configure the following:
| Setting name | Value |
|---|---|
|Privacy Settings|Hide|
|End user license agreement (EULA)|Hide|
|User account type|Standard|
Click on **Save** and **Create**.
![Create a new deployment profile in Microsoft Intune](images/autopilot-intune-profile-configure.jpg)
### Assign a Windows AutoPilot deployment profile
With the deployment profile created, go back to **Devices** under **Windows Autopilot Deployment Program (Preview)** and select your Virtual Machine. Click on **Assign profile** and in the **Assign Profile** blade select **AutoPilot Intune Demo** under the **AutoPilot profile**. Click on **Assign**.
![Assign AutoPilot Profile in Microsoft Intune](images/autopilot-intune-profile-assign.jpg)
Wait a few minutes for all changes to apply.
## See Windows AutoPilot in action
By now, your Virtual Machine should be back to OOBE. Make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding)
, otherwise those changes might not show up.
Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
![OOBE sign-in page](images/autopilot-oobe.jpg)
Windows AutoPilot will now take over to automatically join your Virtual Machine into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings.
Missing something in this topic? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-autopilot-demo-vm.md).

266
windows/deployment/windows-autopilot/windows-10-autopilot.md
View File

@ -1,133 +1,133 @@
---
title: Overview of Windows AutoPilot
description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/13/2017
---
# Overview of Windows AutoPilot
**Applies to**
- Windows 10
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
## Windows AutoPilot Scenarios
### Cloud-Driven
The Cloud-Driven scenario enables you to pre-register devices through the Windows AutoPilot Deployment Program. Your devices will be fully configured with no additional intervention required on the users' side.
#### The Windows AutoPilot Deployment Program experience
The Windows AutoPilot Deployment Program enables you to:
* Automatically join devices to Azure Active Directory (Azure AD)
* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
* Restrict the Administrator account creation
* Create and auto-assign devices to configuration groups based on a device's profile
* Customize OOBE content specific to the organization
##### Prerequisites
* [Devices must be registered to the organization](#device-registration-and-oobe-customization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
* [Network connectivity to cloud services used by Windows AutoPilot](#network-connectivity-requirements)
* Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
* Devices must have access to the internet
* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
* [Users must be allowed to join devices into Azure AD](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal)
* Microsoft Intune or other MDM services to manage your devices
The end-user unboxes and turns on a new device. What follows are a few simple configuration steps:
* Select a language and keyboard layout
* Connect to the network
* Provide email address (the email address of the user's Azure AD account) and password
Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
</br>
<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/4K4hC5NchbE" frameborder="0" allowfullscreen></iframe>
#### Device registration and OOBE customization
In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
Once devices are registered, these are the OOBE customization options available for Windows 10, starting with version 1703:
* Skipping Work or Home usage selection (*Automatic*)
* Skipping OEM registration, OneDrive and Cortana (*Automatic*)
* Skipping privacy settings
* Skipping EULA (*staring with Windows 10, version 1709*)
* Preventing the account used to set-up the device from getting local administrator permissions
For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options:
* [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
* [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
* [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
* [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
##### Configure company branding for OOBE
In order for your company branding to appear during the OOBE, you'll need to configure it in Azure Active Directory first.
See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory), to configure these settings.
##### Configure MDM auto-enrollment in Microsoft Intune
In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Microsoft Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
>[!NOTE]
>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
#### Network connectivity requirements
The Windows AutoPilot Deployment Program uses a number of cloud services to get your devices to a productive state. This means those services need to be accessible from devices registered as Windows Autopilot devices.
To manage devices behind firewalls and proxy servers, the following URLs need to be accessible:
* https://go.microsoft.com
* https://login.microsoftonline.com
* https://login.live.com
* https://account.live.com
* https://signup.live.com
* https://licensing.mp.microsoft.com
* https://licensing.md.mp.microsoft.com
* ctldl.windowsupdate.com
* download.windowsupdate.com
>[!NOTE]
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/en-us/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven
If you are planning to configure devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
### Teacher-Driven
If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-auto-pilot.md).
---
title: Overview of Windows AutoPilot
description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/13/2017
---
# Overview of Windows AutoPilot
**Applies to**
- Windows 10
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
## Windows AutoPilot Scenarios
### Cloud-Driven
The Cloud-Driven scenario enables you to pre-register devices through the Windows AutoPilot Deployment Program. Your devices will be fully configured with no additional intervention required on the users' side.
#### The Windows AutoPilot Deployment Program experience
The Windows AutoPilot Deployment Program enables you to:
* Automatically join devices to Azure Active Directory (Azure AD)
* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
* Restrict the Administrator account creation
* Create and auto-assign devices to configuration groups based on a device's profile
* Customize OOBE content specific to the organization
##### Prerequisites
* [Devices must be registered to the organization](#device-registration-and-oobe-customization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
* [Network connectivity to cloud services used by Windows AutoPilot](#network-connectivity-requirements)
* Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
* Devices must have access to the internet
* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
* [Users must be allowed to join devices into Azure AD](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal)
* Microsoft Intune or other MDM services to manage your devices
The end-user unboxes and turns on a new device. What follows are a few simple configuration steps:
* Select a language and keyboard layout
* Connect to the network
* Provide email address (the email address of the user's Azure AD account) and password
Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
</br>
<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/4K4hC5NchbE" frameborder="0" allowfullscreen></iframe>
#### Device registration and OOBE customization
In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
Once devices are registered, these are the OOBE customization options available for Windows 10, starting with version 1703:
* Skipping Work or Home usage selection (*Automatic*)
* Skipping OEM registration, OneDrive and Cortana (*Automatic*)
* Skipping privacy settings
* Skipping EULA (*staring with Windows 10, version 1709*)
* Preventing the account used to set-up the device from getting local administrator permissions
For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options:
* [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
* [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
* [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
* [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
##### Configure company branding for OOBE
In order for your company branding to appear during the OOBE, you'll need to configure it in Azure Active Directory first.
See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory), to configure these settings.
##### Configure MDM auto-enrollment in Microsoft Intune
In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Microsoft Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
>[!NOTE]
>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
#### Network connectivity requirements
The Windows AutoPilot Deployment Program uses a number of cloud services to get your devices to a productive state. This means those services need to be accessible from devices registered as Windows Autopilot devices.
To manage devices behind firewalls and proxy servers, the following URLs need to be accessible:
* https://go.microsoft.com
* https://login.microsoftonline.com
* https://login.live.com
* https://account.live.com
* https://signup.live.com
* https://licensing.mp.microsoft.com
* https://licensing.md.mp.microsoft.com
* ctldl.windowsupdate.com
* download.windowsupdate.com
>[!NOTE]
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/en-us/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven
If you are planning to configure devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
### Teacher-Driven
If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-auto-pilot.md).