mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 22:03:46 +00:00
fix conflict
This commit is contained in:
greg-lindsay
@ -2,7 +2,7 @@
|
||||
title: Demonstrate Autopilot deployment
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment
|
||||
description: In this article, find step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment.
|
||||
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, upgrade
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -13,7 +13,9 @@ author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: autopilot
|
||||
ms.custom:
|
||||
- autopilot
|
||||
- seo-marvel-apr2020
|
||||
---
|
||||
|
||||
|
||||
@ -224,20 +226,20 @@ PS C:\autopilot>
|
||||
|
||||
Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
After the VM restarts, during OOBE, it’s fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This will offer the fastest way to the desktop. For example:
|
||||
After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This will offer the fastest way to the desktop. For example:
|
||||
|
||||
|
||||
|
||||
|
||||
Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. You will create multiple checkpoints throughout this lab, which can be used later to go through the process again.
|
||||
|
||||
|
||||
|
||||
|
||||
To create your first checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following:
|
||||
|
||||
@ -250,7 +252,7 @@ Click on the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see
|
||||
## Capture the hardware ID
|
||||
|
||||
> [!NOTE]
|
||||
> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For purposes of this lab, you are acting as the OEM (capturing the 4K HH), but you’re not going to use the OA3 Tool to capture the full 4K HH for various reasons (you’d have to install the OA3 tool, your device couldn’t have a volume license version of Windows, it’s a more complicated process than using a PS script, etc.). Instead, you’ll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
|
||||
> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For purposes of this lab, you are acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PS script, etc.). Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
|
||||
|
||||
Follow these steps to run the PS script:
|
||||
|
||||
@ -343,11 +345,11 @@ For this lab, you need an AAD Premium subscription. You can tell if you have a
|
||||
|
||||
|
||||
|
||||
If the configuration blade shown above does not appear, it’s likely that you don’t have a **Premium** subscription. Auto-enrollment is a feature only available in AAD Premium.
|
||||
If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription. Auto-enrollment is a feature only available in AAD Premium.
|
||||
|
||||
To convert your Intune trial account to a free Premium trial account, navigate to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
|
||||
|
||||
|
||||
|
||||
|
||||
## Configure company branding
|
||||
|
||||
@ -388,7 +390,7 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
|
||||
> [!NOTE]
|
||||
> If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appeared.
|
||||
|
||||
2. Under **Add Windows Autopilot devices** in the far right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It’s okay if other fields (Windows Product ID) are left blank.
|
||||
2. Under **Add Windows Autopilot devices** in the far right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It's okay if other fields (Windows Product ID) are left blank.
|
||||
|
||||
|
||||
|
||||
@ -421,7 +423,7 @@ Select **Manage** from the top menu, then click the **Windows Autopilot Deployme
|
||||
|
||||
Click the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added.
|
||||
|
||||
|
||||
|
||||
|
||||
## Create and assign a Windows Autopilot deployment profile
|
||||
|
||||
@ -522,15 +524,15 @@ To CREATE the profile:
|
||||
|
||||
Select your device from the **Devices** list:
|
||||
|
||||
|
||||
|
||||
|
||||
On the Autopilot deployment dropdown menu, select **Create new profile**:
|
||||
|
||||
|
||||
|
||||
|
||||
Name the profile, choose your desired settings, and then click **Create**:
|
||||
|
||||
|
||||
|
||||
|
||||
The new profile is added to the Autopilot deployment list.
|
||||
|
||||
@ -538,25 +540,25 @@ To ASSIGN the profile:
|
||||
|
||||
To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab, then select the profile you want to assign from the **Autopilot deployment** dropdown menu as shown:
|
||||
|
||||
|
||||
|
||||
|
||||
Confirm the profile was successfully assigned to the intended device by checking the contents of the **Profile** column:
|
||||
|
||||
|
||||
|
||||
|
||||
> [!IMPORTANT]
|
||||
> The new profile will only be applied if the device has not been started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
|
||||
|
||||
## See Windows Autopilot in action
|
||||
|
||||
If you shut down your VM after the last reset, it’s time to start it back up again, so it can progress through the Autopilot OOBE experience but do not attempt to start your device again until the **PROFILE STATUS** for your device in Intune has changed from **Not assigned** to **Assigning** and finally **Assigned**:
|
||||
If you shut down your VM after the last reset, it's time to start it back up again, so it can progress through the Autopilot OOBE experience but do not attempt to start your device again until the **PROFILE STATUS** for your device in Intune has changed from **Not assigned** to **Assigning** and finally **Assigned**:
|
||||
|
||||
|
||||
|
||||
Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding), otherwise these changes might not show up.
|
||||
|
||||
> [!TIP]
|
||||
> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you’re expecting. If you do not see the Autopilot OOBE experience, then reset the device again (Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Click on Reset).
|
||||
> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you do not see the Autopilot OOBE experience, then reset the device again (Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Click on Reset).
|
||||
|
||||
- Ensure your device has an internet connection.
|
||||
- Turn on the device
|
||||
@ -577,13 +579,13 @@ Windows Autopilot will now take over to automatically join your device into Azur
|
||||
|
||||
## Remove devices from Autopilot
|
||||
|
||||
To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it. Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
|
||||
To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it. Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
|
||||
|
||||
### Delete (deregister) Autopilot device
|
||||
|
||||
You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**. Select the device you want to delete, then click the Delete button along the top menu.
|
||||
|
||||
|
||||
|
||||
|
||||
This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
|
||||
|
||||
@ -604,7 +606,7 @@ If you also (optionally) want to remove your device from AAD, navigate to **Azur
|
||||
|
||||
## Appendix A: Verify support for Hyper-V
|
||||
|
||||
Starting with Windows 8, the host computer’s microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
|
||||
Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
|
||||
|
||||
To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
|
||||
|
||||
@ -648,19 +650,19 @@ EPT * Supports Intel extended page tables (SLAT)
|
||||
|
||||
#### Prepare the app for Intune
|
||||
|
||||
Before we can pull an application into Intune to make it part of our AP profile, we need to “package” the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool:
|
||||
Before we can pull an application into Intune to make it part of our AP profile, we need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool:
|
||||
|
||||
1. The source folder for your application
|
||||
2. The name of the setup executable file
|
||||
3. The output folder for the new file
|
||||
|
||||
For the purposes of this lab, we’ll use the Notepad++ tool as our Win32 app.
|
||||
For the purposes of this lab, we'll use the Notepad++ tool as our Win32 app.
|
||||
|
||||
Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available) and then copy the file to a known location, such as C:\Notepad++msi.
|
||||
|
||||
Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
|
||||
|
||||
|
||||
|
||||
|
||||
After the tool finishes running, you should have an .intunewin file in the Output folder, which you can now upload into Intune using the following steps.
|
||||
|
||||
@ -670,19 +672,19 @@ Log into the Azure portal and select **Intune**.
|
||||
|
||||
Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
|
||||
|
||||
|
||||
|
||||
|
||||
Under **App Type**, select **Windows app (Win32)**:
|
||||
|
||||
|
||||
|
||||
|
||||
On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then click **OK**:
|
||||
|
||||
|
||||
|
||||
|
||||
On the **App Information Configure** blade, provide a friendly name, description, and publisher, such as:
|
||||
|
||||
|
||||
|
||||
|
||||
On the **Program Configuration** blade, supply the install and uninstall commands:
|
||||
|
||||
@ -692,29 +694,29 @@ Uninstall: msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
|
||||
> [!NOTE]
|
||||
> Likely, you do not have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
|
||||
|
||||
|
||||
|
||||
|
||||
Simply using an install command like “notepad++.exe /S” will not actually install Notepad++; it will only launch the app. To actually install the program, we need to use the .msi file instead. Notepad++ doesn’t actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
|
||||
Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app. To actually install the program, we need to use the .msi file instead. Notepad++ doesn't actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
|
||||
|
||||
Click **OK** to save your input and activate the **Requirements** blade.
|
||||
|
||||
On the **Requirements Configuration** blade, specify the **OS architecture** and the **Minimum OS version**:
|
||||
|
||||
|
||||
|
||||
|
||||
Next, configure the **Detection rules**. For our purposes, we will select manual format:
|
||||
|
||||
|
||||
|
||||
|
||||
Click **Add** to define the rule properties. For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule:
|
||||
|
||||
|
||||
|
||||
|
||||
Click **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration.
|
||||
|
||||
**Return codes**: For our purposes, leave the return codes at their default values:
|
||||
|
||||
|
||||
|
||||
|
||||
Click **OK** to exit.
|
||||
|
||||
@ -724,11 +726,11 @@ Click the **Add** button to finalize and save your app package.
|
||||
|
||||
Once the indicator message says the addition has completed.
|
||||
|
||||
|
||||
|
||||
|
||||
You will be able to find your app in your app list:
|
||||
|
||||
|
||||
|
||||
|
||||
#### Assign the app to your Intune profile
|
||||
|
||||
@ -737,7 +739,7 @@ You will be able to find your app in your app list:
|
||||
|
||||
In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade. Then click **Assignments** from the menu:
|
||||
|
||||
|
||||
|
||||
|
||||
Select **Add Group** to open the **Add group** pane that is related to the app.
|
||||
|
||||
@ -747,9 +749,9 @@ For our purposes, select **Required** from the **Assignment type** dropdown menu
|
||||
|
||||
Select **Included Groups** and assign the groups you previously created that will use this app:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
In the **Select groups** pane, click the **Select** button.
|
||||
|
||||
@ -759,7 +761,7 @@ In the **Add group** pane, select **OK**.
|
||||
|
||||
In the app **Assignments** pane, select **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
At this point, you have completed steps to add a Win32 app to Intune.
|
||||
|
||||
@ -773,15 +775,15 @@ Log into the Azure portal and select **Intune**.
|
||||
|
||||
Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
|
||||
|
||||
|
||||
|
||||
|
||||
Under **App Type**, select **Office 365 Suite > Windows 10**:
|
||||
|
||||
|
||||
|
||||
|
||||
Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this labe we have only selected Excel:
|
||||
|
||||
|
||||
|
||||
|
||||
Click **OK**.
|
||||
|
||||
@ -789,13 +791,13 @@ In the **App Suite Information** pane, enter a <i>unique</i> suite name, and a s
|
||||
|
||||
> Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
|
||||
|
||||
|
||||
|
||||
|
||||
Click **OK**.
|
||||
|
||||
In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab). Also select **Yes** for **Automatically accept the app end user license agreement**:
|
||||
|
||||
|
||||
|
||||
|
||||
Click **OK** and then click **Add**.
|
||||
|
||||
@ -806,7 +808,7 @@ Click **OK** and then click **Add**.
|
||||
|
||||
In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade. Then click **Assignments** from the menu:
|
||||
|
||||
|
||||
|
||||
|
||||
Select **Add Group** to open the **Add group** pane that is related to the app.
|
||||
|
||||
@ -816,9 +818,9 @@ For our purposes, select **Required** from the **Assignment type** dropdown menu
|
||||
|
||||
Select **Included Groups** and assign the groups you previously created that will use this app:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
In the **Select groups** pane, click the **Select** button.
|
||||
|
||||
@ -828,7 +830,7 @@ In the **Add group** pane, select **OK**.
|
||||
|
||||
In the app **Assignments** pane, select **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
At this point, you have completed steps to add Office to Intune.
|
||||
|
||||
@ -836,7 +838,7 @@ For more information on adding Office apps to Intune, see [Assign Office 365 app
|
||||
|
||||
If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list, although it could take several minutes to populate:
|
||||
|
||||
|
||||
|
||||
|
||||
## Glossary
|
||||
|
||||
|
||||
Reference in New Issue
Block a user