8.4 KiB
title, description, keywords, ms.prod, ms.mktglfcycl, ms.localizationpriority, ms.sitesec, ms.pagetype, author, ms.author, ms.date
| title | description | keywords | ms.prod | ms.mktglfcycl | ms.localizationpriority | ms.sitesec | ms.pagetype | author | ms.author | ms.date |
|---|---|---|---|---|---|---|---|---|---|---|
| Overview of Windows Autopilot | This topic goes over Windows Autopilot and how it helps setup OOBE Windows 10 devices. | mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune | w10 | deploy | medium | library | deploy | coreyp-at-msft | coreyp | 05/09/2018 |
Overview of Windows Autopilot
Applies to
- Windows 10
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows Autopilot to reset, repurpose and recover devices.
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
The following video shows the process of setting up Autopilot:
Benefits of Windows Autopilot
Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows Autopilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
Windows Autopilot Scenarios
Cloud-Driven
The Cloud-Driven scenario enables you to pre-register devices through the Windows Autopilot Deployment Program. Your devices will be fully configured with no additional intervention required on the users' side.
The Windows Autopilot Deployment Program experience
The Windows Autopilot Deployment Program enables you to:
- Automatically join devices to Azure Active Directory (Azure AD)
- Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription)
- Restrict the Administrator account creation
- Create and auto-assign devices to configuration groups based on a device's profile
- Customize OOBE content specific to the organization
Prerequisites
- Devices must be registered to the organization
- Company branding needs to be configured
- Network connectivity to cloud services used by Windows Autopilot
- Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
- Devices must have access to the internet
- Azure AD Premium P1 or P2
- Users must be allowed to join devices into Azure AD
- Microsoft Intune or other MDM services to manage your devices
The end-user unboxes and turns on a new device. What follows are a few simple configuration steps:
- Select a language and keyboard layout
- Connect to the network
- Provide email address (the email address of the user's Azure AD account) and password
Multiple additional settings are skipped here, since the device automatically recognizes that it belongs to an organization. Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
Device registration and OOBE customization
To register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
If you would like to capture that information by yourself, you can use the Get-WindowsAutopilotInfo PowerShell script, which will generate a .csv file with the device's hardware ID.
Once devices are registered, these are the OOBE customization options available for Windows 10, starting with version 1703:
- Skipping Work or Home usage selection (Automatic)
- Skipping OEM registration, OneDrive and Cortana (Automatic)
- Skipping privacy settings
- Skipping EULA (starting with Windows 10, version 1709)
- Preventing the account used to set-up the device from getting local administrator permissions
For guidance on how to register devices, configure and apply deployment profiles, follow one of the available administration options:
- Microsoft Store for Business
- Microsoft Intune
- Microsoft 365 Business & Office 365 Admin
- Partner Center
Configure company branding for OOBE
In order for your company branding to appear during the OOBE, you'll need to configure it in Azure Active Directory first.
See Add company branding to your directory, to configure these settings.
Configure MDM auto-enrollment in Microsoft Intune
In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Microsoft Intune, please see Enroll Windows devices for Microsoft Intune. For other MDM vendors, please consult your vendor for further details.
Note
MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
Network connectivity requirements
The Windows Autopilot Deployment Program uses a number of cloud services to get your devices to a productive state. This means those services need to be accessible from devices registered as Windows Autopilot devices.
To manage devices behind firewalls and proxy servers, the following URLs need to be accessible:
- https://go.microsoft.com
- https://login.microsoftonline.com
- https://login.live.com
- https://account.live.com
- https://signup.live.com
- https://licensing.mp.microsoft.com
- https://licensing.md.mp.microsoft.com
- ctldl.windowsupdate.com
- download.windowsupdate.com
Note
Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
Tip
If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for Microsoft Intune and Office 365.
IT-Driven
If you are planning to configure devices with traditional on-premises or cloud-based solutions, the Windows Configuration Designer can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see Create a provisioning package for Windows 10.
Teacher-Driven
If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The Set Up School PCs app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see Use the Set up School PCs app for all the details.