Many organizations today feel pressure to adopt a hybrid workplace. As a result, they are struggling with the changes needed to maintain the integrity of their information technology (IT) ecosystem. Challenges, such as remote employees adding their own devices to the network, leave businesses struggling to supervise all endpoints and keep their systems secure. For organizations in this predicament, utilizing Windows Autopilot for device management can be a valuable solution. This technology allows a business to manage its endpoints by simplifying device provisioning and offers the ability to give new devices to end users as the need arises without having to build or maintain a custom operating system image, streamlining this portion of IT operations.

What is Windows Autopilot?

Windows Autopilot includes a set of technologies you can leverage to set up and pre-configure new devices for production use. This desktop provisioning tool, native to Windows 10, helps IT teams automate all new device deployments with preset configurations. Additionally, it allows profiles to be applied to PCs so that new users have full access from their first login.

Windows Autopilot simplifies all the bulk deployments, setups, and configurations in an organization’s IT ecosystem, ensuring devices are ready for corporate use. It also assists in facilitating easier management of Microsoft Windows devices, from initial deployment and throughout their usage within the organization. Overall, Windows Autopilot helps organizations simplify Windows device management – reducing the time IT staff spends deploying and managing devices, decreasing the infrastructure needed to maintain devices throughout their lifecycle, and maximizing the ease of use for both IT staff and end users.

Windows Autopilot’s device management capabilities

The technology that comprises Windows Autopilot provides a new approach, so IT administrators can:

• Automatically add devices to Azure Active Directory (Azure AD) or Active Directory via Hybrid Azure AD join;
• Auto-enroll devices into mobile device management (MDM) services, such as Microsoft Intune, more easily;
• Create and auto-assign the different device profiles within the ecosystem, subject to requirements; and
• Customize the Windows Out of Box Experience (OOBE) content to be specific to the organization.

Windows Autopilot configuration requirements to support device management in hybrid workplaces

Once new devices are deployed, Windows Autopilot leverages the original equipment manufacturer (OEM)-optimized version of Windows. Since this version is preinstalled, end users and IT staff do not need to retain custom images and drivers for devices. Instead of reimaging, the existing Windows version transforms into a state that can easily apply preset settings and policies, install apps, and support advanced features.

Before you can leverage Windows Autopilot, there are a few configuration requirements to address. These should sufficiently meet and support some of the common Autopilot scenarios you are likely to encounter.

• Configure Azure AD automatic enrollment, and set Azure AD’s custom branding to display key organization elements, including a square logo, sign-in page text, and tenant name. It is crucial to simultaneously consider Windows Autopilot deployment and the best practice guidelines for devices.
• Devices should meet the minimum hardware requirements for Windows. IT administrators should review them before starting the deployment process. These best practices are meant to ensure that devices can quickly be provisioned as part of the deployment process.
• After the hardware and software requirements are met, administrators can display the device’s configuration progress on the Windows Autopilot enrollment status page (ESP) profile page. If needed, the ESP profile page can also track the installation of applications, security policies, certificates, and network connections.

Licensing needed to utilize Windows Autopilot

Autopilot licensing requirements apply to Windows 11, Windows 10, and Windows Holographic, version 2004 or later devices. It is important to note that Windows Autopilot is reliant upon the specific capabilities available in Windows and Azure AD, and that they are all made available through different editions and subscription offerings.

Azure AD comes with automatic MDM enrollment, company branding, and other key functionalities, which will require one of the following specific subscriptions:

• Microsoft Intune Subscription
• Azure Active Directory Premium P1 or P2
• Microsoft 365 Enterprise E3 and E5 subscription
• Enterprise Mobility and Security E3 or E5 subscription
• Microsoft 365 F1 and F3 subscriptions
• Microsoft 365 Business Premium subscription

Microsoft also recommends the following licenses:

• Microsoft 365 Apps for enterprise
• Windows Subscription Activation

Windows Autopilot: Managing your endpoints

Microsoft’s cloud-based platform, Intune, offers a modern solution that enables you to manage devices from anywhere. It also eliminates the traditional endpoint management constraints with Windows Autopilot. Intune can manage policies, profiles, and security settings, making Windows endpoint management relatively more straightforward.

Additionally, if during your device’s lifecycle, an endpoint is performing poorly or your plan reuses your device for another end user, you can leverage Windows Autopilot reset. Windows Autopilot reset takes your device back to a business-ready state. It removes the previous user and registers the next user so they can sign in and utilize the reset endpoint. Configurations of this feature can remove personal files, applications, or settings on the device and reassign original settings without compromising its identity connection to Azure AD.

With the rise of hybrid workplaces, it is important for business leaders to assess ways in which they can reduce the cost and complexity of managing remote and distributed workforce devices. The experienced professionals in Citrin Cooperman’s Digital Services Practice help clients configure and deploy Windows Autopilot for their Windows 10 and 11 endpoints. To learn more about this technology and how it can help your business reach its strategic objectives, reach out to your Citrin Cooperman advisor or info@citrincooperman.com.