Windows Autopilot: Managing Your Endpoints

Are you like most organizations, today? Compelled towards a hybrid workplace with a disconnected workforce? This has allowed your remote workers to add their own devices to your organization’s IT ecosystem. This has introduced a unique challenge with most organizations grappling with the reality of how difficult it is to manage endpoints. Intune offers a modern solution enabling you to manage devices from anywhere. This Microsoft cloud-based platform eliminates the traditional management constraints by allowing you to maintain these endpoints with Windows Autopilot.

Imagine managing your endpoints by simplifying device provisioning and offering the ability to give new devices to end-users as the need arises without having to build or maintain a custom operating system image. Intune can also manage policies, profiles, and security settings, making Windows endpoint management relatively more straightforward.

What is Windows Autopilot?

Windows Autopilot includes a set of technologies you can leverage to set up and pre-configure new devices for production use. This desktop provisioning tool, native to Windows 10, helps your IT team automate all new device deployments with preset configurations. Additionally, it allows the application of profiles to PCs so that new users can have full access from their first login.

Think of it like this. Windows Autopilot simplifies and streamlines all of your bulk deployments, setups, and configurations added into your organization’s IT ecosystem, ensuring that these devices are ready for corporate use. It also assists in facilitating easier management of Microsoft Windows devices throughout their usage within your organization right from the initial deployment. Overall, Windows Autopilot helps your organization simplify Windows device management. It reduces the time your IT staff spends deploying and managing your devices and the infrastructure needed to maintain said devices throughout their lifecycle. Additionally, it maximizes the ease of use for both your IT staff and end-users.

What can I do with Autopilot?

Windows Autopilot enables your company to manage a few functions within your ecosystem with a new approach. For starters, your IT administrators can automatically add devices to Azure Active Directory (Azure AD) or Active Directory via Hybrid Azure AD join. Additionally, it becomes easier to auto-enroll devices into MDM services, such as Microsoft Intune. Further, your IT administrators can create and auto-assign the different device profiles within your ecosystem subject to requirements. Finally, your administrators can now customize the Windows Out of Box Experience (OOBE) content specific to your organization.

How does Windows Autopilot fuel my hybrid workplace?

Once your new Windows devices are deployed, Windows Autopilot leverages the OEM-optimized version of Windows. As it stands, this version is already preinstalled on your device, which means that neither the end-user nor your IT staff must maintain custom images and drivers for the particular device model.

Instead of reimaging, the existing Windows is transformed into a state that can easily apply your preset settings and policies, install apps, and support advanced features. Before you can leverage Windows Autopilot, there’re a few configuration requirements that you’ll need. These should sufficiently meet and support some of the common Autopilot scenarios you are likely to encounter.

The first step would be to configure Azure AD automatic enrollment. You’ll need to configure Azure AD’s custom branding to display your key organization elements, including a square logo, sign-in page text, and tenant name. It is prudent to mention that as you consider Windows Autopilot deployment, you also have to consider the best practice guidelines for devices.

Your devices are expected to meet the minimum hardware requirements for Windows. These best practices are meant to ensure that your devices can quickly be provisioned as part of your deployment process. It would be best if your IT administrators reviewed the minimum hardware requirements for Windows before commencing the deployment process.

After you've met the hardware and software requirements, the next stop should be the Windows Autopilot enrollment status page (ESP). Administrators can display the device’s configuration progress on your ESP profile page. Tracking the installation of applications, security policies, certificates, and network connections can also be accomplished using the ESP profile page if the need arises.

What do I need for Windows Autopilot?

To start, it is important to mention that Autopilot licensing requirements apply to Windows 11, Windows 10, and Windows Holographic, version 2004 or later devices. It is paramount to note that Windows Autopilot is reliant upon the specific capabilities available in Windows and Azure AD. All of these are made available through different editions and subscription offerings.

Seeing as you will need Azure Active Directory, as it comes with automatic MDM enrollment, company branding and other key functionalities, there are specific subscriptions that you will require. One of the following subscriptions is required:

Microsoft Intune Subscription
Azure Active Directory Premium P1 or P2
Microsoft 365 Enterprise E3 and E5 subscription
Enterprise Mobility and Security E3 or E5 subscription
Microsoft 365 F1 and F3 subscriptions
Microsoft 365 Business Premium subscription

Microsoft also recommends the following licenses:

Microsoft 365 Apps for enterprise
Windows Subscription Activation

Now what if, during your device’s lifecycle, an endpoint is performing poorly? What if your plan reuses your device and provides it for another end user? In this case, you can leverage Windows Autopilot reset. Windows Autopilot reset takes your device back to a business-ready state. Thus, the next user should be able to sign in and utilize your reset endpoint without much hassle. This reset can be configured to remove any personal files, applications, or settings that might have been on the device. It also reassigns the original settings without compromising its identity connection to Azure AD. Further, it can remove the device’s primary user and registers the next user as the primary.