MS Endpoint Security

Implement Autopilot for Microsoft Intune

A Step-by-Step Guide

Introduction

Intune and Autopilot are Microsoft services that allow you to manage and deploy devices and applications for your organization. Intune is a cloud-based service that lets you control how your devices and apps are used, while Autopilot is a feature that automates the enrollment and configuration of new devices. Together, they can help you streamline your device management and improve your security posture.

This document will provide you with a complete step by step guide to implementing Intune and Autopilot for an Entra ID tenant that is syncing identities. Entra ID is a cloud identity service provides single sign-on and multi-factor authentication for your users. By syncing your identities with Entra ID, you can leverage the benefits of cloud security for your device management and ensure a consistent user experience across your devices and apps.

Before you begin, you will need the following prerequisites:

Step 1: Register your device with Autopilot

The first step is to register your device with Autopilot. This will allow you to assign a profile to your device that will automate the enrollment and configuration process. You can register your device with Autopilot in a number of ways, such as OEM or Partner registration on your behalf, convert to autopilot profiles in Intune, or by leveraging PowerShell. This post will focus on using PowerShell to retrieve the hardware hash into a csv that can be uploaded into Autopilot.

Using the Get-WindowsAutoPilotInfo PowerShell script:

  • Download and install the Get-WindowsAutoPilotInfo PowerShell script from the Microsoft Download Center: https://www.microsoft.com/en-us/download/details.aspx?id=54988
  • Run PowerShell as an administrator and navigate to the folder where you downloaded the script.
  • Run the following command to get the device information and save it to a CSV file: Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilot.csv
  • Sign in to the Microsoft Endpoint Manager admin center: https://endpoint.microsoft.com/
  • Go to Devices > Windows > Windows enrollment > Devices.
  • Select Import and then browse to the location where you saved the AutoPilot.csv file.
  • Select the file and then select Open.
  • Select Import to register your device with AutoPilot.

Step 2: Create and assign an Autopilot profile

The next step is to create and assign an AutoPilot profile to your device. An AutoPilot profile defines the settings and policies that will be applied to your device during the enrollment and configuration process. You can create and assign an AutoPilot profile in the Microsoft Endpoint Manager admin center.

Creating an AutoPilot profile:

  • Sign in to the Microsoft Endpoint Manager admin center: https://endpoint.microsoft.com/
  • Go to Devices > Windows > Windows enrollment > Deployment profiles.
  • Select Create profile and then select Windows PC.
  • Enter a name and a description for your profile.
  • Select Next and then configure the settings for your profile. You can choose the following options:
  • Join to Azure AD as: Choose whether you want your device to join Azure AD as a standard user or an administrator.
  • Out of box experience (OOBE): Choose the settings that you want to skip or customize during the OOBE. For example, you can skip the privacy settings, the EULA, or the keyboard layout.
  • Device name template: Choose a template for naming your device. You can use variables such as %SERIAL%, %RAND%, or %SKU%.
  • Language (Region): Choose the language and region for your device.
  • Apply device name template: Choose whether you want to apply the device name template before or after the device is enrolled.
  • Convert all targeted devices to Autopilot: Choose whether you want to convert any existing devices that are not registered with Autopilot to Autopilot devices.
  • Select Next and then review your profile settings.
  • Select Create to create your profile.

Assigning an Autopilot profile:

  • Sign in to the Microsoft Intune admin center: https://intune.microsoft.com/
  • Go to Devices > Windows > Windows enrollment > Devices.
  • Select the device that you want to assign the profile to.
  • Select Assign profile and then select the profile that you created.
  • Select Save to assign the profile to your device.

Step 3: Enroll and configure your device with Intune and Autopilot

The final step is to enroll and configure your device with Intune and Autopilot. This will allow you to apply the settings and policies that you defined in your Autopilot profile and manage your device with Intune. You can enroll and configure your device by following the Out-of-box-experience (OOBE) on your device.

Enrolling and configuring your device:

  • Turn on your device and connect it to the internet.
  • Follow the OOBE on your device. You will see the Autopilot branding and the settings that you configured in your profile.
  • Sign in with your Entra ID credentials.
  • Wait for the device to finish the configuration process. This may take from several minutes to hours depending on your network speed and the number of settings and policies that are applied.
  • Once the configuration is complete, you will see the desktop of your device. You can now use your device and access the apps and resources that are assigned to you by your organization.

Conclusion

You have successfully implemented Intune and Autopilot for your Entra ID tenant that is syncing identities. You can now manage and deploy your devices and apps with ease and security. You can also monitor and troubleshoot your devices and apps from the Microsoft Intune admin center. For more information and guidance on Intune and Autopilot, you can visit the following links:

Leave a comment