Intune Windows Autopilot Steps-by-Step.

By On

 What is Windows Autopilot?

Windows autopilot is a modern way to manage or image a PC, wherever users are as long as they are connected to the Internet. You can test in Hyper-V.

Benefits of Autopilot:

Making it easier to set up, configuring through the internet, requiring no manual intervention, letting users take charge of the setup, adjusting settings based on user groups, working well with up-to-date management tools, ensuring devices meet security standards, and smoothly updating features.


Intune Windows Autopilot Steps-by-Step?

  1. Go to Https://admin.microsoft.com

    1. Sing-in with your tenet : administrator@xyz2024a.onmicrosoft.com

  2. Click on Admin centers > Identity

  3. Now, In https://entra.microsoft.com > search Mobility (MDM (mobile device management) and WIP)

  4. Click on “Microsoft Intune”

  5. Now Enable Intune Policy:

  6. Go to Intune portal page: https://intune.microsoft.com  

    1. Click on Devices (from left side) > Windows (by Platform) > windows devices 



  1. Now create a windows security policy group, it will help to apply policy on many users at one time.

    1. Click on Groups (from left side)

    2. Create New Group > click on create.

Now create policies:

  1. Go to Devices > Windows > Windows Enrollment

    1. Click on “Enrollment status page” option

    2. + Create a new Enrollment status page and keep the configuration below as it is.


Click ‘Next

Click Next.


  1. Now assign the policy to previous group “ Intune-Group” So now go and +add groups

Click “Next” and no need to do anything on scope tags, just click on the “Create” option.

We created AutoPilot “Enrollment Status page

  1. Now Create Windows Autopilot “Deployment Profiles”

    1. Now Go to Devices > Windows > Windows Enrollment >


  • Click on +Create Profile > Windows PC

  • Give Name: WindowsAutoPilot

  • Convert all targeted devices to Autopilot = No, (manually) Yes (Automatic) 

  • We chose NO.

    click on Next.

  • Now in “Out-of-box experience (OOBE)”: after the user gets the computer or laptop, what he can do and can’t do, we are going to configure it. Keep below information as it is.

    Click “Next”:


  1. Now “Assignments” option: To whom we can assign the above policy, so add the groups click on  the “Add groups option.”

Click on “Next” and “Create




  1. Now you can see we created a Deployment profile. Now we can apply this deployment profile to any user or groups.


  1. Upper side, work we finished for “Fresh Windows” but now start to do for “Custom Windows” where we can add different applications. 

    1. Click on Apps options > All apps > +Add 

    2. Choose “App type” from the dropdown list

    3. Choose “Microsoft Edge, Version 77 and later”windows 10 and later 


Now you can see the configuration page of applications: but you don’t need to change anything just click on Next button.

  • In “Configure app suite” you can select office apps

  • You can choose what apps and other properties you need for your company.


  1. Now assign this configure to any groups or users: so add the group or user.

Click “next” and “create” it.

This is only for Office applications , you can add other applications also using the same method. Like:

You can add “microsoft store app (new)”: PDF X PDF editor & PDF reader.

  1. Now add “Autopilot Devices” 

    1. Click on Devices > Windows > Windows Enrollment >Devices (it is empty now)

    2. You have to add User device manually 

    3. For that you should “Import” device or computer’s serial number 

(normally, the company gives a .csv file of the serial number of the computer, that we can import here.)


  1. In our case, we can get the device ID from Hyper-V Windows 11.  Let’s get the Device ID 

    1. Add Windows 11 PC in Hyper-V.

    2. Get the windows 11 (serial number) or device ID.

    3. Use any cloud user’s email id (bob.bobson@onmicrosoft.com) to set up for work or school  (microsoft)

    4. Open powershell (administrator) and go to this link “Manually register devices with Windows Autopilot | Microsoft Learn” 

    5. Copy below commands and paste in Powershell.

    6. Use the following commands from an elevated Windows PowerShell prompt:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

New-Item -Type Directory -Path "C:\HWID"

Set-Location -Path "C:\HWID"

$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Install-Script -Name Get-WindowsAutopilotInfo

Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv

  1. Now go to below location:

    1. Double click on C: drive > HWID > AutopilotHWID.csv

    2. Copy that file (AutopilotHWID.csv)  and send it into Teams chat or other ways or gmail AND download it on your local computer. The purpose of this is to import that file on the cloud side.

  2. We need only this serial number: 3689-0129-3509-1491-3580-8307-60  (of windows 11 device)

    1. Now we have to go to https://intune.microsoft.com

    2. Click on Devices > windows > Windows enrollment > Devices (windows autopilot area).

    3. Now import the “AutopilotHWID.csv” file. (it will takes some time to sync to time)

    4. Time to time, click on Refresh and Sync options.



IV. you can see in the green color (Not assigned), this means, this PC or serial number is not assigned to any users yet. 

v) after Sync the Serial Number (like below), you should “Reset PC” windows 11 in Hyper-V) 


  1. Now Add this device or serial number into the Group.

  2. Now Go to Groups > search previous group: Intune-Group 

    1. Click on Intune-Group > Members > +Add members>Devices (see “add members’” underline blue color “Devices”)

    2. Assign the PC (that serial number) or device to one of the Intune-Group members.

      1. Go to Groups > search “Intune-Group” > Members > + Add Members > Devices 

      2. Search Device name:

        1. If you don’t know device name , 

        2. open Hyper-V win11 computer, 

        3. Command prompt > Whoami

          1. You will see the device name.

      3. Select device name (See below we select device Name)

  1. Click on “Refresh” button



Go toDevices > Windows > Windows enrollment > Devices (it is not assigned yet, you can see under “profile status” - Not assigned)


  • Now Sync the device , so click on “Sync” option  (account was synced less than 10 minutes, please try again )

  • After sync it you will see Profile statusAssigned” (see below image) (you can sync multiple devices in one time)


  1. How to add Dynamic Membership rules:

    1. You could create a dynamic rule to include all devices running a specific operating system version or all users in a particular department. This dynamic approach simplifies group management by automating the inclusion or exclusion of members based on changing conditions.

      1. Click on Groups again > New Group >  2. Group type: security

      2. Group name: Dynamic-WindowsOS-Group

      3. Microsoft entra role: No

  1. Membership type: Dynamic Device

  2. Dynamic device members * : add dynamic query

    1. Click on :add dynamic query

    2. Click on “Edit” 



  1. Click on property : deviceOSVersion

  2. Operator: Equals

  3. Value: Windows

  4. Now just click on inside the “Rule syntax” text-area. You will see the syntax below.
    (device.deviceOSVersion -eq "Windows")

  1. Finally, you should test on Hyper-V
    Go to Hyper-V, and Reset PC first

    1. After reset pc, login that pc by using cloud user (user1.user@akshrestha.com)

    2. You should see all the apps which you already added in policy.

Comments

Post a Comment

Popular posts from this blog

How to Map Network Drive using Group Policy Preferences?

By On
Image
  How to Map Network Drive using Group Policy Preferences? We are going to a Map drive for the HR Department. Double click on the HRUser Group > Member tab You can see we have only one member added in the Security Group ( HR User1). Before creating a Group Policy, let’s create one HRSharedData Folder in the file server or for a test you can create in the DC1 server also. Right -click on HRSharedDATA folder > Properties > Sharing Tab > advanced Sharing Chick on “ Share this folder ”  > click on OK . You should copy the Network Path : we need that path later on. And  click on close . Now it's time to create a GPO. In DC1 server, Click on Tool > Group Policy Management option. You should see GPO windows Now, click on Domains > mylab.local > Group Policy Objects  Right-Click on GP object > click on New In New GPO Give Name: like below and  Click ok . You  can see the GPO in the left side column. Now we should have to configure or edit the created GP
Read more

How to set up a Shared folder in Windows Server 2022?

By On
Image
  Shared folder in Windows Server 2022 : 1.        Open Server Manager and navigate to File and Storage Services, then click on Shares 2.        Click on "Tasks" and select "New Share" to launch the New Share Wizard 3.        Choose "SMB Share - Quick" for general file sharing and click Next 4.        Select the location for your shared folder. You can choose an existing folder or create a new one by selecting "Type a custom path" and using the Browse button 5.        Provide a name for the share. By default, it will use the folder name, but you can change it if desired 6.        Configure share settings: 7.        Enable "Access-based enumeration" to only show files and folders users have permission to access 8.        Optionally, configure offline file caching and data encryption settings 9.        Set up permissions: 10.    Click on "Customize permissions" to modify the default NTFS permissions 11.    Disable inheritance an
Read more