In Endpoint: (https://endpoint.microsoft.com) Select ‘Devices’ on the left-hand side. Then scroll down to ‘Device Enrollment’. Then select ‘Enroll Devices’
Then select: ‘Deployment Profiles’
Then select ‘Windows PC’
Enter a name and a description.
Leave the option ‘convert all targeted device to Autopilot’ as ‘No’. If selected yes, then this will register all devices to Autopilot. This can cause issues to user’s that are already Azure AD joined and being actively used. It is best to import devices to Autopilot when needed.
When finished, select ‘Next’
It will now let you configure your Out of box experience:
Deployment mode:
• User-Driven: Devices are associated with the user enrolling the device and user credentials are required to provision the device.
o This means the user will need to sign into the device to begin the Autopilot process. For example: Set up for an organisation -> Sign in with work or school account.
• Self-deployed: Devices are not associated with the user enrolling the device and user credentials are not required. This requires little to no interaction with the device.
I will be continuing with User-Driven mode.
Self-deployment does not associate a user with the device. This means some Azure AD or Intune Capabilities may not be available. This includes:
• Bit-locker Recovery
• Installation of Apps from the company portal.
• Conditional Access
Self-Deployment does not support Active Directory join or Hybrid Azure AD join. All devices will be joined to Azure AD. User-driven does support Active Directory and Hybrid Azure AD join.
Will leave the following hidden:
• Microsoft Software License Terms. This will hide the Eula that users would normally have to accept during the Out of box experience.
• Privacy settings. This will hide the option to select what diagnostic data to be collected from Microsoft.
• Change Account Options. This will hide the options to change accounts.
Other Settings:
• User account type: This is set to Standard. User will have a Standard account instead of having local administrator rights to the device.
• Allow pre-provisioned deployment: – This is enabled. This won’t affect the user-driven process unless the Windows Key is selected five times. This is mainly so I can have a mess with it and see exactly what it does.
• Language has been set to ‘United Kingdom’. Keyboard has been set to automatically be configured as well.
• Apply Device Name Template. This may prove useful for organisations.
o %SERIAL% – This macro will add the hardware specific serial number. You cannot use more then 7 characters with %SERIAL%
o %RAND:x% – This macro will add a random string of numbers.
Select ‘Next’ to continue with Assignments.
Under ‘Included Groups’, select ‘Add Groups’. Then select ‘Autopilot Devices’
See this guide for creating a group for Autopilot devices
Then click ‘Next’
It will then show you a review of your Autopilot. Select ‘Create’
