Whitepaper's & Blogs

Windows Autopilot – Zero Touch Device Enrollment and Configuration

Windows Autopilot – Zero Touch Device Enrollment and Configuration

 

  

Introduction

 

Windows Autopilot is zero-touch provisioning service that simplifies the deployment and configuration of Windows 10 Devices, leveraging Azure AD and Mobile Device Management (MDM) services to customize and automate Windows 10 device enrollment and configuration. A Windows 10 device can be shipped directly from the OEM to the user, powered on and configured automatically, requiring zero hands-on contact from IT.

 

Traditionally this level of OS configuration and enrollment automation would require the creation of a custom OS image. As Windows Autopilot leverages cloud technologies, it can be applied to devices shipped with an OEM enterprise ready OS build applied. This eliminates the cost of creating and maintaining a custom image as well as providing flexibility in the device models and hardware vendors. There is no need to update an image when adding new hardware device models.

 

 

User Experience

 

Windows AutoPilot allows for the customization of the Windows 10 Out of the Box Experience (OOBE) by means of an Autopilot cloud-based configuration profile. OOBE is the Window 10 configuration Interface presented when setting up new device.

 

With AutoPilot much of the device enrolment and configuration process can be invisible to the user.  When the user powers on device and connects to a network they are presented with the customized Windows 10 OOBE screens. The device is configured based on the assigned AutoPilot profile. The user simply signs into the device using their Azure AD Credentials, the device performs an Azure Active Directory Join and Mobile Device Management (MDM) enrolment. From here then the device is assigned its policy, applications and Windows OS and security updates. On completion the user is left with a fully configured and managed production device and all with limited effort and interaction by the user required. 

 

 

 

Autopilot Registration Options

 

 

To make use of Windows Autopilot the devices need to be registered with the AutoPilot Deployment Service in advance of deployment. The are several options to perform this Autopilot registration.

 

  • OEM Registration

The standard means to enable Autopilot is part of the OEM device procurement and factory load process where the hardware OEMs register the device on the Windows AutoPilot deployment service. This will apply only to new devices purchased from the OEM. The OEM would need to be granted access register a device on the part of the client.

 

  • Microsoft Cloud Solution Partners

Microsoft Cloud Solution Partners (CSP) can register Windows Autopilot devices on behalf of customers using Microsoft Partner Center. OEMs are starting to ship devices with a Windows Product Key ID (PKID) label printed on the outside of the device box. CSPs can use this key to register a device for the client without the need to even open the box.

 

  • Hardware Hash

Some clients may wish to reuse some existing devices and may have many existing devices capable of running windows 10. The standard process for these devices is to generate an AutoPilot hardware hash to register the device. This hardware hash is a unique hardware fingerprint for the device.  This can only be created on a device that already has Windows 10 installed.  

 

 

 

Device Break-fix / Reset

 

 

Autopilot also facilitates device recovery in break-fix scenarios. The AutoPilot profile is applied each time when a device is reset or even reimaged. In the event of an issue the user can perform the reset locally on the device or the reset can be initiated remotely by an administrator. After the reset the user will be presented with the same AutoPilot configuration profile and Out of the Box Experience. This reset process can also be used to repurpose an existing device for a new user. 

 

Conclusion

 

Windows Autopilot is an IT Zero hands-on solution for Windows 10 devices. Users simply need to enter their credentials to complete configuration and management of a device. Autopilot is constantly evolving with additional features added along with the release of new Windows 10 OS builds. An example of this would be the recent addition of pre-provisioning facilitating the option of a white glove service, allowing devices to be preconfigured before being assigned to the user. The move to cloud-based MDM device management services, the effort and expense of traditional custom OS image creation along with break-fix support provided makes Windows AutoPilot the de facto solution for modern Windows 10 device management.  

 

Author: Cathal Henry – Senior Solution Architect

Viewed: 150