Intune Autopilot Deployment Guide

Overview

Windows Autopilot, combined with Microsoft Intune, provides a cloud‑driven provisioning experience that transforms the way devices are set up and handed over to users. This guide walks you through planning, configuring, and validating an Autopilot deployment.

Prerequisites

  • Azure AD Premium (P1 or P2) subscription
  • Microsoft Intune subscription
  • Supported Windows 10/11 devices (Version 1903 or later)
  • Device hardware ID (hardware hash) collected and uploaded
  • Appropriate licensing assigned to users

Setup Steps

1. Register Devices in Autopilot

# PowerShell script to upload hardware hash
Import-Module WindowsAutopilotIntune
Get-WindowsAutopilotInfo -OutputFile "C:\Autopilot\deviceHash.csv"
Import-AutopilotDevice -CsvFile "C:\Autopilot\deviceHash.csv"

2. Create an Autopilot Deployment Profile

  1. Sign in to the Microsoft Endpoint Manager admin center
  2. Navigate to Devices → Windows → Windows enrollment → Deployment Profiles
  3. Click Create profile and choose Windows PC
  4. Configure settings:
    • Out-of-box experience (OOBE): Skip Cortana, Enable privacy settings
    • Enrollment status page (ESP): Show progress, Require automatic enrollment
    • Hybrid Azure AD join if needed
  5. Assign the profile to the appropriate device group.

3. Assign Users & Groups

Make sure users who will receive devices are licensed for Intune and Azure AD. Add them to the Autopilot Devices group or a custom security group that has the deployment profile assigned.

Profile Configuration Details

Setting Recommended Value Notes
Skip user sign‑in Yes Reduces setup time for shared devices
Automatic MDM enrollment Yes Ensures device is managed from first boot
Apply device naming convention {{SerialNumber}} Using device attributes for consistency

Troubleshooting

If devices fail to enroll or OOBE stalls, follow these steps:

  1. Confirm the device is listed in Devices → Windows → Windows enrollment → Devices.
  2. Check Azure AD device join status in Azure AD → Devices.
  3. Review Intune logs on the device: Event Viewer → Applications and Services Logs → Microsoft → Windows → DeviceManagement-Enterprise-Diagnostics-Provider.
  4. Run the Get-AutopilotDiagnostics PowerShell cmdlet and upload results to Microsoft support.

FAQ

Can I use Autopilot with on‑premises AD?
Yes, by enabling Hybrid Azure AD join and configuring the appropriate group policies. Devices will still enroll in Intune.
What happens if a device is offline during OOBE?
The device will cache the configuration and apply it once it connects to the internet. Ensure network connectivity is available early in the process.
How do I reset a device that got stuck?
Use the Reset this PC option from Windows Settings or trigger a remote wipe from the Intune portal.

Resources