Windows Autopilot Self-deploying mode is designed to deploy Windows 10 devices without interaction with users. It doesn’t associate users with devices. No user ID or password is required to enroll.
Windows Autopilot Seld-deploying mode joins the device into the Azure Active Directory, enables all policies, applications, certificates, and networking profiles.
Seld-deploying mode does not support Active Directory Join or Hybrid Azure AD Join.
There is no user interaction with a device, so as a result, some of the Azure AD and Intune features ( BitLocker recovery, installation of apps from the Company Portal, Conditional Access, etc.) may not be available to a user that signs in the device.
TPM 2.0 hardware.
Window 10, version 1903 or later.
Virtual machine not supported.
Internet (LAN cable preferred for no network prompt and experience the full self-deploying mode without any user interaction).
If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built-in, the user needs to connect to a wireless network.
The following options are automatically enabled for Autopilot devices in self-deploying mode:
In the enrollment to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed.
First of all, login into the Endpoint Manager portal using the following URL: https://endpoint.microsoft.com/
Navigate to Devices in the left-hand side panel – and click Devices.
In the appeared new Devices window – navigate to By Platform
Click Windows highlighted in the below image.
This action will lead you to the Windows devices page shown in the below image.
Click the Windows Enrollment option to open the Windows Enrollment page.
Select Deployment profile under the Windows Autopilot Deployment Program menu shown in the below image.
In the Windows Autopilot deployment profiles window – Click Create profile (highlighted in the below image)
It navigates to Create profile Window.
Enter the Profile name in the Name field (Text Box) and Click the Next Button shown in the below image.
Description (Optional) Enter profile description if required.
In the Next window Out-of-Box Experience (OOBE) Page fill the required fields.
Select the Deployment mode as Self-Deploying (preview)
And the remaining fields will hided and allows only Language (Region) and Keyboard configuration.
In the Language (Region) option, open the drop-down list and select the required option.
After that select Yes or No to configure Keyboard automatically
Choose Yes at Apply Device name template if required
After filling the required fields, click on Next.
Select the required group to assign the devices to the deployment profile.
Select the device group and click on Next.
Review + Create page gives the complete summary of the deployment profile.
Click on Create button to create the Deployment profile.
Now the Endpoint manager window will move’s to Windows Autopilot Deployment Profiles page and shows Created deployment profile shown in the below image.
Self-deployment profile is created successfully.
Get the hardware hash from the end-user device by using the following script:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv
Upload the output csv file into the Endpoint manager portal.
Navigate to Windows Enrollment Window and select the Device menu shown in the below image.
In the next window, click om Import to import the CSV file/hardware hash
Select the file from the right side by specifying the path. It will take some time to upload the CSV file.
Once the file is uploaded, wait a bit while a device is assigning the deployment profile.
After the profile has been assigned to the device, the profile status will indicate as Assigned.
Then the targeted device is ready to enroll.
This image shows how it should look like when the device has been turned on.
Windows 10 will check for critical OOBE updates, install the available update and the device will be rebooted if required.
After that enrollment status page (ESP) will be displayed.
After completing the Enrollment status page (ESP) login screen will be appeared, where any member of an organization can log in by specifying their Azure AD credentials.
Enter the user credential to log in the device.
Once users sign in to the device using the corporate credentials, they can leverage the device and associated services.
Thanks for your attention! We are all at Wintellisys hope that this article was helpful.
You might be interested in reading Windows Autopilot – White Glove Deployment
Author is Bachelor of Technology in Electronics & Communication graduate in 2013 and have made the career establishment precisely in the field of Cloud IT infrastructure. Got associated with the Microsoft technologies right from the bottom of the ladder as Help desk operator. Working for Microsoft support with Convergys gave an end to end insight on Microsoft Intune and SAAS based technologies. Further worked for multiple clients to migrate their device management strategies from on-prem to cloud mostly Intune and AirWatch (VMware Workspace ONE). Worked with HCL and now with ITC infotech as Intune consultant for planning and implementation of device management for one of the biggest Beer manufacturing company globally.