Windows Autopilot self-deploying Mode guide

Windows Autopilot Self-deploying mode is designed to deploy Windows 10 devices without interaction with users. It doesn’t associate users with devices. No user ID or password is required to enroll.

Windows Autopilot Seld-deploying mode joins the device into the Azure Active Directory, enables all policies, applications, certificates, and networking profiles.

Limitations:

 Seld-deploying mode does not support Active Directory Join or Hybrid Azure AD Join.

There is no user interaction with a device, so as a result, some of the Azure AD and Intune features ( BitLocker recovery, installation of apps from the Company Portal, Conditional Access, etc.) may not be available to a user that signs in the device.

Windows Autopilot self-deploying Mode Requirements:

TPM 2.0 hardware.

Window 10, version 1903 or later.

Virtual machine not supported.

Internet (LAN cable preferred for no network prompt and experience the full self-deploying mode without any user interaction).

Note

If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built-in, the user needs to connect to a wireless network.

The following options are automatically enabled for Autopilot devices in self-deploying mode:

• Skip Work or Home usage selection.

• Skip OEM registration and OneDrive configuration.

• Skip user authentication in OOBE.

• Organization Logo and Organization name

In the enrollment to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed.

Creating a Windows Autopilot self-deploying profile

First of all, login into the Endpoint Manager portal using the following URL: https://endpoint.microsoft.com/

Navigate to Devices in the left-hand side panel – and click Devices.

In the appeared new Devices window – navigate to By Platform

 Click Windows highlighted in the below image.

This action will lead you to the Windows devices page shown in the below image.

Click the Windows Enrollment option to open the Windows Enrollment page.

Select Deployment profile under the Windows Autopilot Deployment Program menu shown in the below image.

In the Windows Autopilot deployment profiles window – Click Create profile (highlighted in the below image)

It navigates to Create profile Window.

 Enter the Profile name in the Name field (Text Box) and Click the Next Button shown in the below image.

Description (Optional) Enter profile description if required.

In the Next window Out-of-Box Experience (OOBE) Page fill the required fields.

Select the Deployment mode as Self-Deploying (preview)

And the remaining fields will hided and allows only Language (Region) and Keyboard configuration.

In the Language (Region) option, open the drop-down list and select the required option.

After that select Yes or No to configure Keyboard automatically

Choose Yes at Apply Device name template if required

 After filling the required fields, click on Next.

Assignments window

Select the required group to assign the devices to the deployment profile.

Select the device group and click on Next.

Review + Create page

Review + Create page gives the complete summary of the deployment profile.

Click on Create button to create the Deployment profile.

Now the Endpoint manager window will move’s to Windows Autopilot Deployment Profiles page and shows Created deployment profile shown in the below image.

Self-deployment profile is created successfully.

Procedure to upload Hardware Hash

Get the hardware hash from the end-user device by using the following script:

md c:\\HWID

Set-Location c:\\HWID

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted

Install-Script -Name Get-WindowsAutoPilotInfo

Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv

Upload the output csv file into the Endpoint manager portal.

Navigate to Windows Enrollment Window and select the Device menu shown in the below image.

In the next window, click om Import to import the CSV file/hardware hash

Select the file from the right side by specifying the path. It will take some time to upload the CSV file.

Once the file is uploaded, wait a bit while a device is assigning the deployment profile.

After the profile has been assigned to the device, the profile status will indicate as Assigned.

Then the targeted device is ready to enroll.

End-User Experience

This image shows how it should look like when the device has been turned on.

Windows 10 will check for critical OOBE updates, install the available update and the device will be rebooted if required.

After that enrollment status page (ESP) will be displayed.

After completing the Enrollment status page (ESP) login screen will be appeared, where any member of an organization can log in by specifying their Azure AD credentials.

Enter the user credential to log in the device.

Once users sign in to the device using the corporate credentials, they can leverage the device and associated services.

Thanks for your attention! We are all at Wintellisys hope that this article was helpful.

You might be interested in reading Windows Autopilot – White Glove Deployment

Thanks!