Autopilot

Introduction

Windows Autopilot is a cloud-based Microsoft service that enables new Windows 10/11 devices to be set up automatically and prepared for productive use. The Windows 10/11 devices do not need to be reinstalled, as Windows Autopilot uses the existing image already present on the devices. Relution supports automatic enrollment via Windows Autopilot, allowing Windows 10/11 devices to be quickly and easily inventoried in Relution.

Requirements for using Windows Autopilot

Currently only available with your own Relution server

Windows Autopilot can be used with Windows 10/11 Professional, Enterprise, or Education starting from version 1709. An Azure instance with Azure Active Directory (AAD) and an Azure AD Premium P2 subscription is required. For the setup in Azure, users must have the Global Administrator role. An internet connection is required during the initial startup of the Windows 10/11 devices. Licensing requirements →

How Windows 10/11 device provisioning works

When the Out Of The Box Experience (OOBE) starts on Windows 10/11 devices, the system automatically detects, if a network connection is available, that the device should be configured using Windows Autopilot. The devices transmit their ID to Microsoft and check whether they are registered in Autopilot for an Azure AD environment. Users must then sign in with their credentials on the Microsoft sign-in page. As a result, enrollment in Relution is performed and a user account for the Azure AD users is created on the devices.

Benefits of Windows Autopilot

Windows Autopilot aims to eliminate the need to manually install each new Windows 10/11 device with an internally created image. Instead, the devices should transform themselves into preconfigured devices as automatically as possible. This minimizes the effort required to create images and reduces the time needed for physical registration and provisioning of devices. Azure only needs to be set up once, and automatic enrollment continues to work until the defined validity period of the client secret expires (see below).

Review Azure default settings and complete the setup

After you have connected Entra ID with Relution, check whether the following settings have been configured under Devices > Device settings:

  • All users are allowed to join devices to Azure AD.
  • All users are allowed to register their devices with Azure AD.
  • The maximum number of devices per user should be taken into account. Geräteeinstellungen in Azure Active Directory für Autopilot-Einschreibung prüfen

Add Windows 10/11 devices

These steps replace the steps previously required in Microsoft Store for Business.

New devices can be purchased and registered through a partner. In this case, the devices are automatically stored in the Intune portal and in Azure AD and do not need to be added manually. Devices that are already in use can be added manually. For this, a CSV file is required, which is generated on the devices using a PowerShell script. The CSV file is then uploaded in the Intune portal and the device can be reset: https://intune.microsoft.com The file can be generated using this PowerShell script:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
New-Item -Type Directory -Path "C:\HWID"
Set-Location -Path "C:\HWID"
$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutopilotInfo
Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv

PowerShell must be run as an administrator. The file must then be uploaded under Devices > enter Enrollment in the search field and click the result > scroll all the way down on the right > Devices > Import. The devices then appear in the device list and must be linked to a configured profile.

Prepare the Out Of The Box Experience (OOBE) in Microsoft

A profile must now be created. To do this, go back to the function search. On the left, click Devices > enter Enrollment in the search field > scroll all the way down on the right > click Deployment profiles.

  1. Click “Create profile”.
  2. Select “Windows PC”.
  3. Assign a name.
  4. Click “Next”.
  5. Click “Next” again.
  6. Select either “Add group” or “Add all devices”.
  7. Click “Next”.
  8. Click “Create”. The devices are now linked to the profile.

Synchronize stored Windows 10/11 devices with Relution

Under Devices > Auto enrollments, the Windows 10/11 devices are added to Relution using the Synchronize button. At this point, the devices must not yet be enrolled.

Automatic enrollment using Windows Autopilot can only be performed once the Windows 10/11 devices appear in the overview

Automatic enrollment of Windows 10/11 devices in Relution

After resetting the devices or during initial startup, the network connection is established during OOBE. As soon as this happens, the devices communicate with Azure and download the Autopilot profile. The Microsoft account sign-in screen then appears. After users enter their credentials, communication with Relution takes place. First, the terms of use endpoint is called, and then enrollment in Relution is performed. If the users are stored in Relution and auto enrollments for the devices are available, the enrollments are carried out. The Windows 10/11 devices then appear in the device inventory of the corresponding Relution organization and can be further configured using Windows policy configurations and actions.

Please do not delete the account on the device that was used to register the device.