Managing Windows Endpoints with Intune in Windows Autopilot

With the increasing shift towards a hybrid workplace and a disaggregated workforce, many organizations now face the challenge of managing endpoints across various locations. Microsoft Intune offers a modern solution that enables businesses to manage their devices from anywhere. This cloud-based platform eliminates traditional management constraints. For instance, you can now manage these endpoints with Windows Autopilot, simplifying device deployment and configuration.

The latter starts by simplifying device provisioning and offering the ability to give new devices to end-users as the need arises without having to build or maintain a custom operating system image. On the other hand, Intune manages policies, profiles, and security settings, making managing Windows endpoints relatively more straightforward.

What Is Windows Autopilot?

Windows Autopilot includes a set of technologies leveraged by IT professionals to set up and pre-configure new devices for productive use. This desktop provisioning tool native to Windows 10 helps the IT team automate all new devices with preset configurations. Additionally, it allows IT professionals to apply profiles to PCs so that new users can have full access from their first login.

Think of it this way. Windows Autopilot simplifies and streamlines all the bulk deployments, setups, and configurations added onto the organization’s IT ecosystem, ensuring that these are ready for corporate use. It also comes in handy in facilitating the easy management of Microsoft Windows devices throughout their usage within the organizations right from the initial deployment. Overall, Windows Autopilot helps organizations simply Windows device management. It reduces the time IT professionals spend deploying and managing devices and the infrastructure needed to maintain said devices throughout their lifecycle. Additionally, it maximizes the ease of use for both IT professionals and users.

What Can Autopilot Manage?

Windows Autopilot enables administrators to manage a few functions within the ecosystem with a new approach. For starters, administrators can automatically add devices to Microsoft Entra ID Joined or Active Directory via Hybrid Entra Joined. Additionally, it becomes easier to auto-enroll devices into MDM services, including Microsoft Intune. Note, however, that this function requires that the user have an Entra ID Premium subscription for configuration.

In place of the reimaging, the existing Windows is transformed into a state that can easily apply the preset settings and policies, install apps, and support advanced features. Administrators can create and auto-assign the different devices within their ecosystem subject to the device’s profile. Finally, it becomes relatively straightforward to customize OOBE content specific to the user’s organization.

What if, during the device’s lifecycle, an endpoint is performing poorly? What if you intend on passing the device over to the next end user? In this case, you can leverage Windows Autopilot reset. The latter takes the device back to a business-ready state. Thus, the next user should be able to sign in and utilize this endpoint without much hassle. This reset removes any personal files, applications, or settings that might have been on the device. It also reapplies the original settings without compromising its identity connection to Azure AD. Further, it removes the device’s primary user and establishes the next user as the primary.

How to Deploy Autopilot

Once you deploy a new Windows device, Windows Autopilot leverages the OEM-optimized version of the Windows client. As it stands, this version is already preinstalled on the device, which means that neither the end-user nor the IT professionals must maintain custom images and drivers for the particular device model.

Before you can leverage Windows Autopilot, there’re a few configuration requirements that you’ll need. These should sufficiently meet and support some of the common Autopilot scenarios you are likely to encounter.

The first step would be to configure Entra ID automatic enrolment. Note that if you are using a different MDM service, it is advised that you liaise with the vendor for the specific URLs or configurations needed for this deployment. You’ll also need to configure Entra ID’s custom branding to display key organization elements, including a square logo, sign-in page text, and tenant name. It is prudent to mention that as you consider Windows Autopilot deployment, you also must consider the best practice guidelines for devices. This includes enabling auto-enrollment, which can be managed through manual device registration or automated processes if partnering with a vendor like Dell, IBM, or CDW for device hardware IDs. Additionally, configure Autopilot groups, set up Intune configuration and compliance policies, and ensure users are correctly assigned to devices.

Furthermore, your devices are expected to meet the minimum hardware requirements for Windows to ensure that the devices can quickly be provisioned as part of the deployment process. It would be best if the IT professionals reviewed the minimum hardware requirements for Windows before embarking on the deployment process.

After meeting the hardware and software requirements, the next stop should be the Windows Autopilot enrollment status page (ESP). Administrators can display the device’s configuration progress on your ESP profile. You can also track the installation of applications, security policies, certificates, and network connections as the need arises.

Licensing Requirements for Intune Autopilot

Right out of the gate, it is paramount to mention that Microsoft Intune Autopilot licensing requirements apply to Windows 11, Windows 10, and Windows Holographic, version 2004 or later devices. Further, it is essential to note that Windows Autopilot is reliant upon the specific capabilities available in Windows client and AAD. Further, it leverages MDM services, including Microsoft Intune. All of these are made available through different editions and subscription programs.

Seeing as you will need ADD as it comes with automatic MDM enrolment and key functionalities, there are specific subscriptions that you will require. These include:

• Microsoft Entra Plans and Pricing | Microsoft Security
• Microsoft Intune Subscription
• Compare Microsoft 365 Enterprise Plans | Microsoft 365
• Enterprise Mobility and Security Pricing Options | Microsoft 365
• Microsoft 365 for Frontline Workers Plans and Pricing | Microsoft 365
• Microsoft 365 Business Premium subscription

Additional recommended licenses include:

• Microsoft 365 Apps for enterprise
• Windows Subscription Activation

Manage Windows Endpoints with Intune Autopilot

Want to radically reduce the cost and complexity of managing the devices of your remote and distributed workforces? Agile IT can help you configure and deploy Autopilot for your windows 10 and 11 endpoints across Commercial, GCC, and GCC High. Request a quote today.