Skip to Content
DevicesEnrollmentAutopilot Devices

Autopilot Devices

Zero-touch deployment for Windows devices. Users unbox devices and sign in — Autopilot handles provisioning, app installation, and policy application automatically.

Note: Autopilot eliminates the need for custom Windows images. Devices ship directly to end users from OEMs or resellers. Configuration happens over the cloud during OOBE.

Autopilot Device List

View all registered Autopilot devices:

ColumnDescription
Serial NumberDevice serial number from hardware
ManufacturerDell, HP, Lenovo, Microsoft, etc.
ModelDevice model name
Group TagCustom tag for dynamic group targeting
ProfileAssigned deployment profile
Profile StatusAssigned, Pending, Not Assigned
Enrollment StateNot Enrolled, Enrolled, Enrollment Failed
Date AddedWhen device was registered in Autopilot

Deployment Scenarios

User-Driven Mode

Standard scenario. User powers on device, connects to network, signs in with Azure AD credentials. Device joins Azure AD and enrolls in Intune automatically. User sees progress during Enrollment Status Page.

Best for: Knowledge workers receiving new laptops

Self-Deploying Mode

Zero user interaction. Device provisions itself without any user sign-in during OOBE. Joins Azure AD as device-only. User signs in after provisioning completes. Requires TPM 2.0.

Best for: Kiosks, shared devices, digital signage

Pre-Provisioning (White Glove)

IT or partner pre-configures device before shipping to user. Device downloads policies and apps in advance. User gets fully configured device on first boot. Reduces user wait time significantly.

Best for: VIP users, complex app deployments, field workers

Autopilot Reset

Repurpose existing devices. Wipes user data but retains network configuration, Azure AD join, and Intune enrollment. Device is ready for next user immediately.

Best for: Device refresh, employee offboarding

Autopilot Profiles

Configure deployment profiles with these settings:

OOBE Settings

  • Skip Cortana, OneDrive, OEM registration pages
  • Skip privacy settings prompts
  • Skip license terms (if volume license)
  • Hide “Change account options”

User Account Type

  • Standard user (recommended for security)
  • Local administrator

Azure AD Join Type

  • Azure AD joined (cloud-only)
  • Hybrid Azure AD joined (requires on-prem DC connectivity)

Device Naming Template

Auto-generate device names using variables: %SERIAL%, %RAND:x%, etc. Example: LAPTOP-%SERIAL:7% becomes LAPTOP-ABC1234

Language/Region

Automatically configure OS language, input method, and timezone. Can use user’s Azure AD preferences.

Enrollment Status Page (ESP)

Shows provisioning progress during Autopilot. Configure what users see:

  • Show progress — Display app and profile installation status
  • Block use until complete — Prevent user from accessing desktop
  • Timeout — Error after X minutes if provisioning fails
  • Allow retry — Let users retry failed installs
  • Track specific apps — Only wait for critical apps

Registering Devices

OEM Registration

OEMs (Dell, HP, Lenovo) register device hardware hashes at time of purchase. Devices appear in your Autopilot inventory automatically. Preferred method.

Partner/Reseller Registration

CSP partners can register devices on your behalf through Partner Center. Works with hardware from any vendor.

Manual CSV Upload

Extract hardware hash using PowerShell script and upload CSV. Use for existing devices or small batches.

Get-WindowsAutopilotInfo -OutputFile autopilot.csv

SCCM Integration

Configuration Manager can collect hardware hashes from existing managed devices and sync to Autopilot service.

Group Tags

Assign tags to Autopilot devices for dynamic group membership:

  • Tag by department: Sales, Engineering, HR
  • Tag by location: Seattle, London, Sydney
  • Tag by device type: Laptop, Desktop, Kiosk
  • Create dynamic groups targeting OrderId or GroupTag attributes
  • Different groups get different profiles and apps

Troubleshooting

Profile Not Assigned

Check group membership. Profile assigns to groups, device must be in targeted group. Allow 15+ minutes for group sync.

Enrollment Timeout

Check ESP settings. Ensure required apps can install within timeout period. Review app installation logs.

Hybrid Join Fails

Device needs line-of-sight to domain controller. Check VPN/network during OOBE. Verify Intune Connector is running.

API Reference

  • GET /api/device-management-intune/autopilot/devices — List all Autopilot devices
  • POST /api/device-management-intune/autopilot/devices — Register new device (CSV upload)
  • DELETE /api/device-management-intune/autopilot/devices/:id — Remove device from Autopilot
  • GET /api/device-management-intune/autopilot/profiles — List deployment profiles
  • POST /api/device-management-intune/autopilot/sync — Sync Autopilot devices from Microsoft
Last updated on
Device WipesAutopilot Profiles