Windows AutoPilot – questions and answers

Introduction

Yesterday I attended an informative webcast with Meyyammai (Maya) Subramanian and  Michael Niehaus about Windows 10 AutoPilot entitled Webcast + live Q&A on Windows AutoPilot: July 27th.

Windows 10 AutoPilot is the future of Windows deployment and uses elements from Windows Store for Business, Windows Configuration Designer (available in the Windows Store), a csv file from the OEM (HP, Dell etc), and of course Azure AD and Intune (or a 3rd party mdm provider).

Opening Windows Store For Business today, I see a Devices section which is where you can go to get started with Windows 10 Autopilot.

The session was informative and had demos and also included a questions and answers pane.

For my benefit (and yours), I copied those questions and answers and have pasted them below.

In which build of Windows 10 will AutoPilot be enabled and ready?

Windows 10 1703 (already released) includes the necessary support for Windows AutoPilot.

 

Can I use 3rd party MDM with AutoPilot?

Yes, any Windows supported MDM – AirWatch, MobileIron, etc – are all supported by AutoPilot, in addition to InTune.

 

What happens if the Laptop WAS wiped by IT due to malware, will this AutoPilot still work, since the LT has no boot img???

Windows AutoPilot starts from the preinstalled OS that comes on the device. If the devices needs to be rebuilt due to malware, typically you would recover it using OEM-provided media or recovery images.

 

How do I find out which OEMs support this?

Several OEMs are in the first wave of supporters, including HP, Dell, Lenovo, etc. We are working and hope all OEMs will support AutoPilot in the months ahead.

 

How do Iget from my wireless to the corporate network?

Windows AutoPilot will join the device to Azure AD and enroll it in Intune or another MDM service. A VPN profile can be deployed to the device via MDM; that can connect to the corporate network.

 

What additional licenses/subscriptions are needed ?

You need the following: Win 10 1703 build with 7b cumulative update, AAD Premium subscription, an MDM.

 

Is this only available with AD Azure or can a local AD use this feature?

Today this supports Azure AD only. We will add support for Active Directory in the Fall Creators Update.

 

Can more that one profile be assigned to a single device?

No, however a single profile can be assigned to a group of devices.

 

Is the AutoPilot program really meant for remote users and laptops, or do you see this as a way to deploy desktops internal desktops as well?

It can be used with any device. The goal would be to move away from image-based deployment on all devices; if you do it for “all devices except desktops” you are still having to build images.

 

What if you already own your PCs or your reseller does not share info with MS

Can the devices be pre-loaded with a wireless profile for the corporate wireless network, so that it’s able to connect to the corporate wireless network with knowing the wireless password?

Windows AutoPilot joins the device to Azure AD and enrolls it in an MDM service; that MDM service (e.g. Intune) can push a VPN connection profile to the device/user.

 

How does the PC know to go talk to the Autopilot?

If the PC has been registered and a profile assigned (either by IT admin, partner, or hardware vendor), then as soon as the PC is powered on and connects to the Internet, it will know to talk automatically to the AutoPilot service.

 

Which editions of Win 10 are supported?

Windows 10 Pro, Enterprise, and Education are supported. Windows 10 1703 is required; using the latest cumulative update (at least through July) is recommended.

 

Will the device be enrolled as mobile device in Intune or will it receive the intune client?

The device will be enrolled as a mobile device, using the in-box MDM components. The Intune Client is not recommended on Windows 10; it’s primarily to support Windows 7 clients that don’t have an in-box MDM agent.

 

What kind of information does the DeviceID contain when it registers it?

The device ID is a unique identifier that can identify the device over its life. It is a hardware hash generated by collecting hardware fingerprints and accounting for the fact that the device might have parts replaced, added, etc.

 

How is the Phone Home for Config feature enabled? Special OS sku, al Win10, OEM config or local config?

Do you mean how does Windows AutoPilot work? All Windows 10 Pro (and above) SKUs will automatically check the Windows AutoPilot service to see if the device is enrolled; if it is, it will download the configured settings.

 

Is the profile something the end user could remove? With Apple’s DEP the profiles are not allowed to be removed by the end user.

If you are asking if the employee (end user) can remove the profile, no, the end user will not have privileges to register, create, assign or remove profiles. Only those employees with admin privileges will be able to do these tasks.

 

Can AutoPilot deliver a provisioning package?

No, all settings are deployed to the device using the MDM enrollment, e.g. Intune.

 

How are 3rd party applications installed? (i.e. Java, Adobe Reader, Flash, LOBs, QuickBooks, LiteShow3, etc.,)

Software installation is performed via the MDM service, e.g. Intune. This supports MSI, App-V, and UWP app installation.

 

Can the bits be downloaded from an SCCM distribution point?

Today, Windows AutoPilot supports Azure Active Directory and MDM services like Intune. The content will come from the cloud. We are looking at future scenarios that leverage Active Directory.

 

What alternative path we have for Group Policy in autopilot

Settings would be deployed to the device using the MDM service, e.g. Intune. With Windows 10 1703, we added support for pushing many group policy settings via MDM to the device, which simplifies this. The MMAT tool available on GitHub will analyze your GPOs to tell you the equivalent MDM setting.

 

Can Multiple Profiles be created?

Yes, a tenant/customer can create multiple profiles. A profile can then be assigned to one or more devices.

 

What kind of subscription do I need?

Windows AutoPilot joins the device to Azure AD, which triggers automatic MDM enrollment. That MDM auto-enrollment feature requires Azure Active Directory Premium. That’s the only subscription requirement, although we’d recommend Windows 10 Enterprise E3 or E5 subscriptions to get the additional Windows 10 Enterprise features.

 

For Public Sector with only O365 accounts (no Azure-AD) Is it possible to Autopilot a device, and then return it to our on-prem management (non SCCM) afterwards?

That’s a scenario that we’re looking at for the Windows 10 Fall Creators Update later this year. We will add Active Directory support.

 

MMAT tool available on GitHub, any link?

https://github.com/WindowsDeviceManagement/MMAT

 

What happens if the user doesn’t have Internet access when signing in?

The user will not get the AutoPilot customizations and policies. The device will get set up as if it isn’t registered with AutoPilot.  They can continue through OOBE and create a local account. Without an internet connection, they won’t be able to use Windows AutoPilot.

 

Is a restore partition required for this?

We recommend all Windows 10 devices have a recovery partition, but typically this partition just contains a boot image. The OS itself can be rebuilt from the files on the main Windows partition.

 

The disk layout partition remains the same before the autopilot process?

Windows AutoPilot uses the OS that’s already on the device. So no partition changes are made.

 

How do you get a MSfB account?

Go to http://businessstore.microsoft.com and sign in with your Azure AD tenant admin account.

 

Related reading

This entry was posted in Auto MDM enrollment, Azure AD, Intune, Windows 10 AutoPilot. Bookmark the permalink.

Leave a Reply