Creating a Win32 App in Intune: A Simple Guide
August 22, 2023
Ready for a Refresh? Your Guide to Upgrading from Windows 10 to Windows 11
March 26, 2025
Windows Autopilot Device Preparation in Intune
Windows Autopilot is a collection of cloud-driven technologies designed to simplify the initial setup and configuration of new or reset Windows devices. Autopilot Device Preparation plays a key role in this process by:
- Resetting the device to a clean state
- Installing necessary updates
- Pre-installing apps and drivers (with Delivery Optimization to efficiently share downloaded content across devices)
- Configuring system settings based on company policies
This modern provisioning approach reduces hands-on IT involvement compared to traditional imaging methods like Microsoft Deployment Toolkit (MDT).
1. Why Replace MDT with Autopilot Device Preparation?
Modern Provisioning vs. Traditional Imaging
- MDT: Involves creating custom Windows images, which can be time-consuming and require ongoing maintenance.
- Autopilot: Uses the OEM-provided Windows image and layers configurations, policies, and applications via Intune. This eliminates the need for complex image creation and reduces operational overhead.
Cloud-Driven Management
- MDT: Depends on on-premises infrastructure.
- Autopilot: Leverages the cloud, making it more adaptable to hybrid and remote work scenarios.
Zero-Touch Deployment
- Devices can be shipped directly to end-users, already pre-configured and ready to use, dramatically lowering IT workloads and speeding up deployment times.
2. Step-by-Step Guide to Setting Up Autopilot Device Preparation
Step 1: Create Security Groups in Entra (Azure AD)
Purpose: Organize users and devices for targeted assignment of policies and profiles.
- Create a User Group:
- Name: Autopilot Device Preparation – User Group
- Membership: Assigned – contains all users who will perform the Autopilot setup.
- Create a Device Group:
- Name: Autopilot Device Preparation – Device Group
- Owner: Set to the Intune provisioning enterprise app (ID:
f1346770-5b25-470b-88bd-d5744ab7952c) - Purpose: Houses devices that will be pre-provisioned.
Step 2: Configure the Device Preparation Policy in Intune
Purpose: Define the pre-provisioning settings applied during Autopilot setup.
- Access Policy Settings:
- In the Microsoft Endpoint Manager admin center, navigate to:
Devices > Enrolment > Device Preparation Policies
- In the Microsoft Endpoint Manager admin center, navigate to:
- Create a New Policy:
- Policy Name: e.g., AutoPilot Device Preparation Policy – Staff
- Device Group: Select the Autopilot Device Preparation – Device Group
- Configure Policy Settings:
- Join Type: Select Entra Joined Only (note: Hybrid Join is not available)
- User Setup: Disable the option that allows users to skip setup after multiple attempts
- Apps: Add essential apps (such as Company Portal, Windows App, Microsoft 365 Apps) and ensure they are assigned to the device group
- Scripts: Attach required scripts (for example, a bloatware removal script)
- Tags: Leave blank if not needed
- Assignments:
- Assign this policy to the Autopilot Device Preparation – User Group
- Review & Save the policy.
Step 3: Set Device Platform Restrictions
Purpose: Ensure only corporate-owned devices can enroll.
- Access Platform Restrictions:
- In Intune, go to:
Devices > Enrolment > Device Platform Restrictions
- In Intune, go to:
- Create a New Restriction:
- Restriction Name: e.g., Windows Device Restrictions
- Assignments: Apply to All Users to block personal devices from enrolling
Step 4: Define Corporate Device Identifiers
Purpose: Help Intune differentiate corporate devices from personal ones during enrollment.
- Access Corporate Device Identifiers:
- Navigate to:
Devices > Enrolment > Corporate Device Identifiers
- Navigate to:
- Add Identifiers:
- Manually: Enter identifiers such as IMEI or Serial Number (common with mobile devices)
- Upload CSV: For Windows devices, select “Manufacturer, model and serial number.”
- Creating the CSV File:
- Open Command Prompt and run:cCopy
wmic csproduct get vendor, name, identifyingnumber - Copy the output into a text editor (e.g., Notepad) with the following format:pgsqlCopy
Vendor,Name,IdentifyingNumber - Save the file as
DevicePrepDemo.csv
- Open Command Prompt and run:cCopy
- Creating the CSV File:
- Upload the CSV to Intune.
Step 5: Experience the Out-of-Box Experience (OOBE)
Purpose: Validate the setup using a test device.
- Boot the Device:
- Power on a new or reset device to start the OOBE.
- Follow OOBE Prompts:
- Select country/region and keyboard layout.
- Accept the license agreement.
- Sign in with your User Principal Name (UPN).
- Pre-Provisioning Process:
- During OOBE, press the Windows key five times to trigger Autopilot Device Preparation mode.
- Authenticate with an IT admin account if prompted.
- The device will automatically download and apply updates, apps, drivers, and configurations as defined in the policy.
- Completion:
- Once pre-provisioning completes, the device will finalize configuration and be ready for end-user setup.
3. Key Considerations When Transitioning from MDT
Managing OEM Bloatware
- Issue: Unlike MDT, Autopilot doesn’t natively remove OEM bloatware.
- Solution: Use Intune scripts (e.g., Win11Debloat PowerShell script) to remove unwanted applications, disable telemetry, and adjust system settings for privacy and performance.
Custom Drivers and Applications
- MDT: Integrates custom drivers and apps within the image.
- Autopilot: Requires pushing drivers and applications via Intune policies and app deployments.
Network Dependencies
- Autopilot: Relies on a stable internet connection.
- Optimization: Leverage Delivery Optimization to share downloaded content among devices on the same network or pre-stage content as needed.
Exploring Alternative Tools
- For deeper customization, consider tools like the PowerShell Deployment Solution (PSD) from the Friends of MDT community, which bridges traditional imaging and modern provisioning.
4. Best Practices for a Smooth Transition
- Evaluate Current Deployment Needs: Review and map your current MDT configurations to Autopilot policies and scripts.
- Pilot Testing: Begin with a small group of devices to test the entire provisioning process.
- Documentation & Automation: Keep detailed documentation and automate repetitive tasks wherever possible.
- Monitoring: Use Microsoft Endpoint Analytics and Intune’s reporting features to monitor the provisioning process and resolve issues promptly.
5. Conclusion
Windows Autopilot Device Preparation provides a modern, cloud-driven approach to device provisioning that reduces manual intervention, speeds up deployments, and fits well with hybrid/remote work environments. While it doesn’t natively offer all the customization of MDT (such as removing OEM bloatware or changing Windows editions), these gaps can be bridged with Intune scripts, app deployments, and complementary solutions like PSD.
By following this guide, IT administrators can transition from traditional MDT-based imaging to a streamlined, zero-touch Autopilot process—preparing devices efficiently and ensuring that end users receive a ready-to-use, secure, and up-to-date system.
