Close Menu
Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    Facebook X (Twitter) Instagram
    Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    • Home
    • Intune
    • Windows
      • Modern Workplace
    • macOS
    • Android
    • iOS
    • Automation
      • Logic Apps
      • Intune Monitoring
      • GitHub
    • Security
      • Passwordless
      • Security
    • Speaking
    • About me
    Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    Home»Intune»Windows AutoPilot Deployment Q&A
    Intune

    Windows AutoPilot Deployment Q&A

    Peter KlapwijkBy Peter KlapwijkJuly 28, 2017Updated:December 3, 20198 Mins Read

    Yesterday there was a webinar about Windows AutoPilot with a Q&A. Because it contains some good to know information, you can read the questions and answer below:

    In which build of Windows 10 will AutoPilot be enabled and ready?
    Windows 10 1703 (already released) includes the necessary support for Windows AutoPilot.

    Can I use 3rd party MDM with AutoPilot?
    Yes, any Windows supported MDM – AirWatch, MobileIron, etc – are all supported by AutoPilot, in addition to InTune.

    What happens if the Laptop WAS wiped by IT due to malware, will this AutoPilot still work, since the LT has no boot img?
    Windows AutoPilot starts from the preinstalled OS that comes on the device. If the devices needs to be rebuilt due to malware, typically you would recover it using OEM-provided media or recovery images.

    How do I find out which OEMs support this?
    Several OEMs are in the first wave of supporters, including HP, Dell, Lenovo, etc. We are working and hope all OEMs will support AutoPilot in the months ahead.

    How do I get from my wireless to the corporate network?
    Windows AutoPilot will join the device to Azure AD and enroll it in Intune or another MDM service. A VPN profile can be deployed to the device via MDM; that can connect to the corporate network.

    What additional licenses/subscriptions are needed?
    You need the following: Win 10 1703 build with 7b cumulative update, AAD Premium subscription, an MDM.

    Is this only available with AD Azure or can a local AD use this feature?
    Today this supports Azure AD only. We will add support for Active Directory in the Fall Creators Update.

    Can more that one profile be assigned to a single device?
    No, however a single profile can be assigned to a group of devices.

    Is the AutoPilot program really meant for remote users and laptops, or do you see this as a way to deploy desktops internal desktops as well?
    It can be used with any device. The goal would be to move away from image-based deployment on all devices; if you do it for “all devices except desktops” you are still having to build images.

    What if you already own your PCs or your reseller does not share info with MS, can the devices be pre-loaded with a wireless profile for the corporate wireless network, so that it’s able to connect to the corporate wireless network with knowing the wireless password?
    Windows AutoPilot joins the device to Azure AD and enrolls it in an MDM service; that MDM service (e.g. Intune) can push a VPN connection profile to the device/user.

    How does the PC know to go talk to the Autopilot?
    If the PC has been registered and a profile assigned (either by IT admin, partner, or hardware vendor), then as soon as the PC is powered on and connects to the Internet, it will know to talk automatically to the AutoPilot service.

    Which editions of Win 10 are supported?
    Windows 10 Pro, Enterprise, and Education are supported. Windows 10 1703 is required; using the latest cumulative update (at least through July) is recommended.

    Will the device be enrolled as mobile device in Intune or will it receive the intune client?
    The device will be enrolled as a mobile device, using the in-box MDM components. The Intune Client is not recommended on Windows 10; it’s primarily to support Windows 7 clients that don’t have an in-box MDM agent.

    What kind of information does the DeviceID contain when it registers it?
    The device ID is a unique identifier that can identify the device over its life. It is a hardware hash generated by collecting hardware fingerprints and accounting for the fact that the device might have parts replaced, added, etc.

    Is the profile something the end user could remove? With Apple’s DEP the profiles are not allowed to be removed by the end user.
    If you are asking if the employee (end user) can remove the profile, no, the end user will not have privileges to register, create, assign or remove profiles. Only those employees with admin privileges will be able to do these tasks.

    Can AutoPilot deliver a provisioning package?
    No, all settings are deployed to the device using the MDM enrollment, e.g. Intune.

    How are 3rd party applications installed? (i.e. Java, Adobe Reader, Flash, LOBs, QuickBooks, LiteShow3, etc.,)
    Software installation is performed via the MDM service, e.g. Intune. This supports MSI, App-V, and UWP app installation.

    Can the bits be downloaded from an SCCM distribution point?
    Today, Windows AutoPilot supports Azure Active Directory and MDM services like Intune. The content will come from the cloud. We are looking at future scenarios that leverage Active Directory.

    What alternative path we have for Group Policy in AutoPilot
    Settings would be deployed to the device using the MDM service, e.g. Intune. With Windows 10 1703, we added support for pushing many group policy settings via MDM to the device, which simplifies this. The MMAT tool available on GitHub will analyze your GPOs to tell you the equivalent MDM setting.

    Can Multiple Profiles be created?
    Yes, a tenant/customer can create multiple profiles. A profile can then be assigned to one or more devices.

    What kind of subscription do I need?
    Windows AutoPilot joins the device to Azure AD, which triggers automatic MDM enrollment. That MDM auto-enrollment feature requires Azure Active Directory Premium. That’s the only subscription requirement, although we’d recommend Windows 10 Enterprise E3 or E5 subscriptions to get the additional Windows 10 Enterprise features.

    For Public Sector with only O365 accounts (no Azure-AD) Is it possible to Autopilot a device, and then return it to our on-prem management (non SCCM) afterwards?
    That’s a scenario that we’re looking at for the Windows 10 Fall Creators Update later this year. We will add Active Directory support.

    MMAT tool available on GitHub, any link?
    https://github.com/WindowsDeviceManagement/MMAT

    What happens if the user doesn’t have Internet access when signing in?
    The user will not get the AutoPilot customizations and policies. The device will get set up as if it isn’t registered with AutoPilot.

    Two questions regarding Multiple User Profiles were asked, and 2 different answers were given:Q1. Can more that one profile be assigned to a single device? A1. No, however a single profile can be assigned to a group of devices. Q2. Can Multiple Profiles be created? A2. Yes, a tenant/customer can create multiple profiles. A profile can then be assigned to one or more devices. Can you please reconcile this contradiction?
    Both are true. A customer/corp can create multiple profiles, one for their HR department, one for their sales department, etc. (A2) THen the HR profile can be assigned to all HR employee owned devices. (A1) No, a single device owned by Anna in HR cannot receive two profiles.

    In a previous question regarding InTune, the following answer was given “The Intune Client is not recommended on Windows 10; it’s primarily to support Windows 7 clients that don’t have an in-box MDM agent.” – So regarding the answer to “How are 3rd Party applications installed?” which the answer was “Software installation is performed via the MDM service, e.g. Intune. ” – These two answers seem to contradict each other.
    The in-box MDM support in Windows 10 supports software installation using MSI, AppX/UWP, and App-V. So you can deploy software from Intune without the Intune agent. There are some limitations with this support (e.g. only single-file MSIs at this point); we are working with Intune and other MDM providers to address this.

    What happens if the user doesn’t have Internet access when signing in?
    The user will not get the AutoPilot customizations and policies. The device will get set up as if it isn’t registered with AutoPilot. —– is there remediation after some Tim?
    They can continue through OOBE and create a local account. Without an internet connection, they won’t be able to use Windows AutoPilot.

    Is a restore partition required for this?
    We recommend all Windows 10 devices have a recovery partition, but typically this partition just contains a boot image. The OS itself can be rebuilt from the files on the main Windows partition.

    The disk layout partition remains the same before the autopilot process?
    Windows AutoPilot uses the OS that’s already on the device. So no partition changes are made.

    How do you get a MSfB account?
    Go to http://businessstore.microsoft.com and sign in with your Azure AD tenant admin account.

    I missed the last slide:( could you show it again or will this presentation be available later?
    We’ll post a recap of the event, the Q&A, and the instructions on that last slide in a post on the Windows 10 management space on Microsoft Tech Community later today. https://techcommunity.microsoft.com/t5/Windows-10-management/bd-p/Windows10Management

    Can we get a link of the PowerShell script?
    https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/1.0/DisplayScript

    Is there an option to test Autopilot without a WSfB account? When will this be coming out of private preview so it can be tested by all?
    It is really in public preview now 🙂

     

    Autopilot Azure AD EMS Intune MEM Microsoft 365 Microsoft Endpoint Manager Windows10
    Share. Facebook Twitter LinkedIn Email WhatsApp
    Peter Klapwijk
    • Website
    • X (Twitter)
    • LinkedIn

    Peter is a Security (Intune) MVP since 2020 and is working as Modern Workplace Engineer at Wortell in The Netherlands. He has more than 15 years of experience in IT, with a strong focus on Microsoft technologies like Microsoft Intune, Windows, and (low-code) automation.

    Related Posts

    Export Edge favorites to use in an Intune profile or GPO

    April 9, 2021

    Windows AutoPilot Securing your hardware Failed 0x800705b4

    August 19, 2019

    Configure Windows 10 power settings using Microsoft Intune

    July 4, 2019
    Add A Comment
    Leave A Reply Cancel Reply

    Peter Klapwijk

    Hi! Welcome to my blog post.
    I hope you enjoy reading my articles.

    Hit the About Me button to get in contact with me or leave a comment.

    Awards
    Sponsor
    Latest Posts

    Create deployment ring groups for Microsoft Intune

    June 27, 2025

    Update Windows Defender during Windows Autopilot enrollments

    May 16, 2025

    Hide the “Turn on an ad privacy feature” pop-up in Chrome with Microsoft Intune

    April 19, 2025

    How to set Google as default search provider with Microsoft Intune

    April 18, 2025
    follow me
    • Twitter 4.8K
    • LinkedIn 6.1K
    • YouTube
    • Bluesky 1.5K
    Tags
    Administrative Templates Android Automation Autopilot Azure Azure AD Browser Conditional Access Edge EMS Exchange Online Feitian FIDO2 Flow Google Chrome Graph Graph API Identity Management Intune Intune Monitoring iOS KIOSK Logic Apps macOS MEM MEMMonitoring Microsoft 365 Microsoft Edge Microsoft Endpoint Manager Modern Workplace Office 365 OneDrive for Business Outlook Passwordless PowerApps Power Automate Security SharePoint Online Teams Windows Windows 10 Windows10 Windows 11 Windows Autopilot Windows Update
    Copy right

    This information is provided “AS IS” with no warranties, confers no rights and is not supported by the authors, or In The Cloud 24-7.

     

    Copyright © 2025 by In The Cloud 24-7/ Peter Klapwijk. All rights reserved, No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

    Shorthand; Don’t pass off my work as yours, it’s not nice.

    Recent Comments
    • Parth Savjadiya on Using Visual Studio with Microsoft Endpoint Privilege Management, some notes
    • Chris Johnson on Assign Deny Local Log On user right to an (Azure) AD group by using Microsoft Intune
    • Northernsky on Automatically wipe a Windows 10 device after a number of authentication failures
    • Henrik on Intune Driver update for Windows – Get applicable devices
    • Adam on Get notified on expiring Azure App Registration client secrets
    most popular

    Application installation issues; Download pending

    October 1, 2024

    Restrict which users can logon into a Windows 10 device with Microsoft Intune

    April 11, 2020

    How to change the Windows 11 language with Intune

    November 11, 2022

    Update Microsoft Edge during Windows Autopilot enrollments

    July 9, 2024
    Peter Klapwijk – In The Cloud 24-7
    X (Twitter) LinkedIn YouTube RSS Bluesky
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.

    Manage Cookie Consent
    To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
    View preferences
    {title} {title} {title}