Close Menu
Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    Facebook X (Twitter) Instagram
    Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    • Home
    • Intune
    • Windows
      • Modern Workplace
    • macOS
    • Android
    • iOS
    • Automation
      • Logic Apps
      • Intune Monitoring
      • GitHub
    • Security
      • Passwordless
      • Security
    • Speaking
    • About me
    Peter Klapwijk – In The Cloud 24-7Peter Klapwijk – In The Cloud 24-7
    Home»Intune»Windows deployment with Windows Autopilot [UPDATED]
    Intune

    Windows deployment with Windows Autopilot [UPDATED]

    Peter KlapwijkBy Peter KlapwijkJuly 10, 2017Updated:December 3, 201994 Mins Read

    Microsoft announced Windows Autopilot end of June. Windows Autopilot is a collection of technologies to setup and pre-configure (new) Windows 10 devices. IT is able to customize the Out of Box Experience for Windows 10 devices. The end user connects the new device to the internet, logs on with the company credentials and in a few clicks the device is automatically Azure AD joined, Intune managed and software is deployed. All without the user making any decisions on settings and without the involvement of IT.

    There are some prerequisites using Windows Autopilot:

    • Devices must be registered to the organization
    • Devices must be running Windows 10, version 1703 or later
    • Devices must have access to the internet
    • Azure AD Premium (for auto Azure AD join)
    • Microsoft Intune or another MDM service (to manage the device/ roll out software)

    Registering the devices

    We first have to collect some information from the devices, to upload to the Microsoft Partner Center (later you should be able to use the Business Store as well). We need the device serial number, Windows Product ID and Hardware Hash. This information is uploaded with a csv file to the Partner Center.
    To collect the information we need, we can use this script or collect it manually.

    For the serial number run this query:
    wmic bios get serialnumber

    For the Windows Product ID have a look under Windows Settings, About or run this Powershell command:
    Get-ItemPropertyValue “hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey2\” “ProductId”

    And to get the Hardware Hash, run this query:
    $wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter “InstanceID=’Ext’ AND ParentID=’./DevDetail'”
    $wmi.DeviceHardwareData | Out-File “$($env:COMPUTERNAME).txt”

    Below an example of the csv file. An example file can also be downloaded from the Partner Center, where you need to upload yours.

    Manage Windows Autopilot from the Partner Center

    Now that we have collected the information, we need to upload it to the Microsoft Partner Center to register the device.
    Open the Partner Center, find the Customer and click on Devices on the left side. We first have to setup an Auto pilot profile, click on Add new profile.

    Enter a name for the new profile and set the settings you like. Select Skip privacy settings.
    If you don`t want the user to be a local admin, select Disable local admin account setup.

    Now it is time to add the device. Select Add devices

    Enter a group name for the devices you are uploading.
    Browse to the csv file with the collected device information and click Validate.
    After the validation is finished, click Upload.

    When the upload is finished, check the device, select Apply profile and choose the previously created profile to apply.

    Click Yes to apply the profile and your finished.

    The device is ready for Windows modern deployment with Windows Autopilot.

    The end user experience with Windows Autopilot

    When the Windows 10 device is turned on, this is the first screen the users is presented with to choose the region.

    The second screen to choose the keyboard.

    Question to add a second keyboard.

    Accept the License Agreement.

    The next step, Windows will verify network connectivity. When the device is connected with an ethernet cable, Windows will perform a check to see it is a known device. When not yet connected to the internet, you`re asked to select a wifi network.

    When it is a known device, you`re asked to logon with your company (Azure AD) account.

    When authentication is successful, the device profile from CSP is pushed to the device, the device is Azure AD joined, MDM settings are affected and software is deployed. The end user is logged on and is ready to get some work done!

    Later this year new capabilities will be added to Autopilot in the Windows 10 Fall Creators update.

    Update July 20th: Add device from Business Store

    Microsoft is rolling-out the options to add devices and create an AutoPilot profile in the Microsoft Business Store. you can find these option under Manage, Devices.

    Creating a profile and adding devices works exact the same way as in the CSP as described above.

    Autopilot Azure AD EMS Intune MEM Microsoft 365 Microsoft Endpoint Manager Windows10
    Share. Facebook Twitter LinkedIn Email WhatsApp
    Peter Klapwijk
    • Website
    • X (Twitter)
    • LinkedIn

    Peter is a Security (Intune) MVP since 2020 and is working as Modern Workplace Engineer at Wortell in The Netherlands. He has more than 15 years of experience in IT, with a strong focus on Microsoft technologies like Microsoft Intune, Windows, and (low-code) automation.

    Related Posts

    Windows AutoPilot Securing your hardware Failed 0x800705b4

    August 19, 2019

    Enable Self Service Password Reset feature on the Windows logon screen

    November 9, 2017

    Easily deploy Office Pro Plus with Intune

    July 25, 2017
    View 9 Comments

    9 Comments

    1. park on October 27, 2017 08:35

      Hello,
      Thanks for your post.

      I am interested in AutoPilot now, so I have done it. But I have a question about process in progress.
      There is a part that the product ID should be found out, In my case, I cannot find out the defaultproductkey2.
      So, is It possible to use the defaultproductkey instead of defaultproductkey2??

      I am looking for your reply
      Thank you in advance.

      Reply
      • Peter on November 2, 2017 20:27

        Hi Park,
        Compare the value of ProductId you find under defaultproductkey and the one you will find under Settings, System, About and you have your answer.
        I have defaultproductkey and defaultproductkey2, but defaultproductkey contains a value with OEM in it which is different from what I see at Settings, System, About.

        Reply
    2. Nigel on November 2, 2017 18:56

      My hardware hash shows a long repeating ‘AAAAAAAAAA’ string after quite a long hash. Is this normal?

      I have tested on a few Lenovo 1703 devices with the same result.

      Reply
      • Peter on November 2, 2017 20:24

        Hi Nigel,
        Yes that is normal, see that in my string a well.

        Reply
    3. Andreas on November 2, 2017 21:55

      Hi,
      My devices aren’t picked up by autopilot even though I’m online and all devices are added to the list of devices.
      Any idea why this happens? (Or doesn’t happen?)

      Reply
      • Peter on November 3, 2017 15:57

        No sorry. Maybe something is wrong with your csv file which you use to add devices. Compare yours with the example csv file.

        Reply
        • Andreas on November 6, 2017 12:13

          Hi Peter
          Thanks.
          My file hasn’t got the dashes in the serial, nor the product ID. Also the hardware hash is extremely long.
          I’ve used the power shell script from Github.

          Reply
          • Peter on November 7, 2017 21:56

            When I use the script I don`t see the dashes either. There is also some sort of issue with the format of the output file, cannot upload it in the Partner Center. When I copy the line with the serial etc in the example file, than I`m able to upload the file and the device shows up. But I cannot test Autopilot because it`s my own laptop 🙂

            Or use the separate commands to collect the information and put it in the example file and try it that way, I see more people have issues with PS:
            wmic bios get serialnumber

            Get-ItemPropertyValue “hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey2\” “ProductId”

            $wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter “InstanceID=’Ext’ AND ParentID=’./DevDetail'”
            $wmi.DeviceHardwareData | Out-File “$($env:COMPUTERNAME).txt”

            Reply
          • Jan on December 22, 2017 15:00

            Hi Andreas, need any help?

            Reply
    Leave A Reply Cancel Reply

    Peter Klapwijk

    Hi! Welcome to my blog post.
    I hope you enjoy reading my articles.

    Hit the About Me button to get in contact with me or leave a comment.

    Awards
    Sponsor
    Latest Posts

    Create deployment ring groups for Microsoft Intune

    June 27, 2025

    Update Windows Defender during Windows Autopilot enrollments

    May 16, 2025

    Hide the “Turn on an ad privacy feature” pop-up in Chrome with Microsoft Intune

    April 19, 2025

    How to set Google as default search provider with Microsoft Intune

    April 18, 2025
    follow me
    • Twitter 4.8K
    • LinkedIn 6.1K
    • YouTube
    • Bluesky 1.5K
    Tags
    Administrative Templates Android Automation Autopilot Azure Azure AD Browser Conditional Access Edge EMS Exchange Online Feitian FIDO2 Flow Google Chrome Graph Graph API Identity Management Intune Intune Monitoring iOS KIOSK Logic Apps macOS MEM MEMMonitoring Microsoft 365 Microsoft Edge Microsoft Endpoint Manager Modern Workplace Office 365 OneDrive for Business Outlook Passwordless PowerApps Power Automate Security SharePoint Online Teams Windows Windows 10 Windows10 Windows 11 Windows Autopilot Windows Update
    Copy right

    This information is provided “AS IS” with no warranties, confers no rights and is not supported by the authors, or In The Cloud 24-7.

     

    Copyright © 2025 by In The Cloud 24-7/ Peter Klapwijk. All rights reserved, No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

    Shorthand; Don’t pass off my work as yours, it’s not nice.

    Recent Comments
    • Parth Savjadiya on Using Visual Studio with Microsoft Endpoint Privilege Management, some notes
    • Chris Johnson on Assign Deny Local Log On user right to an (Azure) AD group by using Microsoft Intune
    • Northernsky on Automatically wipe a Windows 10 device after a number of authentication failures
    • Henrik on Intune Driver update for Windows – Get applicable devices
    • Adam on Get notified on expiring Azure App Registration client secrets
    most popular

    Application installation issues; Download pending

    October 1, 2024

    Restrict which users can logon into a Windows 10 device with Microsoft Intune

    April 11, 2020

    How to change the Windows 11 language with Intune

    November 11, 2022

    Update Microsoft Edge during Windows Autopilot enrollments

    July 9, 2024
    Peter Klapwijk – In The Cloud 24-7
    X (Twitter) LinkedIn YouTube RSS Bluesky
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.

    Manage Cookie Consent
    To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
    View preferences
    {title} {title} {title}