Windows AutoPilot demo

I’ve been playing around with Windows Autopilot recently and so I decided to do another video showing you a run through of the process involved in using this new technology from Microsoft.

There are a few pre-requisites you will need in place before you can fly with this (sorry Smile)

  • Microsoft Windows 10 1703 or higher
  • A device with Windows 10 installed – I used a VM in this demo
  • Microsoft Azure Premium (P1 or P2)
  • Microsoft Intune
  • Windows Store for Business

You will of course need an admin account in your Azure Portal to make the necessary configuration and an end user account which can be a simple domain user however must have an EMS/Intune licence assigned to the user with your Azure Active Directory.

A couple of link I used in the video are here:

The PowerShell used is:

wmic bios get serialnumber
Get-ItemPropertyValue "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey\" "ProductId"
$wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'"
$wmi.DeviceHardwareData | Out-File "($env:COMPUTERNAME).txt"

Also, these are the manufacturers that have so far signed up to the AutoPilot scheme and should be able to provide you the necessary information to import into AutoPilot:

  • Lenovo
  • Panasonic
  • Toshiba
  • Microsoft Surface
  • HP
  • Fujitsu
  • HP
  • Dell

Click the picture to play the demo video. Enjoy!

14 thoughts on “Windows AutoPilot demo

  1. Pete; my hero.

    I’ve been playing with this and got everything working except I sysprep’d the device, rather than ‘reset’. This creates a new hardware id and ruins EVERYTHING.

  2. Believe so. the branding pulls through into the login prompts etc.

    Aside from branding, it also doesn’t prevent local admin creation (which is the actual requirement), so I don’t think it’s doing autopilot at all?!

  3. Hi,

    For Windows 10 AutoPilot, I would like to ask two questions:

    Q1: Will hardware hash changes if we re-install or upgrade OS or run Sysprep /generalize ?

    Q2: If devices are not in OOBE state, and already reached to desktop, a local account is created, will these devices still get enrolled via Auto Pilot, or we must run the Sysprep to get OOBE?

    • Q1 – hardware hash is the same unless a major component changes in the machine.
      Q2 – Once the device reaches desktop you will need to perform the reset to use AutoPilot as it is OOBE. You can enroll with MDM and Azure AD from desktop though.

      • Hi and thanks for the reply.
        For Q1, is it documented somewhere ..?
        For Q2, which I forgot to mention, what will happen with the installation ID, if we perform a reset? Either new OS install or Sysprep, will installation ID will change?
        If hardware has remain constant, and serial number is also static, can we conclude that CSV file imported before the OS reset / upgrade will still be accepted?

  4. Pingback: Windows Autopilot Links | More than patches

  5. Hi Peter,

    Thank you for posting your video and blog, it was helpful to see everything in action. After watching, I had a couple of questions based on the goals I’d like to accomplish with AutoPilot, which are: a) prohibit users from installing unapproved software, b) allow Windows updates and company approved software updates/patches to be applied automatically without prompting for UAC elevation, and c) enable remote HelpDesk access with Administrator credentials.

    1) In the video, you installed the user as NonAdmin. How would the user then install Office365 or any other “company approved” software like Adobe Acrobat as NonAdmin? Wouldn’t the user need Administrative rights? Or could these software installs be made part of the AutoPilot deployment? Or could a remote Administrator login and install these?

    2) If the user was remote and needed some sort of support, would a HelpDesk agent be able to remote into the machine with Administrator credentials in order to “fix” any problems?

    3) If the hard drive died and is replaced with a factory image from one of the AutoPilot vendors, Dell for example, it seems like the hardware hash would change. If that user is remote, then it seems like they would not be able to get AutoPilot to work due to the hash change, is that right?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.