Microsoft Intune Autopilot explained

In this blog post, I will try to explain what is Microsoft Intune Autopilot and how Autopilot configuration works.


Before I go into details about autopilot, I will start by explaining the equivalent product to Autopilot in a non-cloud world.

Autopilot is like remote boot wherein a non-cloud environment we boot a computer using F12 and install an image.

In the old days of Windows Server, we had RIS which was Remote Installation Server and later was renamed to Windows Deployment Server (WDS).

System Center Configuration Manager ( SCCM) does the same but provide advanced features.

The future

Because Intune is a cloud-only service without any local server using F12 to boot your machine is not relevant.

Autopilot works differently compared to the above technologies.

Using Windows built-in device registration service, autopilot detects the hardware ID of any windows machine that is registered for the first time.

The Process

Autopilot works using a two steps process.

Step 1

An Administrator creates Autopilot policies that have the hardware IDs of all the devices that are going to use Autopilot.

The policies include:

Security and compliance policies

Defender ATP policies

Software deployments

The Administrator also feeds and add all the devices hardware ID to an Azure AD group that is linked to autopilot using the following methods:

PowerShell script – For existing and new machines, a script can be run on the machines that extract the hardware ID.

SCCM – If you have the hardware ID from SSCM you can export the IDs and feed them to Intune

Vendor – This is the most effective method If you work with a vendor that supports Autopilot, your vendor can export the hardware IDs of new computers that you buy directly to Intune Autopilot and Dynamic Groups.

Step 2

When an existing machine is being reset using the Reset this PC or a new machine is being set up; the built-in Windows registration service detects that the machine belongs to an Intune Autopilot organization and will show the branding of the organization.

The user will be asked to enter his username and password.

Once entered, Autopilot will join the machine to Azure AD, apply polices and install software automatically.