Windows Autopilot | How It Makes Your Life Easier
Autopilot is here to help simplify the process of deploying or onboarding new devices within your organization – find out how.
Typically, deploying new Windows devices has been entirely in the hands of IT. Custom images have to be built, maintained and applied to get everything ready for new users…despite having an OS pre-installed. This can be followed by hours of the manual setup of applications, policies, and drivers for each new or repurposed device. All this manual set up takes away time and resources that could be better spent on other valuable projects. Sound familiar? Thankfully, Microsoft has developed Windows Autopilot – a new cloud-based technology that is quietly transforming this typical tedious provisioning process into a more automated and user-friendly process.
What is Windows Autopilot?
Windows Autopilot is a collection of technologies that are used to set up and pre-configure new devices within an organization. Additionally, you can reset, repurpose and recover devices easily- because there will be no infrastructure to manage. Autopilot is designed to simplify the lifecycle of Windows products through initial deployment to end of life. When deploying new devices, Autopilot saves organizations the effort of having to maintain custom images and drivers for every model or device being used. Now, all those new users will have to do with their new device is simply log in and verify their credentials and the rest is done by Autopilot.
This is a new approach to how your IT staff will spend their time. What traditionally took up a lot of time to build and customize images to be deployed to new devices, is now much easier and more efficient with Autopilot.
Organizations are able to seamlessly deploy laptops without IT even touching them. With Autopilot, organizations can have domain joined computers remotely – which means they can be deployed and set-up over VPN. This has huge implications in an increasingly remote-working world, as end users are not bound to be on-premises to start working. Businesses cannot afford delays between deliveries, deployment time, and needing to be in person – and Autopilot is the answer.
Here are the top three benefits of Autopilot for modern device deployment –
- Eliminate OS Image Re-Engineering – With smart pre-configuration, you can set up settings once, set it to an Autopilot profile in Microsoft Intune, and automatically have it applied to all Windows devices under that profile. All of this is achieved using the cloud.
- Customize the Out-of-the-Box Experience – Windows Autopilot allows your business to customize the out-of-box experience (OBBE) for new Windows 10 devices ahead of time. Once you set OOBE to your organization’s preferences, it will allow your end-users to skip entire sections that previously required manual input – and start using the device for work without the hassle and ultimately helping users get through the new device setup process faster and easier. Ship the PC directly to the end-user and skip a stop at the IT Department!
- Pre-configure policies and ensure security with enrollment status – Windows Autopilot’s enrollment status feature makes it easier to ensure your Windows devices are fully configured, compliant and secure before users can access the desktop. Greater control over user access gives your team enough time to identify whether everything is properly set up before your users access the full device. Greater control also allows the IT team to have more time to evaluate and fix things when unexpected errors occur.
How It Works
Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this is performed by the Original Equipment Manufacturer (OEM), reseller, or distributor from which the devices were purchased. When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service.
There are now six OEMs that support this:
When a device is purchased from a vendor (Dell for example), the vendor can send a list of your devices with hardware information that gets uploaded to Intune. Computers that go through Autopilot will verify that users’ credentials along with their hardware information against Intune and determine if that machine is eligible for Autopilot or not.
Customers may also purchase from resellers, distributors or Microsoft Partners, as long as they are part of the Cloud Solution Partners (CSP) program – like Interlink. For a step-by-step on how to give a CSP or OEM authorization to register Windows Autopilot devices on your behalf, click here.
The next step is for organizations to customize their user set up the experience by creating a deployment profile (get step-by-step instructions here) that is assigned to your organization’s devices. Lastly, the device is shipped to your organization and Autopilot will deliver all the apps and settings they need to hit the ground running.
So far, this software sounds great, but what sets Autopilot above the rest?
Here are five things that make Windows Autopilot worth your while:
- When you use Intune to manage autopilot devices, you can manage policies, profiles, apps, and more once they’re enrolled.
- Autopilot allows end-users to go BYOD (bring your own device) but still have their device configured. This can be useful in case a laptop suddenly breaks and an end-user must get a last-minute replacement.
- You will know what is going on by being able to keep track of progress while configuring new devices through the Enrollment Status Page (ESP). This displays the status of the full device configuration process – especially great when end-users are geographically distributed.
- Autopilot provides a better user experience with personalization and fewer steps to set up.
- You can protect your core devices by managing device identities in Azure Active Directory (Azure AD), by using Intune and Autopilot to set up hybrid Azure AD-joined devices.
Types of Autopilot Deployments
- Through user-driven provisioning, Autopilot also makes it easy for end-users to set up new devices without ever involving IT. This mode enables Windows 10 devices to be taken from factory settings into a ready-to-use state. First, you must turn on a factory setting device and select a language/locale/keyboard. Then, all that’s left to do is connect it to a wireless or wired network and log in with your organization's email and password. The cloud will take care of the rest!
- Self-deploying device provisioning allows organizations to deploy Windows 10 to a kiosk, digital signage, or shared device with little to no interaction. Similarly to the user-driven provisioning, in order to use this method, devices must be connected via Wi-Fi or Ethernet. Then the self-deploying mode joins the device into Azure Active Directory and enrolls the device in Intune or another MDM service. You can also leverage the new Kiosk Browser app on Microsoft Edge to tailor the browsing experience when setting up a kiosk.
- Using Autopilot for existing devices allows you to deploy the latest version of Windows 10. The app's users can be automatically installed from the cloud, along with synching your work profile to create a seamless transition. Windows Autopilot can also provide a white-glove service that enables partners or IT staff to pre-provision a Windows 10 PC so that it is fully configured and business-ready. From the end user’s perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster.
Intune & Autopilot or SCCM?
With knowing more about Autopilot and its capabilities, the next step is to consider whether Autopilot or System Center Configuration Manager (SCCM) is the better fit for your organization. Organizations are often confused on whether to use Microsoft Windows Intune or SCCM – this mainly depends on the size of your organization and its specific needs.
When Intune is coupled with Autopilot, it is a credible end-to-end lifecycle management platform. It can save time and money for organizations because it is more of an out of the box solution for Mobile Device Management. However, it still cannot service all the use cases that SCCM can.
SCCM is a more powerful tool because it has far more capabilities. A few examples –
- Both SCCM and Intune can manage Windows 10 operating systems, but only SCCM can manage Windows Server operating systems.
- Both SCCM and Intune can deploy configuration settings to mobile devices but SCCM has additional compliance features, like deploying and customizing Windows PC device configuration settings.
- Both SCCM and Intune can deploy applications to devices and Windows PCs but SCCM can also deploy Windows operating systems.
- Both SCCM and Intune have a hardware and software inventory, but SCCM has the ability to monitor and report on how often software is being used.
Give It a Try Today
If Autopilot is something you are interested in pursuing and utilizing, we would love to discuss how it would fit your organization's needs. If your organization is looking into Autopilot but still has questions, contact Interlink, and we can start a discussion about your organization’s specific needs to determine the best-fitting solution.
Interested in learning more? View our similar blog: Automated Investigation and Response (AIR) in Office 365.
About the author
Jimmy Smogor is the Security Practice Lead at Interlink. Jimmy started at Interlink over 8 years ago while in college and has developed immense expertise in the world of cybersecurity. He has expanded his knowledge of Microsoft Security to assist our clients by leveraging Microsoft’s security stacks, whether it’s a simple deployment of Multi-factor for sign-in or leveraging Defender for Endpoint EDR with Microsoft Sentinel for automated playbooks. Jimmy is continuing to grow his expertise in cybersecurity and the advantages of Microsoft Security.
Welcome to the Interlink Cloud Blog
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.