Now booking Q1 Intune migrations — talk to an engineer.

CyberSystem
← Back to Blog

Intune Windows Autopilot Deployment: Complete Guide

Learn how to configure and deploy Windows devices using Windows Autopilot with Intune, including deployment profiles, enrollment status pages, and device preparation.

By Ali Alame
intuneautopilotwindows-autopilotdevice-deploymentoobedevice-provisioningwindows

Windows Autopilot simplifies device deployment by automating the out-of-box experience (OOBE) and device enrollment process. When integrated with Microsoft Intune, Autopilot enables zero-touch deployment of Windows devices with automatic configuration, app installation, and policy application.

Understanding Windows Autopilot

Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. Autopilot can be used with Intune to automatically enroll devices and apply configurations during the initial setup.

Key Benefits

  • Zero-Touch Deployment: Minimal IT intervention required
  • Consistent Experience: Standardized device setup process
  • Automatic Enrollment: Devices automatically enroll in Intune
  • Policy Application: Automatic application of policies and apps
  • User-Driven: Users complete simple setup steps

For an overview, see Windows Autopilot.

Prerequisites

Before configuring Autopilot:

  1. Intune Subscription: Active Microsoft Intune license
  2. Microsoft Entra ID: Devices join to Microsoft Entra ID
  3. Device Registration: Devices must be registered in Autopilot
  4. Permissions: Intune Administrator or Global Administrator

Registering Devices in Autopilot

Method 1: Automatic Registration

Devices can be automatically registered when:

  • Purchased from authorized partners
  • Imported via CSV file
  • Registered via hardware hash

Method 2: Manual Registration

  1. Sign in to the Microsoft Intune admin center
  2. Navigate to Devices > Windows > Enrollment > Windows Autopilot devices
  3. Select Add > Add devices
  4. Upload hardware hash CSV or enter device information

For detailed guidance, see Add devices to Windows Autopilot.

Creating Autopilot Deployment Profiles

Step 1: Access Autopilot Profiles

  1. Sign in to the Microsoft Intune admin center
  2. Navigate to Devices > Windows > Enrollment > Windows Autopilot deployment profiles
  3. Select Create profile > Windows PC

Step 2: Configure Basics

  1. Name: Enter descriptive name
  2. Description: Optional description
  3. Convert all targeted devices to Autopilot:
    • Yes: Automatically register devices in assigned groups
    • No: Only use for pre-registered devices

Select Next.

Step 3: Configure OOBE Settings

Configure the out-of-box experience:

  1. Deployment mode:

    • User-driven: User completes setup with credentials
    • Self-deploying: Automatic setup without user credentials
    • Pre-provisioning: IT pre-provisions device before user receives it

  2. Join to Microsoft Entra ID as:

    • Microsoft Entra joined: Cloud-only join
    • Microsoft Entra hybrid joined: Hybrid join with on-premises AD

  3. Language (Region): Set default language and region

  4. Automatically configure keyboard: Yes/No

  5. Microsoft Software License Terms: Hide/Show

  6. Privacy settings: Hide/Show privacy settings

  7. Hide change account options: Hide/Show account change options

  8. User account type: Standard or Administrator

  9. Allow white glove: Allow pre-provisioning (OOBE only)

  10. Skip keyboard selection page: Skip/Show

  11. Skip privacy settings page: Skip/Show

  12. Hide privacy settings: Hide/Show

Select Next.

Step 4: Assign to Groups

  1. Select + Select groups to include
  2. Choose device groups containing Autopilot devices
  3. Select Next

Important: Assign to device groups, not user groups.

Step 5: Review and Create

  1. Review all settings
  2. Select Create

For detailed guidance, see Configure Windows Autopilot profiles.

Enrollment Status Page

The Enrollment Status Page (ESP) displays provisioning progress during device setup, showing app and profile installation status.

Creating an ESP Profile

  1. Navigate to Devices > Windows > Enrollment > Enrollment Status Page
  2. Select Create profile
  3. Configure settings:

Settings:

  • Show app and profile configuration progress: Show/Don't show
  • Show an error when installation takes longer than specified number of minutes: Set timeout
  • Show custom message when time limit or error occurs: Customize message
  • Turn on log collection and diagnostics page for end users: Enable/Disable
  • Only show page to devices provisioned by out-of-box experience (OOBE): Yes/No
  • Block device use until all apps and profiles are installed: Block/Don't block

App and profile configuration:

  • Select apps to track: Choose apps to track during ESP
  • Select groups to track: Choose groups to track

For guidance, see Enrollment Status Page profile.

Deployment Modes

User-Driven Mode

Use Case: Traditional user devices

Process:

  1. User powers on device
  2. Device connects to internet
  3. Autopilot profile downloads
  4. User enters credentials
  5. Device joins Microsoft Entra ID
  6. Intune policies and apps install
  7. User can sign in

Requirements:

  • User credentials required
  • Internet connection required
  • Device registered in Autopilot

Self-Deploying Mode

Use Case: Kiosks, shared devices, digital signage

Process:

  1. Device powers on
  2. Device connects to internet
  3. Autopilot profile downloads
  4. Device automatically joins Microsoft Entra ID
  5. Intune policies and apps install
  6. Device ready for use

Requirements:

  • No user credentials required
  • Internet connection required
  • TPM 2.0 and UEFI required
  • Device registered in Autopilot

For details, see Windows Autopilot deployment modes.

Best Practices

1. Register Devices Properly

  • Register devices with accurate hardware hashes
  • Verify device registration before deployment
  • Use automatic registration when possible
  • Keep device inventory updated

2. Configure Appropriate Deployment Mode

  • Use user-driven for standard user devices
  • Use self-deploying for shared/kiosk devices
  • Use pre-provisioning for IT-prepared devices
  • Test each mode before broad deployment

3. Configure Enrollment Status Page

  • Enable ESP for better user experience
  • Track critical apps during setup
  • Set appropriate timeouts
  • Provide clear error messages

4. Assign Apps and Policies

  • Assign required apps to device groups
  • Configure apps to install during ESP
  • Test app installation order
  • Verify policy application

5. Test Before Production

  • Test with pilot devices first
  • Verify all apps install correctly
  • Check policy application
  • Validate user experience

Troubleshooting

Common Issues

  1. Device Not Enrolling

    • Verify device registration in Autopilot
    • Check device group assignments
    • Review Autopilot profile assignment
    • Check network connectivity

  2. ESP Timeout

    • Increase ESP timeout
    • Review app installation times
    • Check for app installation failures
    • Optimize app installation order

  3. Apps Not Installing

    • Verify app assignments
    • Check app requirements
    • Review installation logs
    • Test app installation manually

For troubleshooting guidance, see Troubleshooting Windows device enrollment errors in Intune.

Additional Resources

Conclusion

Windows Autopilot with Intune provides a powerful, zero-touch deployment solution for Windows devices. By following these best practices:

✅ Register devices properly in Autopilot
✅ Configure appropriate deployment modes
✅ Set up Enrollment Status Page
✅ Assign apps and policies correctly
✅ Test thoroughly before production

You can streamline device deployment, reduce IT overhead, and provide a consistent user experience across your organization.

Remember: Autopilot simplifies device deployment but requires proper planning and testing. Always test with pilot devices first and verify all configurations before broad deployment.