Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This step by step tutorial guides through using Intune to perform a Windows Autopilot user-driven scenario when the devices are strictly Microsoft Entra joined.
The purpose of this tutorial is a step by step guide for all the configuration steps required for a successful Windows Autopilot user-driven Microsoft Entra join deployment using Intune. The tutorial is also designed as a walkthrough in a lab or testing scenario, but can be expanded for use in a production environment.
Before beginning, refer to the How to: Plan your Microsoft Entra join implementation to make sure all requirements are met for joining devices to Microsoft Entra ID.
Windows Autopilot user-driven Microsoft Entra join overview
Windows Autopilot user-driven Microsoft Entra join is a Windows Autopilot solution that automates the configuration of Windows on a new device. Normally, the device is delivered directly from an OEM or reseller to the end-user without the need for IT intervention. Windows Autopilot user-driven deployments use the existing Windows installation installed by the OEM at the factory. The end-user only needs to perform a minimal number of actions during the deployment process such as:
- Powering on the device.
- In certain scenarios, selecting the language, locale, and keyboard layout.
- Connecting to a wireless network if the device isn't connected to a wired network.
- Signing into Microsoft Entra ID with the end-user's Microsoft Entra credentials.
Windows Autopilot user-driven deployments can perform the following tasks during the deployment:
- Joins the device to Microsoft Entra ID.
- Enrolls the device in Intune.
- Installs applications.
- Applies device configuration policies such as BitLocker and Windows Hello for Business.
- Checks for compliance.
- Enrollment Status Page (ESP) can be used to prevent an end-user from using the device until it's fully configured.
Windows Autopilot user-driven deployments consist of two phases:
- Device ESP phase: Windows is configured and applications and policies assigned to the device are applied.
- User ESP phase: Applications and policies assigned to the user are applied.
Once the Windows Autopilot user-driven deployment is complete, the device is ready for the end-user to use and they're immediately sent to the desktop.
Workflow
The following steps are needed to configure and then perform a Windows Autopilot user-driven Microsoft Entra join in Intune:
- Step 1: Set up Windows automatic Intune enrollment
- Step 2: Allow users to join devices to Microsoft Entra ID
- Step 3: Register devices as Windows Autopilot devices
- Step 4: Create a device group
- Step 5: Configure and assign Windows Autopilot Enrollment Status Page (ESP)
- Step 6: Create and assign Windows Autopilot profile
- Step 7: Assign Windows Autopilot device to a user (optional)
- Step 8: Deploy the device
Note
Although the workflow is designed for lab or testing scenarios, it can also be used in a production environment. Some of the steps in the workflow are interchangeable and interchanging some of the steps might make more sense in a production environment. For example, the Create a device group step followed by the Register devices as Windows Autopilot devices step might make more sense in a production environment.
Walkthrough
Related content
For more information on Windows Autopilot user-driven Microsoft Entra join, see the following article: