Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. Windows

Category filter

Provisioning Windows devices with Windows Autopilot

Jump To

Overview: Windows Autopilot Enrollment

Windows Autopilot streamlines the device lifecycle by allowing IT administrators to pre-configure new devices, making them business-ready immediately after unboxing.

With Windows Autopilot Enrollment, the traditional imaging process is replaced by a cloud-centric approach. When a user powers on the device and connects to a network, the device is automatically enrolled in Hexnode UEM with predefined configurations and policies. This is essential for large organizations requiring efficient, bulk deployment of corporate-owned devices.

Prerequisites

Ensure the following requirements are met before beginning the enrollment process:

  • License: Users enrolling devices must have a Microsoft Entra ID P1 license assigned.
  • Supported Operating Systems:
    • Windows 11 (Pro Education, Pro for Workstations, Enterprise, Education)
    • Windows 10 (Pro, Pro Education, Pro for Workstations, Enterprise, Education)
  • Windows Autopilot licensing requirements

Step 1: Configure Microsoft Entra ID in Hexnode

To enable communication between Hexnode and your directory services:

  1. Navigate to Admin > Integrations in the Hexnode UEM console.
  2. Click on the Windows Autopilot tile.
  3. Domain Configuration:
    1. If configured: Select your domain from the dropdown.
    2. If not configured: Enter your organization’s Microsoft Entra custom domain/Directory (Tenant) ID and click Configure.
  4. Authentication: Sign in with your Microsoft Entra ID credentials.
  5. Permissions: A pop-up will request permission for the Hexnode Azure Directory Services app. Check the consent box and click Accept.
  6. Enrollment Settings:
    1. Select either Allow self-enroll or Map UPN to email address.
    2. Scheduled Sync: Set the daily or weekly frequency and specific time for the sync to occur.
  7. Click Next.
  8. Policy Setup: Under Configure Autopilot Settings, select the policies to apply post-enrollment and click Next.
  9. (Optional) Configure Conditional Access if prompted.

Verification: Navigate to Enroll > Platform-Specific > Windows > Windows Autopilot. Click the Sync button to ensure devices can be imported.

Step 2: Add Hexnode UEM App to Microsoft Entra ID

You must configure the MDM scope in the Microsoft Entra ID portal to allow Hexnode to manage the devices.

  1. Log in to the Microsoft Entra ID portal.
  2. Navigate to Microsoft Entra ID > Manage > Mobility (MDM & WIP).
  3. Click + Add application and select Hexnode UEM app.
  4. Click on the newly added Hexnode UEM app to configure the scope:
    1. MDM user scope: Set to ‘All‘ (for all users) or ‘Some‘ (to select specific groups).
    2. MDM Terms of Use URL: Paste the URL from the Hexnode Portal (Enroll > Platform-Specific > Windows > Windows Autopilot).
    3. MDM Discovery URL: Paste the URL from the Hexnode Portal.
  5. Important: Ensure the Microsoft Intune app MDM user scope is set to ‘None‘ to prevent conflicts.

Critical: Automating Agent Installation

By default, Autopilot handles the MDM profile. To ensure the full Hexnode Agent (required for remote actions) is installed:

  1. In the Hexnode UEM Portal, go to Admin > General Settings > Hexnode App Updates.
  2. Enable “Install Hexnode Service App Silently on Windows Devices”.
  3. Result: The agent installs automatically 5 minutes after enrollment.

Note: If this was skipped, you must manually trigger installation by clicking the refresh button next to the Hexnode Service (Agent) App status in the Device Summary > Enrollment Details page.

Step 3: Extract Hardware IDs (Hardware Hash)

To register a device with Autopilot, you need its unique hardware ID.

Option A: From Vendor

Request the hardware ID CSV file directly from your device reseller or vendor.

Option B: Using PowerShell Script

Run the following script on the target device to generate the CSV.

  1. Open PowerShell with Administrator privileges.
  2. Run the following commands:
  3. This generates a file named AutopilotHWID.csv in the C:\HWID directory containing the Device Serial Number, Windows Product ID, and Hardware Hash.

Option C: Using Hexnode Remote Action

If the device is already managed but needs to be switched to Autopilot, use the Execute Custom Script action in Hexnode to run the script above. View the output in Action History > Show Output.

Step 4: Import Hardware IDs to Microsoft Intune

  1. Login to the Microsoft Intune admin center.
  2. Navigate to Devices > Windows > Device onboarding > Enrollment.
  3. Under Windows Autopilot, select Devices.
  4. Click Import and upload the *.csv file obtained in Step 3.
  5. Wait for the import to complete.

Step 5: Assign Users

To ensure the specific user is mapped to the device:

  1. In the Intune admin center, go to Devices > Windows > Enrollment > Devices.
  2. Select the imported device.
  3. Click Assign user.
  4. Select a licensed Intune/Entra ID user.

Step 6: Create and Assign Deployment Profile

  1. In the Microsoft Intune admin center, go to Devices > Windows > Enrollment > Deployment profiles.
  2. Click Create profile > Windows PC.
  3. Basics: Provide a Name and Description.
  4. OOBE: Configure the Out-of-Box Experience (OOBE) settings.
  5. Assignments: Select Add groups or Add all devices to target the profile.
  6. Click Create.

The newly created profile will be added to the list of Windows Autopilot deployment profiles.

Final Verification in Hexnode

  1. Once the configuration profile is created in the Microsoft ecosystem, you must verify the sync in Hexnode.
  2. Verify Sync: Navigate to Enroll > Platform-Specific > Windows > Windows Autopilot.
  3. Device List: Devices synced from your Microsoft Entra ID portal will appear here.
  4. Management: From this list, you can associate policies with specific devices.
  5. Edit Configuration: To modify or delete the current Autopilot configuration, click the Actions menu in the upper-right corner.

Important Distinction: Synced vs. Enrolled

  • Autopilot Tab: Displays devices that have been synced from Entra ID but may not yet be enrolled.
  • Manage Tab: Only displays devices that have successfully completed the enrollment process. New devices will not appear in the Manage tab until the user finishes the setup steps below.

End-User Workflow (Device Provisioning)

For the enrollment to complete, the end-user must perform the following steps on the device:

  1. Power On: Turn on the device (or unbox it).
  2. Connect: Connect to a Wi-Fi or wired network.
  3. Language: Select the preferred language and region.
  4. Sign In: When prompted, sign in using their Microsoft Entra ID credentials.
  5. Result: The device will automatically apply the configurations and enroll in Hexnode.

Note for Existing Devices: If a device is already in use, it must be wiped and reset to the factory default state (OOBE) to trigger the Autopilot enrollment flow.

Frequently Asked Questions (FAQs)

Q1: Do I need an Intune License to use Autopilot with Hexnode?

Autopilot is a Windows feature often managed via the Intune interface (Endpoint Manager), but the actual MDM license required is for Hexnode. However, the user needs a Microsoft Entra ID P1 license to use the premium Autopilot features.

Troubleshooting

1: Hexnode Agent not installed after enrollment

  • Symptom: Device is enrolled, but actions like Remote View or Execute Custom Scripts fail.
  • Cause: The “Install Hexnode Service App Silently” setting was disabled during enrollment.
  • Resolution:
    • Go to the Device Summary in Hexnode.
    • Under Enrollment Details, click the refresh icon next to Hexnode Service (Agent) App.
    • For future devices, enable the silent install option in Admin > General Settings.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Enrolling Devices