Provisioning Windows devices with Windows Autopilot
Windows Autopilot helps IT admins prepare new devices for use by pre-configuring and making them ready for work within minutes of unboxing. With Windows Autopilot, enrolling and configuring Windows devices will become much simpler and faster. This device will be automatically enrolled in Hexnode when the user powers on the device for the first time. Autopilot enrollment allows new devices to be set up automatically with predefined configurations and policies. This is especially useful for large organizations that need to deploy a significant number of devices efficiently.
Step 1: Configuring Microsoft Entra ID
- On your Hexnode UEM console, navigate to Enroll > Platform-Specific. Under Windows, choose Windows Autopilot.
- Start by configuring Microsoft Entra ID and provide the Custom domain/Directory (Tenant) ID and then click on Configure.
- Select either Allow self enroll or Map UPN to email address.
- Under Scheduled sync choose how often the AD domain should be synced with Hexnode. Specify the hours and minutes at which the sync to be initiated. Also, choose the frequency of sync (Weekly/Daily).
- Click Save.
Configuring Autopilot settings:
Policies are applied after enrollment. You can choose to associate policies with the devices from the Hexnode UEM console.
- Under Configure Autopilot Settings, click Select Default Policy > Associate policies.
- Select the policies that should be applied to the devices.
- Click Associate when you are done adding the devices.
Step 2: Creating a Deployment Profile
- Log in to your Azure portal.
- Click on the menu bar on the top left
- Navigate to Microsoft Entra ID.
- Navigate to the Mobility (MDM & WIP) tab within the Manage section. Click the + Add application option on the top and select Hexnode UEM app from the available applications.
- The app will be added to the list.
- Now click on the Hexnode UEM app from the list.
- Login to Microsoft Store for Business.
- Click Manage > Devices.
- Click Autopilot deployment. Select Create new profile.
- Provide a name for the profile, configure the settings to include, and then click Create.
The new profile is added to the Autopilot deployment list.
Step 3: Extracting the hardware IDs of the Windows devices
After you create the Deployment Profile, the next step is to extract the hardware IDs of the devices. You can get the hardware IDs of the devices using either of the following two ways:
- From vendor: You can get the hardware IDs from the vendor or reseller from where you have procured the devices. The vendor will provide you a CSV file that can be uploaded to the Azure portal.
- Using script: If you want to enroll your devices to Autopilot, then you can use the script provided below. Please follow the steps below to extract the Hardware IDs.
- Copy this script file to the PC.
- Once copied, on the target device open the command prompt with administrator privileges and execute the PowerShell file.
1234567[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12New-Item -Type Directory -Path "C:\HWID"Set-Location -Path "C:\HWID"$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSignedInstall-Script -Name Get-WindowsAutopilotInfoGet-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv
Once the PowerShell file is executed, it generates a CSV file with name AutopilotHWID.csv that is copied to the current directory where the PowerShell file was executed.
This CSV file has 3 columns: Device Serial Number, Windows Product ID and Hardware Hash.
Step 4: Add devices and apply the profile
Once you get the CSV file, the next step is to add it. Follow the steps below,
- Login in to Microsoft Store for Business.
- Click Manage > Devices.
- Click Add devices. Navigate to the *.csv file and select it.
- Provide a name for a new Autopilot deployment group. You can also choose one from the list. Click Add.
- If you don’t want to add devices to a group, you can select the individual devices to apply the profile to.
- Click the devices or Autopilot deployment group that you want to manage. You need to select devices before you can apply an Autopilot deployment profile.
- After you have selected the devices, click Autopilot deployment.
- Choose the Autopilot deployment profile to apply to the selected devices.
Step 5: Assign Users to hardware IDs
Once you have uploaded the hardware IDs, you can assign the users. This will make sure that only the assigned user can complete the enrollment on the Windows device using their credentials.
If you choose to assign a user, you need to make sure that the user is a licensed Intune user.
Follow the steps below to assign a user,
- Navigate to Devices > By platform > Windows > Windows enrollment. Under Windows Autopilot Deployment Program, click on Devices. Choose the device and click Assign user.
- From the list of users, select the user and click Select.
Checking the Autopilot devices in the Hexnode portal
After the configuration are applied, the details of the devices that are synced from your Azure portal will be listed in the Hexnode UEM console under Enroll > Platform-Specific > Windows > Windows Autopilot. From this list, you can manage and associate the policies with devices. To modify/delete the Autopilot configuration, click on the Actions menu in the upper right corner.