What is Auto-Pilot

Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. I can really see the appeal we use XMA for our hardware, I deploy our standard image to the desktops before its delivered to the end user but AutoPilot may change that approach.

I was at a WMUG event when Gerry Hampson MVP and Paul Winstanley MVP spoke about AutoPilot, Peter Egerton also explored it on his blog I was intrigued and wanted to try it out (I have linked their blog posts) .

Windows AutoPilot allows you to:

  • Automatically join devices to Azure Active Directory (Azure AD)
  • Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription)
  • Restrict the Administrator account creation
  • Create and auto-assign devices to configuration groups based on a device’s profile
  • Customize OOBE (some) content specific to the organization


Gather AutoPilot Device Data

You will need to register a device to ensure AutoPilot works, the idea behind this is that your supplier(in my case XMA) will populate this information in a CSV file and you can add it to the Windows Store for Business (or directly in Azure). At the moment getting the device serial number and Windows product ID is easy but moving forward I need to get the hardware hash. Below are some examples.

Device Serial Number wmic bios get serialnumber
Windows Product ID Get-ItemPropertyValue “hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DefaultProductKey\” “ProductId”
Hardware Hash $wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter “InstanceID=’Ext’ AND ParentID=’./DevDetail'”
$wmi.DeviceHardwareData | Out-File “($env:COMPUTERNAME).txt”

Michael Niehaus has created a great Powershell script to semi automate this process. You can get it here Get-WindowsAutoPilotInfo, here are some examples

Export Computer AutoPilot Data

.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv

Append Computer AutoPilot Data

.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv -Append

Export AutoPilot Data from a SCCM Collection

Get-CMCollectionMember -CollectionName "All Systems" | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv

Export AutoPilot Data from a Active Directory

Get-ADComputer -Filter * | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv

Create AutoPilot Profile

This can now be done in the Azure Portal and the Windows Store for Business

  1. Go to the Azure Portal.
  2. Go to Intune – Device Enrollment.
  3. Select Windows Enrollment – Deployment Profiles.

  4. Create the new profile (I am showing Azure and Windows Store for Business)

Import AutoPilot Data

Importing the device data must currently be done in Windows Store for Business but soon you will be able to import in Azure, it’s currently in preview.

Please not the preferred way to do this now is through Azure not Windows Store for Business

  1. Go to Windows Store for Business
  2. Go to Devices – add device

  3. Select your .csv file and then select the AutoPilot profile you want to apply.

  4. Now the device has been imported and a profile has been assigned.

Company Branding

Part of the appeal of AutoPilot is to customize the branding of the sign in page.

  1. Go to the Azure Portal.
  2. Go to Azure Active Directory – Company Branding.

  3. Click Edit and set your branding. 

  4. Once this is done your sign in page and OOBE sign in will be customised.

AutoPilot in Action

So I have deployed a standard Windows 10 1709 ISO in VMware Workstation.

  1. So in this example im using Windows 10 1709 and I am just building the VM off the ISO.
  2. So the OOBE is asking for a region.
  3. Now the keyboard layout.

  4.  Now if I have a second keyboard.

  5. Now we get the sign in page with some basic company branding. 

  6. So once the user signs in I have auto-enrollment enabled in Azure (MDM Auto-Enrollment), once that happens polices and applications will be deployed.

    Its worth remembering that Windows AutoPilot is a start, its by no means a finished product but I can see a lot of potential for the future.


    Series Links

    1. Traditional Management vs Modern Management – Part 1  – Encryption
    2. Traditional Management vs Modern Management – Part 2 – Office 365
    3. Traditional Management vs Modern Management – Part 3 – AAD/Auto MDM Enrollment
    4. Traditional Management vs Modern Management – Part 4 – Windows AutoPilot
    5. Traditional Management vs Modern Management – Part 5 – Security



  • Mark
    Posted at 18:08 December 7, 2017

    Is it fair to say this is quite lacking compared to current GPO’s, MDT, ConfigMgr approaches and is more for a BYOD model only at this time?

    • Terence Beggs
      Posted at 22:24 December 7, 2017
      Terence Beggs

      Its more that fair to say that, Intune is not a replacement for ConfigMgr. CSP’s are certainly not a replacement for GPO’s, things are moving in the right direction.

  • Rens
    Posted at 14:25 December 8, 2017

    First of all, great post. A full tutorial on how to configure autopilot and branding is great.

    But I’m curious how autopilot should be used, because I don’t see it as a replacement for my corporate laptop which I can now enroll out of the box instead of a corporate factory image. I mean the laptop is still full of bloated crap-ware upon purchase, and companies want to know exactly what’s on it, or install their application suite onto it.

    The only thing’s I’m seeing autopilot does is: joining azuread automatically, branding a logo in the join azuread screen and hide the traditional OOBE/Privacy and EULA screen. Lastly you can decide of the user is admin or not. That is nowhere near a traditional deployment. I’m really searching for a proper use case here. I can’t find one other than remote workers or internet facing workers logging in for the first time on a new device.

    • Terence Beggs
      Posted at 14:54 December 8, 2017
      Terence Beggs

      Hello Rens

      My vendor will put on a vanilla OS or my corporate image if i need them too but i completely agree with your statement on the bloatware crap that OEMs put on laptops.
      It is very hard to see this as a replacement for ConfiMgr/GPO/AD. If you have Windows Devices managed in Azure AD using Intune you will not have the control as you would with your on premise environment but with a focus on a more agile workforce i can see how this could be handy(in the future).
      I feel like AutoPilot is the start, if Microsoft really work on this and understand the concerns that SysAdmins have, then it will be the future. If they dont it will be just a technology that gets replaced by something else.

      Lets see what happens

      • Rens
        Posted at 15:00 December 8, 2017

        Thanks for your prompt response, I agree.

        • Terence Beggs
          Posted at 15:13 December 8, 2017
          Terence Beggs

          No problem, we all have the same concerns.

  • Ram Lan
    Posted at 16:37 December 22, 2017
    Ram Lan

    Hi – Excellent write up on autopilot.

    Just one Question – How to reset autopilot system after obtaining Device ID, Product ID & Hardware Hash?

    I was able to get above information during OOBE stage by pressing Shift+F10 and executed Powershell command. Then, I powered off autopilot system – uploaded csv file at MSfB and successfully completed autopilot deployment within Azure & MDM.



    • Terence Beggs
      Posted at 20:48 December 26, 2017
      Terence Beggs

      Sorry for the late reply, enjoying a well needed rest. Can you explain what you mean, do you mean remove the system or change the hardware hash.


  • Charles Foster
    Posted at 22:08 September 22, 2018
    Charles Foster

    Very nicely done, but may I suggest that you rewrite to use the Intune portal to upload Autopilot CSV files and create the Autopilot Profiles rather than the Microsoft Store for Business please. It is the preferred methodology. Thank you!

    • Terence Beggs
      Posted at 11:57 December 5, 2018
      Terence Beggs

      I have added a note to push people to use Azure portal not Windows Store for Business

  • Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.