Last year at Microsoft Ignite 2017, we announced Windows Autopilot. This solution provides a way for organizations to ship fresh, untouched Windows 10 devices directly to the end user and define the provisioning flow the user goes through to get a secure, productive Windows 10 device. First, the OEM registers purchased devices with the Windows Autopilot service, so you can assign the necessary Windows Autopilot profile. This profile defines the Out of Box Experience (OOBE) for that device.
It is also possible to register your existing Windows 10 devices with the Windows Autopilot service so that if a device ever needs to be reset, or re-provisioned to a new user, the device will go through the same experience as new devices. ;For more information, see Adding devices to Windows Autopilot and the rest of our Windows Autopilot documentation.
In the year since we announced Windows Autopilot, we have received feedback from many customers who have Windows 7 estates running on modern hardware and want to re-provision those devices with Windows 10 using the Windows Autopilot experience. ;Unfortunately, the hardware hash necessary to pre-register an existing device with Windows Autopilot did not exist on Windows 10 prior to Windows 10, version 1703. This led to many people developing creative and often manual solutions to first reimage a device, then collect the hash to register the device with Windows Autopilot.
To address this, at Microsoft Ignite 2018, we announced Windows Autopilot for existing devices and other capabilities. Windows Autopilot for existing devices allows you to reimage and provision a Windows 7 device for Windows Autopilot user-driven mode using a single System Center Configuration Manager (current branch) task sequence.
You can test this scenario now using Configuration Manager 1806 or later and Windows 10 Insider Preview Build 17758 or later.
In this post, I will take you through the steps to:
- Retrieve a Windows Autopilot profile from Microsoft Intune.
- Convert the profile to the correct configuration file format.
- Configure a Windows Autopilot for existing devices task sequence in Configuration Manager.
Create the Windows Autopilot for existing devices JSON file
- On an Internet-connected Windows PC or Server open an administrative PowerShell command window.
- Enter the following commands to install the necessary modules:
Install-Module AzureAD Install-module WindowsAutopilotIntune
- Accept any prompts to complete the module installations.
- Now log into Intune with administrator credentials using the following command:
Connect-AutopilotIntune
- The next command will retrieve all the Windows Autopilot profiles associated with your Intune tenant.
Get-AutopilotProfile
- As these profiles are not usable for the Windows Autopilot for existing devices scenario, we must convert the profiles into the necessary JSON format using the following commands:
Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
- As you can see, each profile is encapsulated within parentheses {}. The configuration file can only contain one file so select the required profile, including the opening and closing bracket, as shown below.
- Now copy the highlighted profile and paste into a Notepad window.
- Save this file as AutopilotConfigurationFile.json using ANSI encoding to a location suitable as a Configuration Manager package source. (Unicode and UTF-8 files will not work.)
NOTE: Multiple JSON profile files can be used, but each must be named AutopilotConfigurationFile.json when applied to Windows for OOBE to follow the Windows Autopilot experience.
Create a package containing the Windows Autopilot for existing devices JSON file
- Navigate to \Software Library\Overview\Application Management\Packages in the Configuration Manager console.
- Click Create Package.
- On the Create Package and Program Wizard enter the following details:
- Package
- Name: Windows Autopilot for existing devices Config
- This package contains source files: YES
- Click Browse.
- Specify a UNC path containing the Windows Autopilot for existing devices JSON file and click OK.
- Package
- Click Next.
- On the Create Package and Program Wizard enter the following details:
- Program Type: Do not create a program
- Program Type: Do not create a program
- Click Next.
- On the Summary page, click Next.
- Finish the wizard by clicking Close.
Create a Windows Autopilot for existing devices Task Sequence
- Staying within the Configuration Manager admin console navigate to \Software Library\Overview\Operating Systems\Task Sequences.
- Click Create Task Sequence.
- Select Install an existing image package and click Next.
- On the Create Task Sequence Wizard enter the following details:
- Task Sequence Information
- Task sequence name: Windows Autopilot for existing devices
- Boot Image: Boot image (x64)
(or any other Windows 10, version 1809 boot image)
- Task Sequence Information
- Click Next.
- On the Install Windows page enter the following configuration:
- Image Package: Windows 10 1809
- Image Index: Enterprise, Education or Professional
- Partition and format the target computer before installing the operating system: YES
- Configure task sequence for use with Bitlocker: OPTIONAL
- Product Key: OPTIONAL
- Randomly generate the local administrator password and disable the account on all support platforms (recommended): OPTIONAL
- Enable the account and specify the local administrator password: OPTIONAL
- On the Configure Network ensure that Join a workgroup is selected.
Note: The Windows Autopilot for existing devices task sequence will run the Prepare Windows for capture action, which calls the System Preparation Tool (sysprep), and which will fail if the target machine is joined to a domain. Do not specify a domain! - Click Next.
- Click Next again for Install Configuration Manager.
- Deselect all State Migration options.
Note: The Windows Autopilot for existing devices task sequence will result in an Azure Active Directory Domain Joined device. Data backup should leverage OneDrive for Business known folder move to ensure the user’s data is backed up before the Windows 10 upgrade. - The configuration on the Include Updates page shown below is optional. Alternatively, you can leverage Offline Image Servicing in Configuration Manager to ensure the image is up to date with the latest Windows 10 quality update.
- Similarly, you can specify applications to install as part of the task sequence, as shown below. To provide a consistent experience for users receiving new hardware and those refreshing their existing PC using Windows Autopilot for existing devices; however, it is recommended to mirror the signature image approach and have all applications and configuration applied from Intune or Configuration Manager co-management.
- Review the Summary and click Next.
- Review the Completion to ensure there are no issues and click Close.
Customize the Windows Autopilot for existing devices task sequence
- Right click on Windows Autopilot for existing devices in \Software Library\Overview\Operating Systems\Task Sequences and click Edit.
- In the Task Sequence Editor select Apply Windows Settings.
- Click Add -> New Group.
- Select the new group called New Group.
- Rename this new group to Windows Autopilot for existing devices Config.
- Click Add -> General -> Run Command Line.
Note: Ensure that the Run Command Line step is nested under the Windows Autopilot for existing devices Windows Autopilot Config group and is placed after the Remove Windows Autopilot Directory step. - Select the Run Command Line step
- Change the Name to Apply Windows Autopilot configuration file.
- Paste the following command line into Command line:
cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c
Note: Ensure that AutopilotConfigurationFile.json is the name of the JSON file present in the Windows Autopilot for existing devices Config package created earlier. - Select Package and click Browse.
- Select the Windows Autopilot for existing devices Config package created earlier and click OK.
- Select the Setup Windows and Configuration Manager
- Click Add -> New Group
- Select the new group called New Group.
- Change Name to Prepare Device for Autopilot.
- Use the Move Down button to place the Prepare Device for Autopilot group as the very last step in the task sequence.
- Click Add -> Images -> Prepare ConfigMgr Client for Capture.
Note: Ensure that the Prepare ConfigMgr Client for Capture step is nested under the Prepare Device for Autopilot group. - Click Add -> Images -> Prepare Windows for Capture and apply the following:
- Automatically build mass storage driver list: NO
- Do not reset activation flag: NO
- Shutdown the computer after running this action: OPTIONAL
Note: Some customers wish to have the Windows Autopilot for existing devices task sequence refresh the PC and take the user through Windows Autopilot User-driven mode in one distinct sequence. In this scenario, the PC will reboot once imaged and re-sealed and immediately begin the OOBE.
Other customers may wish to collect hardware and refresh before delivering to a new user. In this case, you may select the Shutdown the computer after running this action to prevent OOBE from beginning immediately after the task sequence completes.
The task sequence is now ready to deploy to your Windows 7 machines, remembering to distribute the content!
We’ll continue to blog about the latest Windows Autopilot capabilities and our documentation will be soon be updated to reflect the new scenarios enabled with the release of Windows 10, version 1809.