Blog Post

Windows IT Pro Blog
4 MIN READ

Windows Autopilot: Hybrid Azure AD join and automatic registration

Tanvir Ahmed's avatar
Tanvir Ahmed
Icon for Microsoft rankMicrosoft
Nov 13, 2018

Windows Autopilot is modernizing the way you deploy Windows. It simplifies the process by eliminating the complexity associated with creating, maintaining, and distributing custom images while reducing the overall total cost of ownership.

We’re constantly improving Windows Autopilot based on the feedback that we receive from you and our other customers around the world. One of the most popular requests has been, “When will Windows Autopilot support on-premises Active Directory enrollment for Windows 10 devices?”

Hybrid Azure AD join

Today, we are excited to introduce support for Hybrid Azure AD join (on-premises AD) using Windows Autopilot user-driven mode. This capability is now available with Windows 10, version 1809 (or later).

In this mode, you can use Windows Autopilot to join a device to an on-premises Active Directory domain. Configuring this feature is very similar to the Windows Autopilot user-driven mode process today:

  1. Register the device with Windows Autopilot.
  2. Create an Autopilot deployment profile specifying Hybrid Azure AD as the method in which you would like to join devices to Azure AD.
  3. Install the Intune Connector for Active Directory on a computer running Windows Server 2016 (or later).

In the Create Profile blade for user-driven mode, there will be a new option under Join to Azure AD as labeled Hybrid Azure AD joined (Preview).

Selecting this option is all you need to do from a deployment profile standpoint to configure Windows Autopilot user-driven mode for Hybrid Azure AD.

The next step is to configure the new Intune Connector for Active Directory. This connector will be used by Microsoft Intune to communicate with your on-premises domain controller during the Windows Autopilot process.

The Intune connector requires a device configuration profile to specify the domain join and computer naming details. To set up this profile:

  1. In Intune, choose Device configuration > Profiles > Create Profile.
  2. Enter the following properties:
    • Name: Enter a descriptive name for the new profile.
    • Description: Enter a description for the profile.
    • Platform: Choose Windows 10 and later.
    • Profile type: Choose Domain Join (Preview).
  3. Choose Settings and provide a Computer name prefix, Domain name, and Organizational unit (optional).

  4. Choose OK > Create. The profile is created and appears in the list.
  5. To assign the profile, follow the steps under Assign a device profile.

What’s great about Windows Autopilot user-driven mode for Hybrid Azure AD is that it benefits from the rest of the great features of Windows Autopilot. Not only is it compatible with the Enrollment Status Page, it also allows you to configure things like:

  • Skipping specific pages in the OOBE
  • Auto-accepting the Windows EULA on behalf of the end user
  • Preventing users from opting out of Windows Autopilot
  • Specifying an account to be an administrator or standard account

For detailed steps and requirements to set up Windows Autopilot user-driven mode for Hybrid Azure AD, as well as the Intune Connector for Active Directory, please see Windows Autopilot user-driven mode for hybrid Azure Active Directory join.

You can also watch this short video:

Automatic registration with Microsoft Intune

Earlier this year, we announced expanded partner support for Windows Autopilot, which helps make the registration process easier for new devices. We shared that Microsoft Surface, Dell, HP, Lenovo, and Toshiba are now participating device manufacturers for Windows Autopilot—with Panasonic and Acer coming soon. For existing devices, you could use a script to extract and upload device IDs to use with Windows Autopilot; however, this solution involved querying each device, which proved to be challenging for some organizations.

That is why we’re also excited to announce a new Microsoft Intune capability that will make it easier for you to use Windows Autopilot with existing devices by allowing you to automatically register all targeted devices with Windows Autopilot. Available as part of the Windows Autopilot deployment profile creation page in Intune, you will now be able to create a Windows Autopilot deployment profile and flag that profile so that it will automatically register any devices targeted by that profile into Windows Autopilot.

With this feature, you simply enable automatic Windows Autopilot registration in a deployment profile and target that profile to all devices in the organization. The next time a targeted device checks into Intune, it will be automatically registered into Windows Autopilot and show up in your list of registered devices.

Self-deploying mode and support for existing devices

In addition to the two new capabilities discussed above. Windows Autopilot can enable you to easily transform your existing Windows 7 domain-joined devices into Azure AD-joined devices running the latest version of Windows 10. For prerequisites and step-by-step instructions, see Windows Autopilot for existing devices. (And, to save up to 20 minutes during the deployment process, see Michael Niehaus’ blog post on Speeding up Windows Autopilot for existing devices.)

For truly zero-touch provisioning, Windows Autopilot also features self-deploying mode, which allows you to register a device in your Azure AD tenant, enroll the device in the your MDM solution, and ensure that all policies, applications, certificates, and networking profiles are provisioned on the device before the user ever logs on. For more information on this scenario, see Windows Autopilot Self-Deploying mode.

Learn more

Whether you’re new to Windows Autopilot, or are looking to take the next step in leveraging this modern deployment method, we have resources to help you on your journey:

We also conducted two deep dive sessions at Microsoft Ignite that you can now watch on demand:

  


Continue the conversation. Find best practices. Bookmark the Windows 10 Tech Community.

Looking for support? Visit the Windows 10 IT pro forums.

Updated Nov 13, 2018
Version 2.0
  • great article, do we have any time frames when these features will be out of Preview? There are obviously a few areas needed for improvement like integration with ADFS federated domains. I see Hybrid Join as one of the key features to make AutoPilot change how organisations roll out devices.