We run Intune/Autopilot for our builds and our techs still have to boot from USB for many scenarios including: 1. Autopilot does not have the ability to natively install the latest Feature Update, so we have to manually install that first 2. Bare metal builds As an aside I'd like to know why Microsoft do not provide up to date (i.e. the latest OS version) Surface Recovery Images for their own hardware?? There is no W11 SRI for the Surface Laptop 3, Surface Pro 7 or Surface Pro 7+ (there are only W10 SRIs). These devices are still under warranty. If you use an OEM W11 ISO all the basic drivers (keyboard, mouse, touchscreen...) do not work, so then you have to plug in external hardware just to build the computer. Bit of a PITA when you're building 1,000s :((

I also think there is still a need for some On-prem infrastructure for OSD. Autopilot solves a lot, but you are still going to find use cases for imaging a system where you have replaced a hard drive or the OS is beyond repair so you will need a MDT server or ConfigMan for that purpose.

Hi Flavio, Unfortunately, currently there is no such thing available in Entra ID. A workaround is creating an inventory of the installed applications and based on that information, fill the group(s) with some automation. And example is found here https://www.inthecloud247.com/create-an-application-based-azure-ad-group-with-logic-apps/