AMA: Windows Autopilot

Thanks for participating in today's AMA! Here are the questions our panelists answered during the session: 

Question – Can you all talk about the differences between traditional autopilot and device prep and use case scenarios for using one over the other? and a follow up question: will resellers that have tenant info eventually be able to enroll devices in device prep during the purchase process? – answered at 1:42.

Question - Whilst I've used a Michael Niehaus script to deploy applications only when in Autopilot, and I've created my own script to only deploy application during pre-provisioning in Autopilot, will Microsoft ever add native capabilities to Intune/Autopilot such as a check box for apps to only install during either of these two processes (or even to ensure that an app only installs when Autopilot is completed)? – answered at 6:17.

Question – Will there be any Autopilot content at MS Ignite this year?  Last year was severely lacking on Endpoint Management information. – answered at 7:33.

Question – What is the future of the Autopilot device preparation policy in the Windows 365 Enterprise environment? Currently, it's available only in Windows 365 Frontline. – answered at 8:15.

• Go to aka.ms/AutopilotNew to see what’s recently been released with autopilot or go to aka.ms/M365Roadmap

Question – In what scenarios do you recommend orgs use group tags when registering devices to AP? - answered at 9:45.

Question – how do you recommend we install the SCCM client on AP (Autopilot) with device prep so we can then assign co-management policies?  – answered at 11:31.

Question – Is it planned to add custom OOBE pages to provide onboarding information for a new employee? Just pages with text. I am also interested in simplifying the process of adding a device to the Autopilot list (downloading hardware hash) not using powershell, but for example using a phone (like in Apple Business Cabinet) or the built-in GUI in OOBE. – answered at 13:08.

Question – We're planning to move from Autopilot to Autopilot Device Preparation. How can we stop users from setting up devices with personal accounts on this screen? – answered at 16:58.

• To share feedback, please go to aka.ms/Intunefeedback or go to the Windows admin center and click the “Add feedback” option in the right hand corner.
  
  

Question – Are there any improvements on the device naming. we are seeing out of 100 machine enrollment atleast 2 to 5 devices are having same device name. which is making manual activity for IT team to rename the device every month – answered at 18:34.

Question – How do we know if we need to delete a device from Intune before running Autopilot on it again? This is in regards to using self-deploying mode, with the https://learn.microsoft.com/en-us/autopilot/self-deploying mentioning this as a requirement, but then a later article mentions certain hardware manufacturers have fixed this? – answered at 22:27.

• Go to aka.ms/AutopilotDocs for more info!

Question – How can we set Intune apps to REQUIRED without them installing during Autopilot (v1) please - i.e. so they don't try to install before Autopilot has finished? Each time an app is set to REQUIRED we would have to re-test our Autopilot sequence, as sometimes apps cause issues with/break Autopilot. Also, sometimes, we do not want very big apps (e.g. AutoCAD) attempting to install during, and holding-up, Autopilot. Also, not all apps are REQUIRED for all users/devices, so we wouldn't be able to test each conceivable combination of REQUIRED apps etc. with our Autopilot sequence. Could we have an option in the app settings for WHEN AUTOPILOT HAS FINISHED please? Or something similar? – answered at 24:48.

 

Question – When using Autopilot for Entra-only devices I can select to rename the device using the %serial% variable.  That option isn't available when using Autopilot for hybrid joined devices.  I have to rename using %random% and then rename the device which creates multiple objects in Entra.  Is this something that's on the drawing board? – answered at 29:12.

• For more information, go to aka.ms/CloudNativeEndpoints
  
  

Question – Are there any plans for implementation on creating the dynamic group based on the ESP profile name. – answered at 33:00.

Question – Intune/Autopilot/Azure has object IDs. When scripting processes, object IDs is a bit of a challenge. Are there any plans to make working with device objects easier? – answered at 36:08.

Question – The assignment of apps to specific target devices. In configuration manager we can create a collection of with device user limitations and apply the deployment only to those devices. But if we want to achieve the same in Intune, what’s the best option currently available? Any planned improvements in the future? What I mean is, I would like to deploy an application only to new devices without using scripts, complex exclusions, or spending too much time analyzing logs. – answered at 38:40.

Question - Thank you for answering my question about REQUIRED apps and using the ESP Block list Maggie. I've read on the MS forum, and other blogs, that this block list does not prevent all REQUIRED apps installing, whether they're on the block list or not. Hence we haven't implemented this method. Is there any truth in this please? – answered at 42:44.

Question – With Autopilot Device Preparation, I always recommend customers disable personal devices from enrolling to Intune and thus Device Preparation requires these Corporate Device Identifiers to be uploaded to Intune. Is this the recommended approach? If so, would there be any easier ways to get the Corporate Device Identifiers uploaded to Intune? Right now, it requires that you manually pull it (similar to Hardware Hash) and requires device intervention. – answered at 44:13.

Question – Thank you for answering my question about blocking setup for personal accounts. To confirm, is it just the Enterprise SKU that will prevent users from logging in with personal accounts, or also the Pro SKU? What happens if the user attempts to login with a personal account on these SKUs? – answered at 47:09.

Question – When are you planning to add export capabilities in Autopilot blade which consists of AAD ID and serial number? - answered at 49:50.

• Please give us feeback at aka.ms/IntuneFeedback to share more details about this request

Question – We really need an order of installation for ESP applications! Will we ever have this capability? – answered at 51:36.

• Go to aka.ms/CloudNativeEndpoints

Clarify my question not only a mindset SCCM.

Is there a simple way in Intune to deploy an app only to newly enrolled devices via Autopilot, without using scripts during the Autopilot ? like script install apps from this specific data etc cit: "intune-app-ps-script-based-enrollment-date" or create another autopilot profile ....

I’d like to avoid installing the app on existing devices and keep the process clean and automatic ,because the requirement for install app on ESP page status you shoud an app in "Required"

Regards . I hope maybe you have an advice ... Thank you a lot in advance

How do se make sure that device cannot be used for personal perpose and any other tenant just like Windows Autopilot by uploading hash value.

We need to install apps in a particular order. This isn't a complicated ask, why make it complex? As it is, we have to use dependencies, which is a pain in the backside. Just give each blocking app a priority order, that's not task sequences. Examples, we need to prep the powershell environment before installing modules, we want to script updates at the end after all apps are installed.

Hi,

in autopilot what is the recommended best practice for updating drivers and bios during pre-provision process

thank you

Thanks for joining us today! We'll keep this Q&A open through Friday so you can catch up on demand and continue to post your questions for the Autopilot team.

The initial experience heavily depends on SSO working from the get-go. This is something we think could be improved (not speaking of our very special DMA-feature in Europe). Any plans on improving/optimizing the process involving receiving the PRT etc.?

Hi,

When using Autopilot, what is the recommended best practice to update drivers and bios during the pre-provision process. In my scenario, this is specific to devices such as Lenovo.

Thank you

Thank you for answering my question about blocking setup for personal accounts.

To confirm, is it just the Enterprise SKU that will prevent users from logging in with personal accounts, or also the Pro SKU? What happens if the user attempts to login with a personal account on these SKUs?

.