Update to Windows Autopilot pre-provisioning process for app installs
Published Feb 27 2023 08:00 AM 35.2K Views

By: Juanita Baptiste, Sr Product Manager and Kiran Alli Prinicipal Software Engineer | Microsoft Intune


Windows Autopilot enables IT pros to provision devices in ways that work best for their organization, including pre-provisioning (formally known as white glove). We understand that, for many customers, installing as many applications as possible during pre-provisioning is desired to reduce the user setup time. To help customers achieve this, we’ll be implementing an option to attempt the installation of all required apps assigned to a device during technician phase. In case of app installation failure, the Enrollment Status Page (ESP) will continue except for those apps specified in the ESP profile.


How this works

The purpose of the ESP is to block device use until essential policies and apps are applied. While there’s no ability to sequence the apps today, ESP will prioritize installation of the selected blocking apps first (Win32 apps only). Blocking applications will prevent the user from getting to the desktop until it’s successfully installed. For customers using pre-provisioning to install as many apps as possible on the device at the same time, you would need to select the All option on the Block device use until required apps are installed if they are assigned to the user/device setting in the ESP profile. With this option selected, your deployments may fail for nonessential apps which could result in device resets and increased setup time for users.


With this new feature, ESP will continue to block device use until other targeted apps are at least attempted during the technician phase. ESP won’t fail the deployment if the non-blocking app is unsuccessful. For example, if only three critical apps are needed for installation, you can specify them as the blocking apps and use the new toggle to only fail the deployment if one of those three apps fails. This is a configurable function and, if it’s not enabled, the previous pre-provisioning behavior remains, including attempting to install other targeted and required applications for the device or user after the technician phase is completed, depending on how long the device has network connectivity post ESP.


How to enable this change

This change is expected with Intune’s March (2303) service release and requires the IT pro to enable this option within the ESP profile. Existing deployments and profiles will not be impacted unless explicitly changed. To enable this change on existing profiles, you’ll need to edit your ESP profile by selecting Yes on the new setting Only fail selected apps in technician phase. For new profiles, this setting is set to Yes by default for pre-provisioning devices. To disable this setting, select No. Note that this setting will only appear as an option if you have blocking apps selected and only apply for devices going through pre-provisioning.


An example of the Windows enrollment, Enrollment Status Page feature in the Microsoft Endpoint Manager admin center.An example of the Windows enrollment, Enrollment Status Page feature in the Microsoft Endpoint Manager admin center.


Keep in mind that when you enable this setting, you should expect that the time to provision during the technician phase may take longer, depending on the number of applications targeted. If you’re using a third party to provision your devices, please make them aware of the potential change in provisioning time.


Frequently Asked Questions (FAQs)

  • Does this feature also install required apps that have dependencies?
    • Yes, any required apps that are targeted to the user and has a dependency will be attempted but will not fail the deployment.

  • Do we prioritize the blocking apps to be installed first?
    • No, in this scenario, ESP will wait until both blocking and required apps are attempted.

  • What happens if a required app fails?
    • If a required app fails, ESP will continue, and the app will be retried again when the user logs in.

  • What happens if a blocking app fails?
    • If a blocking app fails, the Autopilot deployment fails.

  • If ESP times out while installing required apps, does it fail the deployment?
    • Yes, if ESP times out while still installing required apps, the process will fail due to time out so IT pros will need to increase their time out if enabling this feature.


Let us know if you have any additional questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.


Post Updates:

03/10/23: added section with frequently asked questions. Thanks for the feedback!

Version history
Last update:
‎Mar 10 2023 10:09 AM
Updated by: