cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Try out Windows Autopilot white glove pre-provisioning
By
Michael Niehaus
Published Jul 08 2019 10:00 AM 46.9K Views
Michael Niehaus
Microsoft
‎Jul 08 2019 10:00 AM

Try out Windows Autopilot white glove pre-provisioning

‎Jul 08 2019 10:00 AM

Windows Autopilot enables organizations to easily provision new devices, taking them from the initial OEM factory configuration to a ready-for-productive-use state.  But depending on the amount of software and policies that need to be configured on the device, this provisioning process can take some time.

 

wg-today.png

 

For many organizations, users aren't used to waiting that long for the device to be provisioned; the time-consuming steps are done before the user ever sees the device because IT technicians or partners perform those steps before the device is delivered.  With the release of Windows 10 version 1903, we can support that same type of process with Windows Autopilot, leveraging the white glove pre-provisioning capabilities.

 

wg-new.png

 

To read more about the Windows Autopilot white glove capabilities, see the main documentation page for the feature.  At a high level, here are the steps involved:

 

  • Modify your existing Windows Autopilot profiles to opt into white glove pre-provisioning by enabling the "Allow White Glove OOBE" option.
    whiteglove.png
  • After the device has been registerd with Windows Autopilot and the profile has been assigned, boot the device to start the out-of-box experience (OOBE).  On the first language/locale screen, press the Windows key five times.
  • Choose Windows Autopilot pre-provisioning from the available choices.
  • Use the presented QR code to reconfigure the device in Intune (see the sample Windows Autopilot Companion app), if necessary.
  • Click the Provision button to start the pre-provisioning process.  This will join the device to Azure Active Directory or Active Directory and enroll it in Intune, then apply all the device-targeted policies, as well as any user-targeted Win32 apps (as long as they are configured to install in the device context).
  • When the device finishes the pre-provisioning process, click "Reseal" to prepare the device for the user.
  • Deliver the device to the user so they can complete the process by going through the standard Windows Autopilot user-driven process.

Here's a video that shows the process (edited for time), showing both the technician-driven pre-provisioning process, as well as the user-driven process that happens very quickly.

 

 

Behind the scenes, the Windows Autopilot white glove pre-provisioning process leverages the same process used by self-deploying mode (so it has the same TPM attestation requirements), and it requires using a wired Ethernet connection (to avoid having to configure the language, locale, and keyboard as part of the pre-provisioning process, needed before a Wi-Fi connection could be made).

 

Try it out yourself, and if you have any issues you can ask for help via the "Help and Support" node in the Intune portal.

12 Comments
jurajt
Brass Contributor
‎Jul 08 2019 11:04 AM
‎Jul 08 2019 11:04 AM

the wired connection is certainly not required. what I've been doing, is pressing shift+f10 to launch a command prompt, then win+u to get to settings, there I click the Network section and click Show available networks, which gives me wireless menu in bottom left. from that point on, i can preprovision the device as if it were using ethernet.

wroot
Silver Contributor
‎Jul 08 2019 12:20 PM
‎Jul 08 2019 12:20 PM

I know what you are trying to fix, but isn't it kind of going against the main Autopilot idea? :) So, you can't just deliver PC from manufacturer/reseller to user's door steps. You need to take it to IT (or talk to OEM to unpack it, do stuff, pack it back) and prepare. Why not prepare it the old school way then (image, clone, MDT, etc.)?

0 Likes
Like
Michael Niehaus
Microsoft
‎Jul 08 2019 12:24 PM
‎Jul 08 2019 12:24 PM

You are assuming that the white glove process is done by the customer - it could just as easily be done by the OEM, distributor, reseller, or other partner before the device is shipped.

 

This isn't a solution for everyone, it's just for those customers who don't believe their users are willing to sit and watch while their device is being provisioned with all the needed software and settings.

jurajt
Brass Contributor
‎Jul 08 2019 12:38 PM
‎Jul 08 2019 12:38 PM

we're using autopilot internally, to preprovision devices by IT personell.

besides of that, ethernet connection makes windows remember the DNS suffix of the last connected network, causing issues with another of our services using network discovery (dns-sd printers), therefore ethernet can't be used.

however, you're right - the point about manufacturer doing the preprovisioning is very valid. 

0 Likes
Like
Simon Scharschinger
Copper Contributor
‎Jul 15 2019 05:52 AM
‎Jul 15 2019 05:52 AM

Hi, exist a list of vendors who support White Glove out of the box? So can HP for example deliver white glove enrolled clients?

0 Likes
Like
agneum
Copper Contributor
‎Jul 29 2019 06:18 AM
‎Jul 29 2019 06:18 AM

I'm having a hard time getting this to work on any PC I try it with, existing or old. I install Windows 1903 .iso from scratch, then run a script in the first stage of the OOBE and collect the hardware ID. After which I upload it to Intune > Enroll Devices > Windows Devices > Devices. 

 

Then I'm stuck. Either I get a red screen directly after it finishes enrolling, or it gives me the green ok screen but where I still have to sign in and download all the applications. Tried with ASUS, Lenovo computers with TPM 2.0. I'm using autopilot profile (user driven). 


At this point I'm considering going back to imaging, because so far the experience has been anything but smooth.

0 Likes
Like
agneum
Copper Contributor
‎Jul 29 2019 06:36 AM
‎Jul 29 2019 06:36 AM

I'm having a hard time getting this to work on any PC I try it with, existing or old. I install Windows 1903 .iso from scratch, then run a script in the first stage of the OOBE and collect the hardware ID. After which I upload it to Intune > Enroll Devices > Windows Devices > Devices. 

 

Then I'm stuck. Either I get a red screen directly after it finishes enrolling, or it gives me the green ok screen after one minute but where I still have to sign in and download all the applications (It has to download Office for instance,which obviously doesn't take a minute). Tried with ASUS, Lenovo computers with TPM 2.0. I'm using autopilot profile (user driven). 


At this point I'm considering going back to imaging, because so far the experience has been anything but smooth.

0 Likes
Like
tonysperbeck
Copper Contributor
‎Aug 28 2019 06:19 AM
‎Aug 28 2019 06:19 AM

We've been successfully employing White Glove for our Surface deployments for a couple weeks now.  We actually use MDT to wipe and perform a fresh install of Windows 10 Enterprise.  The MDT Task Sequence also registers the device in Intune AutoPilot and kicks off sysprep /oobe.

 

I'm always in the pursuit of zero touch, so has anyone figured out a way to automate the pressing of the Windows key 5 times, and perhaps the subsequent Windows Autopilot Configuration screen?

0 Likes
Like
nmurthy
Copper Contributor
‎Feb 26 2020 05:38 AM
‎Feb 26 2020 05:38 AM
 

 

Michael Could you confirm why account type as Administrator for WhiteGlove devices as per screenshot in the blog?. Can it be standard user?
 
 
0 Likes
Like
Michael Niehaus
Microsoft
‎Feb 26 2020 11:19 PM
‎Feb 26 2020 11:19 PM

@nmurthy Either Administrator or standard user can be specified.

0 Likes
Like
MattMT
Copper Contributor
‎Nov 23 2020 01:24 PM
‎Nov 23 2020 01:24 PM

@Michael Niehaus  We have been ironing out the White Glove approach for our deployment of devices. After working with Microsoft and realizing we need to delete and re-add the hardwareID import of the device between each use, we are not running into a new road block with this. 

 

The White Glove works great. It is super fast and allows our IT staff to reseal the device. Once they ship the device to end users, the end user receives a login error "We can't sign you in with this credential because your domain isn't available." Any suggestions or thoughts on this specific problem? It appears that the Hybrid Join may not allow us to use the White Glove approach but I have not seen that anywhere in documentation. 

 

Windows 1909, Hybrid Join, Pass through Auth

0 Likes
Like
pvincent
Copper Contributor
‎Apr 20 2021 09:08 AM
‎Apr 20 2021 09:08 AM

Hi @Michael Niehaus - thank you for your great write-ups.

I found a nuance with "Pre-Provisioning" in that none of my devices were showing the "Select Region" screen in OOBE, so I was unable to initiate the WINKEY sequence to bring up the pre-provisioning menu.  Finally I traced it back to my "Autopilot Deployment Profile", which - by default - configures the "Language (Region)" selection to "Operating system default".  This means that the OOBE will never display the region page, and you can never initiate pre-provisioning".  Once I changed that setting to "User select", the OOBE now displays the region page and I use the WINKEY press to bring up the menu.  I have not found this "gotcha" documented anywhere, so perhaps this can be added to the MSFT Docs. 

 

Version history
Last update:
‎Jul 08 2019 09:47 AM
Updated by: