Windows Autopilot is modernizing the way you deploy Windows. It simplifies the process by eliminating the complexity associated with creating, maintaining, and distributing custom images while reducing the overall total cost of ownership.
We’re constantly improving Windows Autopilot based on the feedback that we receive from you and our other customers around the world. One of the most popular requests has been, “When will Windows Autopilot support on-premises Active Directory enrollment for Windows 10 devices?”
Hybrid Azure AD join
Today, we are excited to introduce support for Hybrid Azure AD join (on-premises AD) using Windows Autopilot user-driven mode. This capability is now available with Windows 10, version 1809 (or later).
In this mode, you can use Windows Autopilot to join a device to an on-premises Active Directory domain. Configuring this feature is very similar to the Windows Autopilot user-driven mode process today:
Register the device with Windows Autopilot.
Create an Autopilot deployment profile specifying Hybrid Azure AD as the method in which you would like to join devices to Azure AD.
Install the Intune Connector for Active Directory on a computer running Windows Server 2016 (or later).
In the Create Profile blade for user-driven mode, there will be a new option under Join to Azure AD as labeled Hybrid Azure AD joined (Preview).
Selecting this option is all you need to do from a deployment profile standpoint to configure Windows Autopilot user-driven mode for Hybrid Azure AD.
The next step is to configure the new Intune Connector for Active Directory. This connector will be used by Microsoft Intune to communicate with your on-premises domain controller during the Windows Autopilot process.
The Intune connector requires a device configuration profile to specify the domain join and computer naming details. To set up this profile:
In Intune, choose Device configuration > Profiles > Create Profile.
Enter the following properties:
Name: Enter a descriptive name for the new profile.
Description: Enter a description for the profile.
Platform: Choose Windows 10 and later.
Profile type: Choose Domain Join (Preview).
Choose Settings and provide a Computer name prefix, Domain name, and Organizational unit (optional).
Choose OK > Create. The profile is created and appears in the list.
What’s great about Windows Autopilot user-driven mode for Hybrid Azure AD is that it benefits from the rest of the great features of Windows Autopilot. Not only is it compatible with the Enrollment Status Page, it also allows you to configure things like:
Skipping specific pages in the OOBE
Auto-accepting the Windows EULA on behalf of the end user
Preventing users from opting out of Windows Autopilot
Specifying an account to be an administrator or standard account
Earlier this year, we announced expanded partner support for Windows Autopilot, which helps make the registration process easier for new devices. We shared that Microsoft Surface, Dell, HP, Lenovo, and Toshiba are now participating device manufacturers for Windows Autopilot—with Panasonic and Acer coming soon. For existing devices, you could use a script to extract and upload device IDs to use with Windows Autopilot; however, this solution involved querying each device, which proved to be challenging for some organizations.
That is why we’re also excited to announce a new Microsoft Intune capability that will make it easier for you to use Windows Autopilot with existing devices by allowing you to automatically register all targeted devices with Windows Autopilot. Available as part of the Windows Autopilot deployment profile creation page in Intune, you will now be able to create a Windows Autopilot deployment profile and flag that profile so that it will automatically register any devices targeted by that profile into Windows Autopilot.
With this feature, you simply enable automatic Windows Autopilot registration in a deployment profile and target that profile to all devices in the organization. The next time a targeted device checks into Intune, it will be automatically registered into Windows Autopilot and show up in your list of registered devices.
Self-deploying mode and support for existing devices
In addition to the two new capabilities discussed above. Windows Autopilot can enable you to easily transform your existing Windows 7 domain-joined devices into Azure AD-joined devices running the latest version of Windows 10. For prerequisites and step-by-step instructions, see Windows Autopilot for existing devices. (And, to save up to 20 minutes during the deployment process, see Michael Niehaus’ blog post on Speeding up Windows Autopilot for existing devices.)
For truly zero-touch provisioning, Windows Autopilot also features self-deploying mode, which allows you to register a device in your Azure AD tenant, enroll the device in the your MDM solution, and ensure that all policies, applications, certificates, and networking profiles are provisioned on the device before the user ever logs on. For more information on this scenario, see Windows Autopilot Self-Deploying mode.
Whether you’re new to Windows Autopilot, or are looking to take the next step in leveraging this modern deployment method, we have resources to help you on your journey: