Skip to main content
Matrix42 Self-Service Help Center

Azure AD Integration III: Windows Autopilot

Windows Autopilot Overview

Windows Autopilot is Microsoft's deployment program that uses a collection of technologies to fast setup and pre-configure new devices. In general, it is similar to Apple's Device Enrollment Program or the Knox Mobile Enrollment or Android Zero Touch for Samsung and Android devices.

Devices or device identifiers will be added to a cloud service and when devices or users are starting with the out-of-the-box experience, internet connected devices will contact the cloud service and will retrieve configurations. To add devices to the cloud service, you have different options and the first one is to get in contact with your hardware vendor as they might be capable to add devices after purchasing them into the Windows Autopilot deployment program for you. Another option is to add devices manually to Windows Autopilot and this is what we will do within this Guide.

In general Windows Autopilot simplifies the complete lifecycle of the device. Users will be able to easily enroll devices from the out-of-the-box experience without any interaction of the IT department. Your users only need to connect to an internet connection, and they need to know their Azure Active Directory Credentials and can enroll the device within a few steps. After that, Silverback can apply all configurations and can transform the device into an enterprise ready and secured device and can install the UEM Agent to install Software Packages on top. Additionally, you can easily deploy the EgoSecure Data Protection agent for an additional security layer. 

We have added an additional Knowledgebase Article: Windows 10/11: All about Windows Autopilot that provides more information about Windows Autopilot. 

Requirements

Register device

We will describe the manual process of how to get the device registered to your organization. Contact your hardware vendor to do it on your behalf

Get Hardware ID

  • Install Windows 10 1703 or above on a client or on a virtual machine
  • Open Powershell as an administrator and run the following command
    • Install-Script –Name Get-WindowsAutoPilotInfo -RequiredVersion 1.2 (other versions will not include the mandatory Product ID value)
    • Accept the bunch of prompts
  • Navigate in Windows Explorer to C:\Program Files\WindowsPowerShell\Scripts\ and check if the installed script is listed
  • The next step is to use the script to pull the device information from WMI
    • Use command in PowerShell Set-ExecutionPolicy unrestricted
    • Accept the prompts
    • Now navigate in PowerShell to  C:\Program Files\WindowsPowerShell\Scripts
    • Use the following command: .\Get-WindowsAutoPilotInfo.ps1 -OutputFile .\myautopilot.csv
  • If everything went well you should now see a .CSV file with the name you chose in the set location
  • Take the .csv file and copy it to a USB Device or to a Network Share or proceed on your current machine

Upload Hardware ID

  • Open Browser and open Windows Store for Business
  • Sign-In as a Administrator
  • Go to Manage
  • Accept to share Data with Microsoft Store for Business
  • Navigate to Devices
  • Click Windows AutoPilot Deployment Program
  • Click + Add devices
  • Select and upload your .csv file
  • Create now your first AutoPilot Deployment Group
    • Enter as name e.g Silverback
    • Click Add
  • Your request will now be processed
  • Your device should appear now 

Create new Profile

  • Click AutoPilot deployment
  • Click Create new profile
  • Configure your Profile
    • Enter as name e.g. AutoPilot
    • Enable Skip privacy settings (optional)
    • Enable Disable local admin creation on the device (optional)
    • Enable Skip End user License Agreement (EULA) (optional)
  • Click Create

Link Devices

  • Use the checkbox to select any or your imported devices
  • Click on AutoPilot deployment
  • Apply to your previous created Profile

Factory Wipe

Depending on newer Windows 10/11 versions, the step by step guide might be different

  • Navigate to Windows Settings
  • Click Update & Security
  • Click Recovery
  • Click Get started to reset this
  • Click Remove everything
  • Choose
    • Just remove my files (recommended)
    • Remove files and clean the drive (optional)
  • Plug your PC in
  • Click Reset
  • Wait until the reset process is finished

Client Enrollment

The registration process on Microsoft can take up to 24h until the Device Enrollment will work. 

  • Start the Out-of-box-experience of your Windows 10/11 Device
  • Select your Region
  • Select the right keyboard layout
  • Add, if needed, a second keyboard layout or skip
  • Add your network
  • You now see that the device belongs to your organization

Windows 10_SB_04.png

  • Type in your Azure AD Username. This is the email address to use to login into Office 365 and similar Microsoft Online Services
  • Enter your Password
  • Accept Terms of use
  • Wait until the device will start

Windows 10_SB_05.png

  • Create your PIN for using as a sign-in method (forced by Microsoft)

Next Steps

  • Was this article helpful?