Brief Overview of Intune Autopilot

Microsoft Intune Autopilot is a cloud-based deployment and management solution that simplifies the process of setting up
and configuring new Windows devices. Instead of manual imaging and configuring devices, Autopilot allows organizations to
preconfigure devices, enroll them in Intune, and apply policies automatically with minimal IT intervention.
Why is Intune Autopilot Important?
1. Zero-Touch Deployment – IT teams can pre-provision devices, allowing users to set up their machines simply by
signing in.
2. Time and Cost Efficiency – Reduces the need for IT admins to manually configure each device.
3. Consistent and Secure Setup – Ensures that all devices receive the correct security policies, applications, and
configurations automatically.
4. Better End-User Experience – Employees can get started with their new devices faster without IT involvement.
5. Integration with Microsoft 365 & Azure AD – Automatically enrolls devices into Intune, Azure AD, and security
policies.
6. Remote Management – Ideal for remote workforces, as devices can be shipped directly to employees and configured
upon startup.
Note: This task is performed on a Windows 11 PC created in Hyper-V and enrolled in Microsoft Intune using Windows
Autopilot for automated deployment and management.
Navigate to the Microsoft Intune admin center. Select Devices, then go to Enrollment and click on Automatic Enrollment.

Setting MDM user scope to "All" allows all users in the organization to automatically enroll their Windows devices into
Microsoft Intune for centralized management. Enabling Windows Information Protection (WIP) user scope to "All" ensures
that WIP policies are applied to protect corporate data from unauthorized access. These settings help streamline device enrollment
and enhance security by managing and safeguarding organizational data on enrolled devices.
Create a group to automatically manage Windows 11 PCs enrolled via Autopilot. This allows easy assignment of policies, apps,
and security settings, ensuring efficient deployment and compliance while reducing manual effort.

Here, you can simply provide a group name and description, then create the group.
Once the group is created, let's create an Enrollment Status Page (ESP). ESP ensures that devices complete necessary
configurations before users can access them. It helps track the progress of app installations, security policies, and compliance
settings during enrollment, ensuring a smooth and secure setup for Windows devices in Intune.

Here, click on Create.

To create a profile, provide a name and description, then click Next.

In this Settings page, make the necessary changes in the highlighted areas according to your requirements.
In the Assignments option, add the group you created earlier.
You can leave Scope Tags as they are for now.

Once everything looks good, you can create the profile.

Now, let's create a Deployment Profile. This profile will define how Windows Autopilot configures devices during enrollment.

In this wizard, click on Create Profile and select Windows PC.

In the Basic options, provide a name and description, then click Next.

In the Out-of-Box Experience (OOBE) section, you will see multiple options. You can edit or modify them as per your
requirements and then click Next.
Here, in the Assignment options, assign the group you created earlier.
Once everything looks good, click on Review + Create to finalize the deployment profile.

Once the Enrollment Status Page (ESP) and Deployment Profile are created, you need to enroll the device in Intune, which
requires the Hardware ID of the device.
For this demo, we are using a Windows 11 PC created in Hyper-V. So, let's go to Hyper-V and open the Windows PC.
Once you are logged into your Windows PC, you need to perform a few steps to obtain the Hardware ID.
Open the browser and search for "Intune Autopilot PowerShell script" to find the necessary script for retrieving the Hardware
ID.
Click here to get the link.

Once you are on the page, scroll down until you find the PowerShell script. Then, copy the code for retrieving the Hardware
ID.
Now, open PowerShell with administrative privileges and run the PowerShell script to retrieve the Hardware ID.
Once the PowerShell script runs successfully, it will save the Hardware ID to your PC at the specified file path, which you
can then store locally or send to the location where you are managing Intune Autopilot for device enrollment.

Now, reset your Windows PC. To do this, go to System > Recovery, and you will see the option called Reset PC. Click on it
to begin the reset process, and then follow the images as given below.
In the meantime, while the Windows PC is resetting, navigate to the Intune Admin Center. In the Enrollment page, go to
Devices to enroll the Windows device.

Select the Import option and upload the .csv (Hardware ID) file of the Windows device, which you have already saved on your
system.
After successfully importing, you will see the device listed with its Serial Number in the Intune Admin Center.

After importing the device, add it to the related group. In this demo, we have already created a group called "Intune Test
Devices."

Now, the device is a member of the "Intune Test Devices" group, allowing it to receive assigned policies and configurations.

When you click on Devices, you will see the Serial Number of the device. Select the device and add it to the group.
Now, as you can see, the device is a member of the group, confirming its successful addition.

Once the device is successfully added to the group, let's add some apps so that when the user's device is launched, those apps
will be automatically deployed to the intended devices. For that, navigate to the option Apps, then select Windows.
Let's first add Microsoft 365 Apps. To do this, click on Add, then select Windows 10 and later.

Click Next.

In the Configure App Suite section, select the options as per the highlighted settings, then click Next.
In the Assignment option, add the group you created (Intune Test Devices) and click Next.
If all the configurations look good, click on Review + Create to finalize the setup.

Now, add one more app from Microsoft Store app (new). To do this, stay in the Apps section and click Add.
Select the App Type as Microsoft Store app (new) and click Next.

In this wizard, click on Search the Microsoft Store app (new).

For this demo, I have selected the app called Slack.

Click Next.

Assign the Slack app to the Intune Test Devices group.

Review the configuration, and if everything looks good, click Create to finalize the app deployment. This way, you can add
more apps to the group as per your requirements.

Until now, we have added two apps for the Windows PC.
In Intune, all the configurations are done, and the system is ready. Now, let's check your Windows PC. By this time, the PC has
been reset and is ready for login. Enter the user's login credentials to proceed.

Once the user logs in successfully, they will see the following setup screens:
1. Device Preparation
2. Device Setup
3. Account Setup
These steps indicate that the Intune Autopilot deployment is in progress, applying configurations, policies, and assigned apps.
When the setup is completed, the user will see all the assigned apps installed on the device, along with the applied policies and
configurations. The system is now fully provisioned and managed by Intune, ensuring that security settings, compliance
policies, and corporate resources are properly configured. At this point, the Windows PC is ready for use, and the user can start
working with all the necessary applications and settings in place.

Now, let's verify Intune. As you can see, the PC is successfully assigned to the user, confirming that the enrollment process is
complete, and the device is being managed by Intune.
Summary of Intune Autopilot Deployment for Windows 11 (Hyper-V)
This document covers the end-to-end process of enrolling a Windows 11 PC (Hyper-V) into Microsoft Intune using
Autopilot.
We configured Enrollment Status Page (ESP) and Deployment Profiles, created a device group, and extracted the Hardware
ID using PowerShell. The device was then imported into Intune, assigned to the group, and linked with the deployment profile.
To automate setup, Microsoft 365 Apps and Slack were deployed. After resetting the PC, the user logged in and completed the
Autopilot setup, making all assigned apps available.
Finally, verification in Intune confirmed that the device was successfully assigned and fully managed, ensuring a smooth and
automated deployment process.