Is Windows Autopilot worth the effort?!

My 2 cents.. autopilot aside from azure ad join, as mentioned stream lining the user setup process, apply security policies but for us the biggest part is the rolling out of apps and settings. Autopilot allows the easy deployment of systems without IT being at deskside.
Business case.. we are moving a 80 people client to Azure VDI multi-session setup and all their workstations are going to be wiped and turned into "thin-clients". We want auto-pilot to post OSDcloud setup to be able to able login and have core apps installed and users being given the appropriate access.. autopilot is our champion :) to streamline simplicity of rollout at the the endpoint level :)

rometheis

Using AP with AAD join and love it. Great for redeploying the same device for a new remote staff member.

GregThomson

i work on a school and we re-image all the returned laptops so autopilot is a must for us since laptops already get the same policies we assigned to them.

but if you are not gonna be re-imaging devices on a regular basis. i would not even boder

leonidasperez

I believe that new Intune policies can suppress a non-autopilot join to AAC as being an administrator. Need to test. After several years of autopilot - the biggest drawback I've experienced is when a motherboard replacement is required (in my case, Dell) and the end result is a laptop in an only semi-attached state. You actually have to open up a support ticket with Microsoft from your M365 admin portal - and request that the new motherboard be de-registered from wherever it came from - and re-registered to your company. This can add multiple days in returning the laptop - which technically has been "fixed" to the end-user. Thoughts?

bethesdaadk

I work for Microsoft as an Intune SME and the biggest reason companies leverage Autopilot is for zero touch deployment, the ability to let the machine install configurations and Apps during the provisioning state

CGRealStudios

AutoPilot allows an admin to pre aprove/auth the hardware to become 'corporate' owned. This is great when you want to limit any computer hardware being AAD joined.

alistairfreedom

Hello, thanks for the video. I think you missed one major area of autopilot enrollment, yes you can adjust the users enrollment like you mentioned. But there is the Administration side of enrollment. AutoPilot forces the administration task of logging, assigning a user, device groups… etc. If you are a business you want this. I call it chain of custody.

alexfair

Haven't done a windows 11 like the examples. But from my experience, windows 10 give you the option to setup as personal. So it will skip enrolment which a user can do in non autopilot

summoner

Isn't a large selling points of autopilot... Autopilot reset?

isMySweetHoney

Doesn't AP also let you have machines be flagged as corporate and not personal so incase you have conditional access configured for both types?

MrMarcLaflamme

I feel like Microsoft ought to rename autopilot. It’s kind of a meaningless word now, at least in the context of what their original intent was don’t you think? A better choice might be a word closer to what most of us are setting up our autopilot systems to do: OOBE, the Out of the Box Experience. OOBE is agnostic; it doesn’t matter if you select AAD or HAAD. It doesn’t matter what type of settings under each of these are selected. The OOBE is what drives everything.

JLALALALA

The main factors driving us to AutoPilot were by default creating a standard user account. Theft or loss of equipment, Autopilot devices even if wiped will come back up to the enrolment page. Pre-provioning apps, aka white glove. I will say MS has made a complete hash of Autopilot with hardware vendors, especially when you compare it to something like ABM/DEP.

strikesbac

Interesting video, great stuff :)

Working for an MSP, Autopilot is more of a selling tool for us. We make a big song and dance about shifting a potential new client to the cloud and any new device just works out the box. For the client, it's quite cool.

In my mind, there are only two real benefits of Autopilot

Users won't have local Admin rights.
The machine is enrolled into their tenant.

Autopilot lost some of its magic, for the end user, when they got rid of the personalised experience

danpowell

I think in my situation half the battle is really getting the buy in from our service techs who are so used to the 'relative ease' of the old PXE boot Task Sequence provisioning method. For new devices its so much easier provisioning and getting it ready - otherwise any new hardware I have to get drivers etc... so socializing new hardware is a pain. Sure, at the moment our implementation for various reasons isn't much quicker than the PXE method, but with new models it does seem to be marginally quicker. Some techs have taking to it like a duck to water, others need a bit more persuasion - to improve it we need them to use it and we can iron out the issues... Great video and a pertinent question!

NazidKimmie

Thank you! Nice insight!

So, how about if it's laptop purchased from a local store with Windows 10/11 Home pre-installed... Will those devices be allowed to sign in to (Azure AD) (work/school account)

And once the user signs in, we apply policies on InTune for:
Upgrade to Windows 10/11 Pro
Join Hybrid AzureAD/AD
Push apps
Push policies
EPP/Bitlocker Encryption
and etc..?

HANEEF

Idk, I run a hybrid AAD environment and so I've never had an experience where someone was ever an Admin. Also autopilot and hybrid AAD definitely works fine if you want it.

JustSomeGuy

So are you saying just add the machine hash into intune and then once it’s added long as user has an aad account the user can login while also allowing the Intune Admin to manage the device. I guess if the company is 100% cloud it may work 🤔

marquisdavis

How did you get the icon for your org to show up on the autopilot device? My devices are autopilot enabled and I don’t see it even though i have the icon set up in Azure?

maxpowers