Knowledge Base ​ > ​ ​Windows Device Management ​ > ​ ​Enrolling Windows Devices ​ > ​ ​Azure Active Directory Enrollments ​ > ​   Configure Windows Autopilot with Scalefusion

Configure Windows Autopilot with Scalefusion

Updated 6 months ago by Sriram Kakarala

Windows Autopilot streamlines the way Windows devices get deployed, reset and repurposed with an experience that is zero-touch for IT. Once you have setup Windows Autopilot, the new Windows 10 devices that you procure can be directly shipped to users with an assurance that they will be enrolled to Scalefusion on first boot.

Windows Autopilot enables you to:

  • Automatically join devices to Azure Active Directory (Azure AD)
  • Auto-enroll devices into Scalefusion.
  • Restrict the Administrator account creation.
  • Create and auto-assign devices to configuration groups based on a device's profile.
  • Customize OOBE content specific to the organization.

Prerequisites

  1. Azure AD with Azure AD Premium Subscription with Intune License.

Overview

Setting up Windows Autopilot requires the following steps to be done before the devices can be enrolled,

  1. Setup Azure AD Join in Scalefusion
  2. Create a Deployment Profile in Azure AD
  3. Generate the Hardware IDs of the Windows 10 devices
  4. Upload the Hardware IDs of the Windows 10 devices in Azure AD
  5. Assign Users to these Hardware IDs

This document guides you on how to setup Azure AD to enable Windows Autopilot.

Step 1: Setup Azure AD an Autopilot in Scalefusion

  1. Please refer to our Azure AD setup to enable Azure AD based enrollment.
  2. Once the above setup is done the Azure AD Autopilot section gets enabled. This section helps you in the following,
    1. Download Script: You can download a script that can be used to extract hardware ids from your existing devices.
    2. Windows Autopilot Devices: This section displays the autopilot devices that Scalefusion retrieves from Windows Autopilot service.

Step 2: Creating a Deployment Profile in Azure AD

The Deployment Profile controls the OOBE experience for your end users. You can select the defaults for every device and make sure that the on-boarding experience is same across users.

  1. SignIn to Azure portal.
  2. Navigate to Device Enrollment > Windows Enrollment
  3. From the options, click on Deployment Profiles to create a default deployment profile
  4. Click on Create Profile to create a new profile
  5. In the Basics section enter the following details and click Next
    1. Name: A name for the profile
    2. Convert all targeted devices to Autopilot: Enable this If you want all devices in the assigned groups to automatically convert to Autopilot. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will enroll it.
  6. Configure Out of the box experience (OOBE) as per your requirements and click Next,
    1. Deployment Mode: To enforce user credentials to enroll the device select User Driven.
    2. Join to Azure AD as: Select Azure AD joined
    3. Microsoft Software License Terms: (Windows 10, version 1709 or later) Choose if you want to show the EULA to users.
    4. Privacy settings: Choose if you want to show privacy settings to users.
    5. Hide change account options (requires Windows 10, version 1809 or later): Choose Hide to prevent change account options from displaying on the company sign-in and domain error pages.
    6. User account type: Choose the user's account type Administrator or Standard user.
    7. Allow White Glove OOBE (requires Windows 10, version 1903 or later): Choose Yes to allow white glove support.
    8. Apply device name template: Choose Yes to create a template to use when naming a device during enrollment. Names must be 15 characters or less, and can have letters, numbers, and hyphens. Names can't be all numbers. Use the %SERIAL% macro to add a hardware-specific serial number. Or, use the %RAND:x% macro to add a random string of numbers, where x equals the number of digits to add.
    9. Language (Region)*: Choose the language to use for the device. This option is only available if you chose Self-deploying for Deployment mode.
    10. Automatically configure keyboard*: If a Language (Region) is selected, choose Yes to skip the keyboard selection page. This option is only available if you chose Self-deploying for Deployment mode.
  7. In the Assignments tab you can choose to associated this profile with all devices or selected groups. Click Next
  8. In the last section review the settings and click Create to save the profile,
  9. Once the Deployment Profile is saved it will get displayed in the list of profiles,

Step 3: Generating the Hardware IDs of the Windows 10 devices

Now that you have created the Deployment Profile, the next step is to upload the Hardware IDs of the devices. You can obtain the Hardware IDs of the devices in the following two ways,

  1. From Vendor: The Hardware IDs can be obtained by the vendor or reseller from where you have procured the Windows 10 devices. Typically the vendor provides you a CSV file that can be uploaded to Azure AD portal.
  2. Extract Hardware ID using Script: If you want to enroll your existing devices to Autopilot then you can use the script provided by Scalefusion. Please follow the steps below to extract the HW-Id.
    1. Sign In to Scalefusion Dashboard. Navigate to Mission Control > Windows Setup > Windows Autopilot. Click on Download Script and download the script.
    2. Copy this Script file to the PC for which you want to extract the Hardware Id.
    3. Once copied, on the target machine open the command prompt with administrator privileges and execute the batch file.
      You can also right click on the batch file and run it as an administrator.
    You will be shown a warning asking you to confirm if you want to execute this file. Choose Run Anyway
    1. Once the batch file is executed, it generates a CSV file with name AutopilotHWID.csv, that is copied to the current directory where the batch file was executed.

Irrespective of how you obtained the CSV file, it typically has 3 columns

  • Device Serial Number
  • Windows Product ID
  • Hardware Hash

Step 4: Uploading the Hardware IDs to Azure AD Portal

Once you have the CSV file, the next step is to update it to Azure AD portal. Follow the steps below,

  1. Navigate to Device Enrollment > Windows Enrollment . From the options click on Devices
  2. Click on Import
  3. Upload the CSV file that you obtained in Step 3 and click Import
  4. Once the CSV is imported, the screen will be updated to show the devices that are imported from the CSV.
    1. Profile Status: Shows that a Profile has been assigned to the device.
    2. Associated Azure AD Device: This displays the serial number of device. Once the device is enrolled this will display the name of the device.

Step 5: Assign Users to Hardware IDs

Once you have uploaded the Hardware IDs, you can optional assign them to users. This will make sure that only the assigned user can complete the enrollment on the Windows 10 device using their credentials.

If you are not sure which user will receive this machine, you can choose to skip this step.However if you choose to assign the user, you need to make sure that the user is assigned a InTune license.

Follow the steps below to assign a user,

  1. Select the Device click Assign user
  2. From the list of Users select the user and click Select

Checking the Autopilot Devices in Scalefusion Dashboard

  1. Once the above steps are complete, you can navigate to Scalefusion Dashboard and navigate to Mission Control > Windows Setup > Windows Autopilot
  2. Once you click on the Total devices, you will be shown the details of the devices that have been synced with Scalefusion Dashboard.
Sync Now: If you do not see your Autopilot device you can initiate a Sync using Sync Now option.

Now you are ready to ship your new devices to your users or factory reset the existing ones to enroll them again. Once the devices are powered on and a network connection is configured, they will be prompted to enroll the devices using their Azure AD credentials. Please have a look at our Out of Box enrollment guide to understand how autopilot enrollment works.

Frequently Asked Questions

Questions: How do we confirm that the Windows device has enrolled?

Answer: The enrollment status can be checked at two places,

  • Scalefusion Dashboard
  • Azure Portal:
    • Navigating to Devices > All Devices will display all the enrolled devices
    • Navigate to Device Enrollment > Windows Enrollment > Devices, click on the device and The Associated Azure AD device gets updated to the device name.

Questions: Would deleting an enrolled device from Scalefusion delete it from Autopilot service?

Answer: No. To remove a device from Autopilot, you would have to delete it from the Azure portal.

How did we do?

Powered by HelpDocs (opens in a new tab)