Windows Autopilot step by step

How to Set Up Windows Autopilot – Step-by-Step (Real-World Guide)

Introduction

A few years ago, provisioning a new device meant downloading a Windows ISO, importing it into SCCM, customizing images, injecting drivers, and ensuring the device was on the corporate network. It was time-consuming and not possible over the open internet.

Today, Windows Autopilot has completely transformed this process. Devices can now be shipped directly to users and configured automatically over the internet with minimal IT involvement.

In this blog, I’ll walk you through how to set up Windows Autopilot step-by-step, along with real-world insights from enterprise deployments.

What is Windows Autopilot?

Windows Autopilot is a cloud-based deployment technology that allows organizations to:

    • Provision devices without reimaging

    • Automatically join devices to Azure AD and Hybrid AD

    • Enroll devices into Intune

    • Apply policies, apps, and security configurations

Prerequisites

Before starting, ensure you have:

    • Microsoft Intune subscription

    • Azure AD (Entra ID)

    • Devices running Windows 10/11

    • Admin access to tenant

    • Internet connectivity

Step 1: Get Device Hardware Hash

To register devices in Autopilot, you need the hardware hash.

Option 1 (Manual – Existing Device)

Run PowerShell:

Install-Script Get-WindowsAutopilotInfo
Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv

Upload this file later.

Real-World Tip

In enterprise environments, always work with OEM vendors (Dell, HP, Lenovo) to upload hardware hashes directly. This saves massive effort.

Step 2: Import Devices into Autopilot

    1. Go to Microsoft Intune Admin Center

    1. Navigate to:
      Devices → Windows → Windows enrollment → Devices

    1. Click Import

    1. Upload the CSV file

Real-World Insight

Sometimes devices take 10–15 minutes to appear after import—this is normal.

Step 3: Create Device Group

Create an Azure AD group:

    • Example: Autopilot-Devices

    • Type: Dynamic (recommended)

Dynamic rule example:

(device.devicePhysicalIds -any (_ -contains "[ZTDId]"))

Step 4: Create Autopilot Deployment Profile

    1. Go to:
      Devices → Windows → Windows enrollment → Deployment Profiles

    1. Click Create Profile

Recommended Settings:

    • Join type: Azure AD Joined

    • User account type: Standard

    • Skip privacy settings: Yes

    • Skip EULA: Yes

    • Automatically configure keyboard: Yes

Real-World Tip

Always set users as Standard users for better security (Zero Trust approach).

Step 5: Assign Profile to Device Group

    • Assign the profile to your Autopilot device group

    • Wait for assignment (can take 10–30 mins)

Step 6: Configure Apps & Policies in Intune

Configure:

Apps

    • Microsoft 365 Apps

    • Company Portal

    • Security tools

Policies

    • Compliance policies

    • Configuration profiles

    • Endpoint security

Real-World Insight

Keep your initial deployment lightweight:

    • Avoid deploying too many apps during Autopilot

    • It can slow down provisioning

Step 7: Reset Device (OOBE Experience) this is only needed for reclaim devices this step not need for new devices

To test:

    • Reset device → Out of Box Experience (OOBE)

Steps:

    1. Turn on device

    1. Connect to internet

    1. Enter corporate email

What Happens Next

Autopilot will:

    • Identify device

    • Join Azure AD

    • Enroll in Intune

    • Apply policies

    • Install apps

Real-World Experience

In one deployment, we moved from SCCM imaging to Autopilot for 500+ devices.

Before:

    • Imaging time: 2–3 hours per device

    • Required corporate network

After:

    • Setup time: ~30–45 minutes

    • Devices shipped directly to users

    • Fully remote provisioning

 This drastically improved user experience and IT efficiency

Common Issues & Fixes

Device not recognized

    • Check hardware hash uploaded

    • Sync device in Intune

Profile not assigned

    • Check group membership

    • Wait for sync

Slow deployment

    • Too many apps assigned

    • Large app packages

Security Best Practices

    • Use Standard user accounts

    • Enable BitLocker encryption

    • Apply Compliance policies

    • Implement Zero Trust model

Benefits of Windows Autopilot

    • No need for imaging

    • Remote deployment

    • Better security

    • Reduced IT effort

    • Faster onboarding

Conclusion

Windows Autopilot is a game-changer for modern IT environments. It replaces traditional imaging with a cloud-first approach, enabling organizations to deploy devices securely and efficiently from anywhere.

If you’re still relying on legacy imaging methods, now is the right time to transition to Autopilot.