Dec 15 2020
Software

What is Windows Autopilot & How Can it Be Used to Configure Devices?

Most schools have significantly increased their device fleets. Here’s how to smoothly deploy and manage those devices.
by

Russell Smith is a technology consultant and trainer specializing in management and security of Microsoft server and client technologies. He is a Microsoft Certified Systems Engineer with more than 15 years of experience.

What is Windows Autopilot? Autopilot is a set of technologies for automatically setting up, configuring and resetting devices. As K–12 schools continue with remote learning or move to hybrid learning environments, IT staff need to deploy and manage mobile devices more effectively.

Here are four tips for getting the most out of Autopilot.

1. Ask Vendors to Add Devices to Azure AD

IT staff can manually register devices with Autopilot by uploading hardware IDs. Use Microsoft Endpoint Configuration Manager or PowerShell to find hardware IDs for existing devices. Make sure devices aren’t connected to the Internet before capturing the hardware ID and assigning a device profile.

Microsoft recommends that original equipment manufacturers, resellers, distributors or Microsoft partners that are members of the Cloud Solution Provider program be given consent to register devices in Azure Active Directory on your behalf. This saves IT time, and it means that devices can be shipped directly to students and teachers.

Signup to be an EdTech Insider! Signup to be an EdTech Insider!

2. Use Azure AD Dynamic Groups and Tags to Target Devices

Groups are used to target devices, so they receive a specific Autopilot deployment profile. IT can manually assign devices to a group or use dynamic groups, where an advanced rule is used to automatically define group membership.

Azure AD objects should be tagged with three properties before devices join the tenant domain. Tags can be used in the rules that populate dynamic groups. All Autopilot-registered devices are tagged with ZTDId, and PurchaseOrderID and OrderID values can be set when devices are uploaded to Microsoft Intune.

For example, (device.devicePhysicalIDs -any _ -contains “[ZTDId]”) adds all Autopilot-registered devices to a dynamic group.

GET HELP: CDW can help ease the burden of Windows Autopilot setup and management for schools.

3. Configure a Preferred Azure AD Tenant Domain

Microsoft recently added a new feature to Intune for Education that allows IT to set a preferred Azure AD tenant domain. If a preferred tenant domain is not set, when users sign in to Windows, they must provide their full username, which includes an alias and the domain name assigned to the Azure AD tenant. Setting a preferred tenant domain simplifies device sign-in for users.

If IT sets a preferred tenant domain in Intune, students and teachers need only provide their alias.

4. Employ ADMX Templates to Configure Device Settings

Configure as many device settings as possible by enrolling them with Microsoft Intune. Windows 10 is missing many settings in mobile device management policies that schools previously managed using Group Policy. But some Group Policy ADMX templates are supported for configuring settings in Intune.

Schools can use Intune’s Group Policy analytics to determine which Group Policy settings are supported on mobile devices. Some settings are supported natively in MDM policy; others by using ADMX template support. Most current ADMX settings are for Microsoft Edge and Office apps, but many more are planned for 2021.

Brought to you by:

Microsoft Microsoft

More On

Related Articles

Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Click Here to Read the Report