Imagine a PC that configures itself—no manual setups or IT intervention required. With Microsoft 365's Autopilot, it’s a reality!

Autopilot can automatically configure your laptops and PCs with all the software that you need, and even better, it can configure them with all the relevant settings.

In this guide, I’m going to walk you through setting up Autopilot and explore its features. As always, for a more detailed walkthrough, make sure to head over to my YouTube channel for this video and for more Microsoft 365 tutorials and tips.

Without further ado, let’s get started.

Licensing Requirements

Now, you’re likely already thinking: ‘This sounds great, but very expensive’. I’m pleased to tell you that Autopilot is very affordable.

All you need is an Entra ID plan, one license or, I recommend purchasing a Microsoft 365 business premium license which includes Autopilot.

And, once you’ve sorted that out, it’s onto the good stuff, utilising Autopilot across the board so that you and your colleagues can work smarter, not harder

Create Entra ID Groups

Before I delve into Autopilot, it’s handy to get prepared. So, in the next steps I’m going to explain how to create Entra ID groups and take a look at branding for a more personalised experience.

1. Login into the Microsoft 365 admin centre as global admin. For this step, you'll need the relevant permissions to log into your own Microsoft 365.
2. The first thing to do is create a group. This group is going to be the group that all the devices I want to Autopilot fit into. So, in the Microsoft Azure portal, click on ‘Microsoft Entra ID’, displayed across the top bar. If you can’t see it, use the ‘Search’ bar at the top of the page.
3. Once opened, under ‘Manage’, click ‘Groups’. And, here you’ll see all of your groups. Click on ‘Create New Group’ and change ‘Group Type’ to ‘Security’. Name the group anything you’d like.
4. Under ‘Membership Type’, select ‘Dynamic Device’. This will allow you to then automate as much as possible. Select the ‘Owners’ and the next step is to add dynamic queries. Click on’ Add Dynamic Query’.
5. In my demo video, I show how to add all Windows 11 devices to the group, but Autopilot works across various operating systems. So, click on the dropdown menu ‘Property’ and select ‘Device OS Type’, then the dropdown menu ‘Operator’ and select ‘Equals’ and then in the Value box, type ‘Windows’.
6. Once you’ve done this, click ‘Add expression’ and then repeat the above steps but add in the operating code for Windows 11. You can be as specific as you need to be, but for showcasing how this works, I stick with a Windows operating system.
7. Before saving the group, click on ‘Validate Rules (Preview)’ which will show which devices will go into the group, based on the expressions selected.
8. . Click on ‘ +Add devices’. Select the devices you want to add to the Entra ID group, and then click ‘validate’. You’ll see green ticks next to each to confirm they’re included. You can then save the group.  Now, any other Windows 11 devices added will automatically go into the dynamic group.

Company Branding

The next thing I want to show you is company branding. It’s a great way to brand experiences for your users with a lot of different options.

1. Go back to ‘Home’ and click on ‘Entra ID’ and then ‘Company Branding’.
2. Click on ‘Edit’ and you’ll be brought to a selection of default sign-in options to choose from, as well as other types of personalisation. Choose the branding settings you’d like to implement for your users.
3. Be sure to edit the ‘sign-in text’ with a personalized message, this is a nice touch your colleagues will appreciate.

Add Hardware Hash to Intune

You might be asking ‘what even is a hardware hash?’, well every laptop or PC in the world has a unique hardware identifier, known as a hardware hash. In the next steps, I’m going to show you a couple of ways  to add hardware hashes manually to Intune.

1. Via the Microsoft manual for manually registering a device’s hardware hash, if you scroll down you will find ‘Powershell’ and an accompanying script that you can run. If you click on ‘copy’, then launch Microsoft Powershell as an Administrator, you can add in the coded script, which copies over a csv file into your drive. 
2. Head over to your Local Disk (C) and you will be able to open your own PC’s hardware hash data.

Alternative Steps

1. Go to ‘Home’ on your PC, and ‘Accounts’. Click on ‘Access work or school’, then ‘Export your management log files’ and click ‘Export’. 
2. Head over to your Local Disk (C), click ‘Users’, ‘Public’, ‘Public Documents’, ‘MDMDiagnostics’, and you’ll find the ‘MDMDiagReport’ click into that and you should see a device hash.

Importing to Intune

1. Go to the 365 Admin centre and click into ‘Endpoint Manager’. Once launched, click on ‘Devices’, then click on ‘Enrollment’ under ‘Device Onboarding’.

2. At the bottom of the page, you’ll see a section titled ‘Windows Autopilot’. Click on ‘Devices’ to start managing Windows Autopilot Devices.

3. Click on ‘Import’. Go to the folder in your Onedrive and open the device hash data. It might take a few minutes. Refresh the page, and you should see your device added.

Create Deployment Profiles

This next step dictates how the devices using Autopilot are configured. You should by this point, have your device set up as per the previous steps.

1. You will see that ‘Profile Status’ is ‘Not Assigned’. You’ll need to go back to the ‘Enrollment’ step and under ‘Windows Autopilot’ located towards the bottom of the page, you will see an option named ‘Deployment Profiles’, click into this.

2. Next, you want to click on ‘+ Create profile’. You can name this whatever you want, for example ‘Sales Department Profile’. Leave the ‘Convert all targeted devices to Autopilot’ as ‘No’. Then click on ‘Next’, which will bring you a page of further settings known as ‘Out-of-box experience (OOBE)’.
3. I prefer to leave the ‘Deployment mode’ setting as ‘User-Driven’. For ‘Join to Microsoft Entra ID as’ box, select ‘Microsoft Entra joined’. Leave the ‘Microsoft Software License Terms’ and ‘Privacy Settings’ hidden. I also hide ‘Change account options’ and change ‘User account type’ to ‘Standard’. Select ‘No’ for ‘Allow pre-provisioned deployment’.

4. You can also change the region too, so that it’s relevant for the user. Click ‘Yes’ for ‘Automatically configure keyboard’ and ‘Yes’ for ‘Apply device name template’. An example will pop up to help you to create a unique name for your device. Once named, click on ‘Next’ and you can ‘Add groups’ created earlier, then ‘Next’ and ‘Create’.

5. Refresh the page and you’ll see the profile you’ve created is visible. Go to ‘Windows Autopilot Devices’ and click the refresh button. You will see that the PC added is now assigned to the deployment profile.

How to Install Applications using Autopilot

In this next section, I’m going to talk you through the steps to ensure that Microsoft Office, Google Chrome, and ensure OneDrive is configured for your users.

Microsoft Office

1. Click ‘Apps’, ‘All apps’. Next, click ‘+Add’ and you’ll see a dropdown menu displaying all of the available apps you can add. Scroll down to ‘Windows 10 and later’ then click ‘Select’. 
2. A new page will open with options, click ‘Next’. You will then be presented with some further options, select the options that are relevant/you’d like to change and again, click ‘Next’.
3. Click on ‘Require’ and ‘included’, you can then select the users that you’d like to have the app. Once you’ve done this, click on ‘Next’.
4. This will bring you to the ‘review and create’ page, select ‘create’.

Google Chrome

1. Google ‘Google standalone enterprise version’. This will bring you to a page where you can download the Chrome browser for Windows. Make sure to click the ‘msi’ version and download Chrome.
2. Once downloaded, follow the same steps as before, except for when selecting app type choose ‘line-of-business app’. This will bring you to the ‘Add app’ page where you can add in the package file.

3. Follow the same steps as before through to ‘review and create, then select ‘create’.

Configure OneDrive & SharePoint Settings

Another great thing to do with Autopilot, is to ensure that everyone has access to  easily download OneDrive and Sharepoint too. Let me show you how…

1. Once you’re back in the Microsoft 365 admin centre, under ‘Admin centers’, click ‘Sharepoint’. Click into the Sharepoint site, in ‘Documents’, click ‘sync’, ‘cancel’, and ‘Copy Library ID’.
2. Paste the ID into a word document, using the Powershell command. Copy the command and open Powershell, click ‘Run as Administrator’ and paste the command. Powershell will then give you another little output which you need to copy.
3. Go back into Endpoint Manager, go to ‘Devices’, under ‘Manage Devices’ click ‘Configuration’, click ‘Policies’, then ‘Create a new policy’.
4. Select the relevant platform, make sure that the profile type is ‘Settings catalog’, then click ‘Create’
5. Name the profile, click ‘Next’, and ‘Add settings’, scroll down to find OneDrive. Under OneDrive scroll down, configure ‘team site libraries’ to ‘sync automatically’, which will appear on the left-hand side. I also suggest selecting ‘Silently move Windows known folder to OneDrive’, ‘Silently sign in users to OneDrive’, ‘Use OneDrive Files On-Demand’, enable them all.
6. Under ‘Configure team site libraries to sync automatically’, add in the user, add in the data copied earlier from Powershell so it will sync. Click ‘Next’, then under ‘Scope tags’ choose ‘All users’ and ‘All devices’. Then, click ‘Create’ and refresh the page’.

Testing Autopilot

The final step is to test everything out, to make sure it’s all working as it should be. I used a Windows 11 virtual PC to do this. Here’s the steps you need to follow:

1. Go into ‘Settings’ and ‘System’, then ‘Recovery’. Reset the PC.
2. Once the PC has restarted, you should see a bit of the company branding settings you added earlier and a ‘Sign in’ option. Login as the user.

3. After you’ve signed-in, you should see the apps installed automatically. If you click into OneDrive, you should also see that it is signed-in automatically. You can also check this in File Explorer, where OneDrive should automatically be signed-in.

4. If you go into the back-end, you should also see that Shared Drive has automated too.

Final Thoughts

Windows Autopilot in Microsoft Intune revolutionises how devices are deployed, reducing IT workloads and creating a seamless user experience. By following these steps, you can configure devices effortlessly, ensuring they’re ready for work with minimal intervention.

I hope that you’ve enjoyed this tutorial and for more 365 advice, you can reach out to Integral IT at [email protected] or visit www.integral-it.co.uk.