Guide
🇬🇧 UK Focus 📅 Loading…
Getting Started Intermediate ⏱ 12 min

Setting Up Windows Autopilot with Intune — Step by Step

Windows Autopilot lets you provision new laptops with zero IT intervention. This guide walks you through the full setup from hardware hash collection to policy deployment.

Covers: intune

What is Windows Autopilot?

Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. It allows IT departments to ship laptops directly from a supplier to an end user — without IT ever touching the device.

When the user powers on the device and connects to the internet, Autopilot automatically joins it to Azure AD/Entra ID, enrols it in Intune, and applies your policies and apps — all in the background.

💡
  • Autopilot works best when combined with Microsoft Entra ID Hybrid Join or Entra ID Join. Pure Entra Join is recommended for new deployments.
  • Your device supplier may be able to pre-register hardware hashes — ask before purchasing new hardware.

Prerequisites

Before starting, you'll need: Microsoft Intune licence (included in M365 Business Premium), an Azure AD / Entra ID tenant, devices running Windows 10 1709+ or Windows 11.

  1. Ensure all users have an Intune licence assigned in Microsoft 365 admin centre
  2. Verify your Intune MDM authority is set to Intune (not SCCM)
  3. Enable automatic MDM enrolment in Entra ID → Mobility → Microsoft Intune
  4. Configure a custom company branding in Entra ID for the OOBE experience

Registering Devices

Devices must be registered in Autopilot before the out-of-box experience (OOBE). This is done by uploading hardware hashes — unique device identifiers — to Intune.

  1. On a test device, open PowerShell as Administrator
  2. Run: Install-Script -Name Get-WindowsAutoPilotInfo
  3. Run: Get-WindowsAutoPilotInfo -OutputFile C:\hash.csv
  4. In Intune portal: Devices → Windows → Windows enrolment → Devices → Import
  5. Upload the CSV file and wait for the device to appear (can take 15 minutes)
💡
  • For bulk deployments, ask your hardware vendor to register devices at purchase via the Microsoft Partner Centre.
  • The Get-WindowsAutoPilotInfo script is also available from PowerShell Gallery.

Creating an Autopilot Profile

Autopilot profiles define the OOBE experience your users will see. You can skip privacy settings, hide the licence agreement, and pre-configure the device name format.

  1. In Intune: Devices → Windows → Windows enrolment → Deployment Profiles → Create Profile
  2. Set 'Deployment mode' to User-Driven for personal devices, or Self-Deploying for shared/kiosk devices
  3. Set 'Join to Azure AD as' → Azure AD joined
  4. Enable 'Skip keyboard selection', 'Skip privacy settings', 'Skip EULA'
  5. Under Device name template, use e.g. UK-%RAND:5% for a consistent naming convention
  6. Assign the profile to your Autopilot device group

Testing the Deployment

Before rolling out to users, test the full flow on a spare device to catch any policy conflicts or app installation failures.

  1. Factory reset a registered test device (Settings → System → Recovery → Reset)
  2. Connect to Wi-Fi on the OOBE screen — Autopilot kicks in automatically
  3. Sign in with a test user account
  4. Monitor the enrolment status page — it shows app and policy progress
  5. Verify in Intune that the device appears compliant and all required apps are installed

If any required apps fail to install during ESP (Enrolment Status Page), the device will be stuck. Test all required app deployments before going live.