If you’re starting out from scratch with Intune’s Autopilot, this run through should help get the key elements established so that you get a build result to look over, and a platform rigged for further exploration.

Some things needed:

  • Azure Premium
  • Windows automatic enrolment

Go get an EMS E5 evaluation\trial, and get your tenant up and running, handle the DNS (CName), and if you want, use AD Connect to join it to an existing lab-based on-premise AD.

Let’s get going.

Retrieve the VM for AutoPilot information

I chose Windows 10 Build 1809 used for this run through.

Build yourself a VM with enough CPU cores assigned, and 2GB of memory as a minimum.

Let it boot off your Windows 10 ISO and push through setup.

You have to choose to domain join, then let it go through the setup of a local administrator account.

Once you’re at the desktop you can run the Get-AutoPilotInformation PowerShell script authored by Michal Niehaus. The script captures the Device Serial Number and Hardware Hash needed by Intune to identify the VM (device) when it calls in, more properties can be supplied such as Order ID and Purchase Order ID, but these two are all we need for testing with our own VM’s (Product ID is obsolete as noted by Michael in the comments on the scripts download page).

To ease the pain when introducing new Windows 10 VM’s to AutoPilot, I jotted down the steps I need to go through to run the script, so that I can copy\paste them into the VM when needed.

I paste this little lot into a bat file and run it in an administratively elevated command prompt:


Set-ExecutionPolicy Bypass

Net use Z: \\<IP of device where script resides>\<drive letter where script resides>$
/user:<IP>\administrator <Password>

MkDir C:\Temp

Copy Z:\*.ps1

CD C:\Temp

-OutputFile ($(Get-WmiObject Win32_Computersystem).name + “.csv”)

($(Get-WmiObject Win32_Computersystem).name + “.csv”) Z:\

Net use Z: /D

The steps are to map a network drive, and then copy and execute locally the information gathering script from Michael Niehaus which can be found here.

When run on a VM we get the CSV needed for import into Intune’s AutoPilot:

That CSV file needs to be available for a browser file dialog to select, so make sure you copy it to wherever that is.

Import the device information into Intune AutoPilot

To link the device to the service, we need to import that CSV containing the Device Serial Number and the Hardware Hash.

When OOBE runs on a device and you’ve chose the region and keyboard, it will call back to the Intune service. All Windows 10 devices performing a build will try to talk to Microsoft, this is so that they can verify if they are registered with Autopilot and initiate the work-flow if needed. If a user is assigned to the device, they will be welcomed and prompted for their password, otherwise a prompt for their username will show.

To import this device, visit the Azure portal and navigate your way to Intune.

Once there, navigate into Device Enrollment, Windows Enrollment, then click on Devices:

The ribbon should show the Import option, select it:

Choose the CSV obtained from the VM.

If it passes the verification check you’ll get a green tick, click Import:

Onboarding devices into Intune splits between setting up for new devices and setting up for existing devices.

For existing devices, you can as just one option hybrid join them to Azure AD, which automatically enrols them into Intune, and then put those devices into an Intune security group, so that Intune automatically converts them to AutoPilot enabled devices.

If you don’t want to enrol the devices into Azure AD first, and instead want to reset them so that their workflow ends up joining them to AAD and enrolling into Intune, then you’re going to need to retrieve identity information from all those existing devices, and perform the import of that meta into Intune manually.

For new devices you can hand crank the import process yourself if you have devices shipped to the local talent before delivery to users, or, you can get your box shifter to crank the handle for you.

Note the 175 device limit for CSV import. You’ll have to batch things when onboarding new devices into the production environment.

So, new devices coming in will need to have their identity extracted by the onsite talent, or if you have a box shifter providing you with equipment they can hand over this CSV whenever kit is allocated to you, and the local talent imports into Intune, or whoever sells you the devices can import the CSV directly into your tenant if you have that relationship setup with them.

If the local talent isn’t doing it, it all costs money, not much per device, and from what I hear most customers are happy adding the additional cost on for this service.

Quite a lot of small to medium sized businesses have already outsourced the maintenance\management and delivery of client devices to their users, from the big boys like HP, Dell, IBM and Microsoft (Surfaces) down to smaller resellers providing a managed service.

These resellers and OEM’s are pretty much prepared for Intune AutoPilot, if not then they are seriously lagging behind the wave of technological progress taking place right now.

Once you click Import it will notify you that the device is being imported:

Behind the scenes your Azure Tenant has a dedicated Hamster ready to begin processing any workloads assigned to the tenant, this is my one, its responsible for all the magic taking place for my configmgr2012.com tenant: