Windows Autopilot: zero touch device provisioning

Whilst there are many benefits to being able to work anywhere, from the perspective of IT, this can bring challenges when it comes to the logistics of issuing or replacing devices. 

Once the setup is complete and you’re using Endpoint Management and Application Protection, it’s greatYou can see all the registered devices and keep them protected, as well as installing and updating software. 

However, what about when devices need replacing or when it is necessary to issue equipment to new starters? You may currently have the device sent into the office, to be set up by IT with a  standardised image, that you install on all new devices, or it may need to join the domain. As a result, the new kit isn’t sent straight to the user and can involve multiple individuals in the set up and collection process, for that device.  

Windows Autopilot simplifies this process, allowing you to take advantage of zero touch device provisioning. 

What is Windows Autopilot? 

Windows Autopilot is a feature built into all new hardware running Windows 10. It’s considered a zero-touch deployment toolas it allows for new or replacement hardware to be set up automatically the first time a user signs-in to it. 

That sign-in, with your company email address, triggers a runbook of events to kick in. These could include software installs, remote domain joinapplication of company policies and user experience tweaks. The device is automatically registered with Microsoft Endpoint Management at the point of sign-in, so all user and device policies will be pushed down immediately. 

At the end of this process, the user’s device is fully set up and ready to use. This can take as little as ten minutes from first powering the device on. As the feature simply requires the user’s email address and password, when first switched on, there is no need to involve IT in the provisioning process and no ambiguity during setup. 

The end result is a streamlined, zero touch deployment solution that’s time efficient for the IT department and offers vastly improved onboarding experience for new users.  

How does it work? 

Windows Autopilot involves the collaboration of hardware vendors, Autopilot profiles and Microsoft Endpoint Manager. 

 Major vendors such as Dell, HP and Lenovo, are able to prepare devices for Windows Autopilot at the point of purchase. You simply provide your Microsoft 365 tenant information to them and they will pre-register your devices. This means that, when received by the recipient, the device is ready to enrol.  

Then you set up your Autopilot Profiles. Profiles can be used to customise a user’s onboarding experience. Typically, when setting up a new Windows device, you’ll be asked numerous questions regarding Windows featuresFor instance, whether you want to enable Cortana, location services, diagnostic information and license agreements. 

However, Autopilot profiles provide these values to the device, as default, meaning that it doesn’t need to ask the end user. They only need to enter their email address and password. You can even incorporate your company branding and welcome message into the setup, making it a more personal experience. These profiles are then assigned to pre-registered devices. 

Finally, we use Microsoft Endpoint Manager to configure our software and policies that need to be installed as part of device onboarding. During the first setup, we can push out Microsoft Office, apply the company security policy and customise user experience. 

When this process is complete, the device is fully enrolled and the user has everything they need to be productive.  

Why do I need it? 

Autopilot saves a tremendous amount of time, when compared to traditional device onboarding processes. It is likely that devices are currently sent to a central location ready for an IT technician to start the build, even if you have automated deployment tools. This can be particularly time consuming when there are multiple devices to set up, as IT will need to log-on as the individual requiring the device, so that they can complete the configuration. 

Once complete, you will need to provide the user with their device. As many people are working remotely, it may be necessary to send this out to them. Complications may result, should users have any issues when they receive their equipment. Where a device is collected from the office, this may involve further IT technician time and if there are problems in the future, the process begins again. 

Autopilot offers a solution to these issues, as devices are sent straight from the supplier to the intended recipient. There’s no requirement of IT to build the kit, they will not need to log on as the user for configuration and the logistics of handover are no longer a consideration. We set Autopilot up once and all devices are provisioned and reprovisioned the same way, to the same company standards, making the process zero touch. 

How do I get it? 

Windows Autopilot is available with Microsoft 365 Business Premium, E3 and E5. It is also available as a standalone service or as part of Enterprise Mobility and Security (EMS) E3 or E5. 

It’s highly recommended to utilise this service as part of Microsoft 365 or EMS, in order to take full advantage of the capabilities highlighted in this blog. 

If your business is less than 300 users, Microsoft 365 Business Premium is essential. It includes Endpoint Management, Identity Protection, Information Protection and the full suite of Office 365 capabilities. 

If you are over 300 users and already using Office 365 E3, adding EMS E3 will let you take full advantage of Windows Autopilot and Endpoint Management. 

How can LIMA help?  

LIMA is an expert in driving modern workplace transformation. We provide tools and resources that ensure employees can collaborate effectively and share information securely, no matter where they work.  

As a Microsoft Gold Cloud Productivity Partner, we are perfectly placed to assist our customers with evaluating and integrating solutions, from the entire Microsoft 365 stack. 

LIMA’s Microsoft 365 modern desktop assessment has been purpose built to help you move to modern management. Through this service, you can expect to receive the following high-level outcomes: 

  • Gain a holistic view of your current and future state, by reviewing capabilities across Device Management, Application Management, Group Policies and user data. 
  • Accelerate Modern Desktop transformation by aligning your business policies and processes with capabilities from Microsoft Endpoint Manager. 
  • Produce an actionable plan designed to assist you in migrating devices, policies and user data to the cloud. 

Through this powerful toolset, your business can re-architect how devices are provisioned, how applications are deployed and how your employees access their data. 

Speak to your Account Manager or email to find out more about how LIMA can help mobilise your workforce, with our Microsoft 365 Assessment Services. 

Contact us Back to News & Events

Our awards & accreditations.

For the past 20 years, we’ve been solving business challenges by designing and delivering intelligent IT solutions with a passion for technical excellence and customer satisfaction.

We’d love to hear from you.

If you have a question you'd like to ask, we’d love to answer it.
Fill in the contact form below and we’ll get back to you as soon as possible.

Head Office
6 Digital Park
Pacific Way
Salford Quays
M50 1DR
0345 345 1110
We’d love to hear from you.

If you have a question you'd like to ask, we’d love to answer it.

Contact Us

6 Digital Park
Pacific Way
Salford Quays
M50 1DR

0345 345 1110