👉 In today's video, I will talk about Windows Autopilot Device Preparation, which is recently introduced by Microsoft. Windows Autopilot Device Preparation is used to set up and configure new devices, getting them ready for productive use. Its goal is to simplify device deployment by delivering consistent configurations, enhancing the overall setup speed, and improving troubleshooting capabilities.
This works really well and works better than regular autopilot. Reduces all the work and stress helpdesk and desktop techs do when setting up and provisioning devices. You still need to install Windows 11 and do a little on the backend but that should not take to long. Just install from ISO and hand it over to the user and that's it. Time to watch RUclips for the rest of the day..
I was getting an enrollment error, After watching your tutorial I saw that the device platform restriction of the personal devices was set to 'Block. Thanks for removing the blocker for me. :)
Hey Chander! How are you? I have a question about your video! The latest video for the New Windows Autopilot Device Preparation video, when you created the Windows autopilot preparation security group. You went back to add an "Owner" and the owner you added was named "Intune Provisioning Client" Under the ENTERPRISE APPLICATIONS tab. Normally, I would add an Owner before hitting the create button on the security group BUT the owner that I usually would add is a PERSONS name, like Myself for instance but in this security group you went under Enterprise Applications and added Intune Provisioning Client! Your method is NEW to me! Is this the METHOD NEEDED for this new approach specifically for the New Windows Autopilot Device Preparation deployment process?
Is TPM a required setting for Auto pilot or can it be deactivated. I have a new Lenovo machine that failed at TPM is if stop it being requirement will it work?
Is it necessary to assign apps and scripts to a device group as we see in the video when we have to assign again manually the apps and scripts in the device preparation tool profile.
I would think that if there is not an assignment under apps, once Company portal syncs with Intune it would automatically uninstall those apps you installed during enrollment. Or not install at all if it needs to be assigned in apps for it to even work through autopilot.
@@ChanderManiPandey So is this only working with Windows 11 Insider editions, like 24H2? If I use the windows media creation tool that creates a bootable USB, it fails. If I use 24H2 it works. Where else can I download it? The requirements state "Windows 11, version 23H2 with KB5035942 or later - Windows installation media dated April 2024 or later has KB5035942 included." I created a bootable USB yesterday and it failed.
Also, under that Enterprise Applications list, I have 7 applications there by DEFAULT, but the one you selected, "Intune Provisioning Client" IS NOT listed as one for me to choose from? How did you get to select that specific name?
You can search for the AppID instead of the username: f1346770-5b25-470b-88bd-d5744ab7952c. The Service Principal may be named Intune Autopilot ConfidentialClient as well.
Vividly explained 👍🏼 But I have question, apps and scripts needs to be selected during the autopilot device preparation profile creation time right? If so why did you deploy apps and scripts to the device group upfront?
I followed all the steps in this video, and tried this with a fresh Windows 11 Enterprise installation in a Hyper V VM Gen2 with TPM and secure boot on. But the autopilot didnt start after loging in with my account which is added to the autopilot user group. I have no idea why it doesnt work. Any suggestion on where it could go wrong for me? The VM has an working internet connection.
well explained, do we any option to setup a hostname for enroll device automatically, any policy that can setup a hostname which can manage by Device preparation, not manually set up by end-user?
Hi @chanderManiPandey another wonderful and Informative video, is there any way you can tell us that shall we make a dynamic group for user or is manual one is good enough ?
After the OBE the device is not showing as a member of the "autopilot device group" even though I followed the steps given in your video, am I missing something?. However, the device is showing under Devices section.
@@ChanderManiPandey Yes, Autopilot is working but for some reason, the device ends up in the devices rather than in the designated group. Tried with a couple of more devices and they seem to work as intended. Thank you.
i'm in the same situation, the device is not appearing in the device group or in the Windows autopilot device preparation deployments , but i can see it under devices tab, and i checked the machines and are fully functional, i even tried the Fresh Star or Autopilot reset and they are working fine.
You have to run following command and create it. Install-Module azuread Connect-AzureAD New-AzureADServicePrincipal -AppId f1346770-5b25-470b-88bd-d5744ab7952c
In some tenants, the service principal might have the name of Intune Autopilot ConfidentialClient instead of Intune Provisioning Client. As long as the AppID of the service principal is f1346770-5b25-470b-88bd-d5744ab7952c, it's the correct service principal.
@ChanderManiPandey yes there is a lot missing in this new version, such as accept EULA, privacy settings, device naming, locale and keyboard selection. I'll imagine MS will add them later. For now I think the Autopilot 1 is still better. Good video BTW.
I'm wondering how long it took for you to complete the process. On my end, everything works except that the preparation process ended up incomplete. The only difference i can tell from your video is that the duration, which I used the default time - 30 minutes.
I tried 60 minutes but no luck. I even tried without any apps nor scripts. To my surprise it worked the very first time but failed ever since. Not sure if it's a system glitch. Anyway thanks for the video and feedback. @ChanderManiPandey
if you already have working windows autopilot (v1), then V2 doesn't work simultaneously. V1 always takes the precedence and give me ESP page. how to fix it.
@@ChanderManiPandey Thanks for replying, Yes I have removed the Hash from the tenant. If I format the device and install Windows, I can use it like a normal home device. as soon as I format and try my company ID, it goes to ESP.
👉 In today's video, I will talk about Windows Autopilot Device Preparation, which is recently introduced by Microsoft.
Windows Autopilot Device Preparation is used to set up and configure new devices, getting them ready for productive use. Its goal is to simplify device deployment by delivering consistent configurations, enhancing the overall setup speed, and improving troubleshooting capabilities.
You work at Microsoft MVP department I think?
No
This works really well and works better than regular autopilot. Reduces all the work and stress helpdesk and desktop techs do when setting up and provisioning devices. You still need to install Windows 11 and do a little on the backend but that should not take to long. Just install from ISO and hand it over to the user and that's it. Time to watch RUclips for the rest of the day..
This actually helped me understand the Autopilot v2. Thanks
❤️
I was getting an enrollment error, After watching your tutorial I saw that the device platform restriction of the personal devices was set to 'Block. Thanks for removing the blocker for me. :)
Hey Chander! How are you? I have a question about your video! The latest video for the New Windows Autopilot Device Preparation video, when you created the Windows autopilot preparation security group. You went back to add an "Owner" and the owner you added was named "Intune Provisioning Client" Under the ENTERPRISE APPLICATIONS tab.
Normally, I would add an Owner before hitting the create button on the security group BUT the owner that I usually would add is a PERSONS name, like Myself for instance but in this security group you went under Enterprise Applications and added Intune Provisioning Client! Your method is NEW to me! Is this the METHOD NEEDED for this new approach specifically for the New Windows Autopilot Device Preparation deployment process?
Yes, this is by design and the owner must be the same.
Is TPM a required setting for Auto pilot or can it be deactivated. I have a new Lenovo machine that failed at TPM is if stop it being requirement will it work?
TPM is minimum requirement for win 11.
devices werent auto added to device group. intune provisioning client is the owner if the group. What am I doing wrong
Check OS version is supported or not.
Is it necessary to assign apps and scripts to a device group as we see in the video when we have to assign again manually the apps and scripts in the device preparation tool profile.
Yes, if you are not assigning the apps and scripts, they will not be installed during Autopilot.
I would think that if there is not an assignment under apps, once Company portal syncs with Intune it would automatically uninstall those apps you installed during enrollment. Or not install at all if it needs to be assigned in apps for it to even work through autopilot.
Really good explanation! Thank you so much.
Glad you enjoyed it!🙂
@@ChanderManiPandey So is this only working with Windows 11 Insider editions, like 24H2? If I use the windows media creation tool that creates a bootable USB, it fails. If I use 24H2 it works. Where else can I download it? The requirements state "Windows 11, version 23H2 with KB5035942 or later - Windows installation media dated April 2024 or later has KB5035942 included." I created a bootable USB yesterday and it failed.
This support starts from windows 11 specific version which i mentioned in video.
is this device configured as a corporate device or personal, means the Autopilot v2 supports corporate or personal devices?
Both , we can use corporate device identifier and block personal enrollment
Also, under that Enterprise Applications list, I have 7 applications there by DEFAULT, but the one you selected, "Intune Provisioning Client" IS NOT listed as one for me to choose from? How did you get to select that specific name?
Run these commands
install-module azuread
Connect-AzureAD
New-AzureADServicePrincipal -AppId f1346770-5b25-470b-88bd-d5744ab7952c
You can search for the AppID instead of the username: f1346770-5b25-470b-88bd-d5744ab7952c. The Service Principal may be named Intune Autopilot ConfidentialClient as well.
@@ChanderManiPandey the new name is Intune Autopilot ConfidentialClient
Vividly explained 👍🏼
But I have question, apps and scripts needs to be selected during the autopilot device preparation profile creation time right? If so why did you deploy apps and scripts to the device group upfront?
You also have to deploy as required on the group as well as select in preparation policy..It's mandatory..
I followed all the steps in this video, and tried this with a fresh Windows 11 Enterprise installation in a Hyper V VM Gen2 with TPM and secure boot on. But the autopilot didnt start after loging in with my account which is added to the autopilot user group. I have no idea why it doesnt work. Any suggestion on where it could go wrong for me? The VM has an working internet connection.
Windows os versions?
@@ChanderManiPandey im using Win 11 Enterprise 23H2 10.0.22631 build 22631
Actually, I don't even see the logs within "Monitor." Tried on another device. User has an intune license with E3. I meet all the requirements
Recheck again you are missing some prequeites
Os versions supported
Personal enrollment block or not
Configuration etc
well explained, do we any option to setup a hostname for enroll device automatically, any policy that can setup a hostname which can manage by Device preparation, not manually set up by end-user?
We can use this after Ap
ruclips.net/video/f8usWIBmu20/видео.htmlsi=dlV50KZetzVL4cTJ
@@ChanderManiPandey thanks Chander, this will work for me in production environment.
Hey Chnader, could please share url for corporate device identifier video.
Hey Chander, could please share url for corporate device identifier video.
ruclips.net/video/-8pfyDvPEgg/видео.htmlsi=rLE9ITPoVkKxzh_b
Hi @chanderManiPandey another wonderful and Informative video, is there any way you can tell us that shall we make a dynamic group for user or is manual one is good enough ?
Thanks. We can create dynamic user group. May I know what is your exact requirement ?
After the OBE the device is not showing as a member of the "autopilot device group" even though I followed the steps given in your video, am I missing something?. However, the device is showing under Devices section.
Are you able to perform Autopilot via this method?
@@ChanderManiPandey Yes, Autopilot is working but for some reason, the device ends up in the devices rather than in the designated group. Tried with a couple of more devices and they seem to work as intended. Thank you.
i'm in the same situation, the device is not appearing in the device group or in the Windows autopilot device preparation deployments , but i can see it under devices tab, and i checked the machines and are fully functional, i even tried the Fresh Star or Autopilot reset and they are working fine.
Hi @ChanderManiPandey I am facing similar issues as @sunny-handa. Are there any resolution for this issue?
So u r also getting ESP screen?
@@ChanderManiPandey Yes -The device added as corporate-owned device and not is not showing as a member of the "autopilot device group"
It will be added when u r performing ApV2 after entering username and password...
@@ChanderManiPandey ApV2 not working as you demo in your video.The device resisted in AZ and join to Intune as corporate device.
Amazing video. Thank you
Thanks
Its really helpful. thank you.
Thanks
dont see service principal called Intune provisioning client. how to enable it?
You have to run following command and create it.
Install-Module azuread
Connect-AzureAD
New-AzureADServicePrincipal -AppId f1346770-5b25-470b-88bd-d5744ab7952c
@@ChanderManiPandey thank you sir
In some tenants, the service principal might have the name of Intune Autopilot ConfidentialClient instead of Intune Provisioning Client. As long as the AppID of the service principal is f1346770-5b25-470b-88bd-d5744ab7952c, it's the correct service principal.
Yes, if Id is matching then use the same.
So autopilot only support for windows 11?
Autopilot v2 support is started from specific version of win11.
Is there a way to not give the user the option to choose setup for personal use, and just setup for work or school ?
Use autopilot with hardware hash.
With this option I think not possible.
@ChanderManiPandey yes there is a lot missing in this new version, such as accept EULA, privacy settings, device naming, locale and keyboard selection. I'll imagine MS will add them later. For now I think the Autopilot 1 is still better. Good video BTW.
Thanks
Where we can get windows autopilot Provisioning client app
It's an enterprise application
@@ChanderManiPandey correct. But am unable to find this app in azure enterprise app portal
Kindly let me know how to create this app
Run these commands
install-module azuread
Connect-AzureAD
New-AzureADServicePrincipal -AppId f1346770-5b25-470b-88bd-d5744ab7952c
Thanks for your quick response, first connect the graph app then run commands, or directly run the comments in power shell in one of device
I'm wondering how long it took for you to complete the process. On my end, everything works except that the preparation process ended up incomplete. The only difference i can tell from your video is that the duration, which I used the default time - 30 minutes.
It takes time.
How many apps you have in your policy?
Can you try with 60min..
Any error logged in device prepration report?
I tried 60 minutes but no luck. I even tried without any apps nor scripts. To my surprise it worked the very first time but failed ever since. Not sure if it's a system glitch. Anyway thanks for the video and feedback. @ChanderManiPandey
we did not see you try to log into that machine using Entra-ID
I actually did. That part I skipped in video.
May I know if you have specific question?
if you already have working windows autopilot (v1), then V2 doesn't work simultaneously. V1 always takes the precedence and give me ESP page. how to fix it.
Remove hardware hash for that Machine
@@ChanderManiPandey Thanks for replying, Yes I have removed the Hash from the tenant. If I format the device and install Windows, I can use it like a normal home device. as soon as I format and try my company ID, it goes to ESP.
What is the OS version?
@@ChanderManiPandey i made sure its 23h2 latest one since old version wont support it. I watched your video very carefully.
Technically it should not give you ESP if the device HH is already removed..
For testing,If possible can you try on any other machine?