Automatic add existing Windows 10 devices to Windows AutoPilot

A few weeks ago I wrote a blog about “How to setup Windows AutoPilot and add existing devices the quickest way”. At that time I meant with “existing devices”, devices that were not yet in use but were already delivered to the company without being added to AutoPilot.

What I didn’t cover in my blog were the Windows 10 devices that are already in use. A few days after I posted my blog, Microsoft added a new feature in Microsoft Intune to add existing Windows 10 devices that are already in use “Windows AutoPilot ready” in a very easy and quick way. For me a good reason to write another blog about AutoPilot to show you this great new feature.

Current situation

For this blog I have the following assumptions;

  • You have Windows AutoPilot already up and running in your Azure tenant like described in my previous blog
  • You have Windows 10 devices in use that are currently managed by Microsoft Intune but are not registered with Windows AutoPilot.

In my demo environment I have one Microsoft Surface 4 pro that is already assigned to a AutoPilot profile. I also have a new virtual Windows 10 machine that is managed by Microsoft Intune but is not registered with Windows AutoPilot.

How to make Windows 10 devices “Windows AutoPilot ready” automatically

Open the Azure Portal and navigate to Azure Active Directory > Groups and click on the “+ New Group” button.

We have to create a group to scope the Windows 10 devices we want to add to a Windows AutoPilot profile. There are several ways to do this. For this example I will use a very simple way, I will just add all Windows devices. But in production environments you probably also want to filter on Windows 10 build version (for example, at least Windows 10 build 1709 or 1803).

Configure the following settings;

Group type : Security
Group name : All Windows devices (in my case)
Group description : All Windows devices (in my case)
Membership type : Dynamic type

For the Dynamic membership rules I configured the following settings;

Add devices were : deviceOSTypeContains Windows

Create the group.

After a few minutes all Windows devices will be added to the Members of the new created group. In my case only my new virtual machine.

Navigate to Microsoft Intune > Device enrollment > Windows enrollment > Deployment Profiles and open the AutoPilot profile you want to apply to all the Windows devices (or with a filter depending on the dynamic group conditions). On the Assigned devices page you only see the current AutoPilot devices at this moment.

Open the Properties page and set Convert all targeted devices to AutoPilot to Yes. Click on the Save button.

Open the Assignments page and click on Select groups to include.

Add the dynamic Azure AD group created in the first steps (in my case the All Windows devices group) and click Save.

After a few minutes the Windows devices will become visible on the Assigned devices page. At this moment the devices are “Windows AutoPilot ready”.

To test this, I will reset my virtual machine completely.

After the virtual machine is ready with resetting Windows 10 the Windows AutoPilot shows up!

8 comments

  • Hello Robin. first thanks fou your great Blog about Intunes Autopilot:-) i just configured those settings with Automatic add existing Windows 10 devices to Windows AutoPilot. My question about this is, if i have configured that, do i still need to import the HardwareID to be able set up a device with autopilot? bcs under assigned device i still see only the device i did the test with autopilot before with imported HardWareID…..thanks in advance

    • Hi Kaya, there is no need to import the HardwareID anymore when using this feature. If the machine is not popup in the assignments that there is something wrong with the dynamic group. Make sure you have configured the correct filters for that.

  • Hi Robin, hmmm strange…i created that AutoPilot group (with Name WindowsAutoPilotReady) exactly how you described in this post, but still see no other devices under assigned devices…!? If i go to Members ( Groups – All groups>WindowsAutoPilotReady>Members, i see many devices. do you know what i did wrong, that i still not see them under assigned device?
    thanks and kind regards

  • Hi Robin, sorry i can not follow you with your advice to type the expression by myself…i created this Group exactly like u described in this new Blog. i did not to had to type anything when i create a that Group…i choose the Type (Security) Give a GroupName (typed the groupname) chooses Membership type (= Dynamic Device) then under add dynamic query i also could choose deviceOSType, and contains and just had to Type Windows in the last field. thats it…..i just saw in your blog that the Windows 10 devices in use have to be currently managed by Microsoft Intune, in my case there are only a few devices who have the status MDM and Intune and there are some iphones and not windows, is this maybe a possible reason?
    thanks in advance and kind regards

    • Hi Kaya, sorry, I was looking in advanced rule: (device.deviceOSType -all “Windows”). When configuring in Simple Rule, like described in this blog it should work like you said. It is not a requirement that the devices are managed by Microsoft Intune for group membership. They have to be registered in Azure AD, that’s all.

  • This seems to work for newly joined and intune enrolled windows systems, but not the existing machines in aad, that aren’t part of intune. I had set this up once before hoping it’d work and deleted it when I saw no change. This time I joined a machine from oobe and it is now an assigned device.

About Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close