A few weeks ago I wrote a blog about “How to setup Windows AutoPilot and add existing devices the quickest way”. At that time I meant with “existing devices”, devices that were not yet in use but were already delivered to the company without being added to AutoPilot.
What I didn’t cover in my blog were the Windows 10 devices that are already in use. A few days after I posted my blog, Microsoft added a new feature in Microsoft Intune to add existing Windows 10 devices that are already in use “Windows AutoPilot ready” in a very easy and quick way. For me a good reason to write another blog about AutoPilot to show you this great new feature.
For this blog I have the following assumptions;
- You have Windows AutoPilot already up and running in your Azure tenant like described in my previous blog
- You have Windows 10 devices in use that are currently managed by Microsoft Intune but are not registered with Windows AutoPilot.
In my demo environment I have one Microsoft Surface 4 pro that is already assigned to a AutoPilot profile. I also have a new virtual Windows 10 machine that is managed by Microsoft Intune but is not registered with Windows AutoPilot.
How to make Windows 10 devices “Windows AutoPilot ready” automatically
Open the Azure Portal and navigate to Azure Active Directory > Groups and click on the “+ New Group” button.
We have to create a group to scope the Windows 10 devices we want to add to a Windows AutoPilot profile. There are several ways to do this. For this example I will use a very simple way, I will just add all Windows devices. But in production environments you probably also want to filter on Windows 10 build version (for example, at least Windows 10 build 1709 or 1803).
Configure the following settings;
Group type : Security
Group name : All Windows devices (in my case)
Group description : All Windows devices (in my case)
Membership type : Dynamic type
For the Dynamic membership rules I configured the following settings;
Add devices were : deviceOSType – Contains – Windows
Create the group.
After a few minutes all Windows devices will be added to the Members of the new created group. In my case only my new virtual machine.
Navigate to Microsoft Intune > Device enrollment > Windows enrollment > Deployment Profiles and open the AutoPilot profile you want to apply to all the Windows devices (or with a filter depending on the dynamic group conditions). On the Assigned devices page you only see the current AutoPilot devices at this moment.
Open the Properties page and set Convert all targeted devices to AutoPilot to Yes. Click on the Save button.
Open the Assignments page and click on Select groups to include.
Add the dynamic Azure AD group created in the first steps (in my case the All Windows devices group) and click Save.
After a few minutes the Windows devices will become visible on the Assigned devices page. At this moment the devices are “Windows AutoPilot ready”.
To test this, I will reset my virtual machine completely.
After the virtual machine is ready with resetting Windows 10 the Windows AutoPilot shows up!