21/03/2025
Featured Header - Getting Started with Windows Autopilot
Azure Active Directory / Beginner's Guide Series / Microsoft Azure / Microsoft EndPoint Management / Microsoft Intune / Windows 10 / Windows AutoPilot

Getting started with Windows Autopilot

Nicky De Westelinckby Nicky De Westelinck

Welcome back to another post in my Beginner’s Guide series. It’s all about getting started with Windows Autopilot, so if you are new to this subject maybe this post can be interesting for you.

Windows Autopilot is a near Zero-Touch deployment for Windows 10/11 devices. It will give the end-users an Out-Of-The-Box experience. The only interaction the end-users need to do is connect their device to the internet and sign in with their Azure Active Directory credentials.

Windows Autopilot - Modern Provisioning

I’m not going to get into detail on what Windows Autopilot is, but if you are interested in those details be sure to visit the Microsoft Docs page here.

Requirements

Operating System

One of the following Windows Operating Systems is supported for Windows Autopilot:

Windows 10

A supported version of Windows 10 Semi-Annual Channel or Windows 10 General Availability Channel is required. Check for supported versions on this link from Microsoft Docs.

  • Windows 10 Pro, Pro Education, Pro for Workstations
  • Windows 10 Enterprise
  • Windows 10 Education

Windows 11

Use a supported version of Windows 11. Check this link on Microsoft Doc for supported versions.

  • Windows 11 Pro, Pro Education, Pro for Workstations
  • Windows 11 Enterprise
  • Windows 11 Education

Networking

For all network-related requirements, be sure to check out this page on Microsoft Docs.

Licensing

One of the following licenses needs to be assigned to use Windows Autopilot:

  • Microsoft 365 Business Premium
  • Microsoft 365 F1/F3
  • Microsoft 365 Academic A1/A3/A5
  • Microsoft 365 Enterprise E3/E5
  • Enterprise Mobility + Security E3/E5
  • Intune for Education
  • Azure Active Directory Premium P1/P2 and Microsoft Intune

Create a Windows Autopilot dynamic device group

The first thing that we are going to do is to create an Azure AD dynamic device group. It’s similar to creating a Dynamic User group (I already wrote an article on how to create an Azure AD Dynamic User Group here). But for this article, I’ll go through the steps for creating an Azure AD Dynamic Device group.

Go to https://endpoint.microsoft.com/ => Groups => New group

Getting started with Windows Autopilot

Now let’s create a Dynamic Device group named GRP_MEM_DD_All_Windows_Autopilot_Devices. Why do I use this name convention? You definitely need to read Tim Hermie‘s (Microsoft MVP on Enterprise Mobility) article on How to bring structure in your MEM/Intune projects.

Choose New group and fill in the following. Be sure to choose Dynamic Device at the Membership type dropdown menu.

Before saving this group, click on Add dynamic query and choose Edit.

Enter de following Rule syntax and click OK.

(device.devicePhysicalIDs -any (_ -contains "[ZTDID]"))
Getting started with Windows Autopilot

Now click Save to save your dynamic rule syntax.

Click Create at the bottom of the page to create your group.

Your group is now ready to use. It can take up to a few seconds before the new group is shown in your Groups list, so don’t worry if it’s not immediately there. Now let’s go to the next part, creating our Windows Autopilot Deployment profile.

Create a Windows Autopilot deployment profile

Autopilot deployment profiles are used to configure the Autopilot devices. You can create up to 350 profiles per tenant.

Go to https://endpoint.microsoft.com/ => Devices => Enroll devices => Windows Enrollment and choose Deployment Profiles under the Windows Autopilot Deployment Program section.

Choose + Create profile and choose Windows PC. We are going to create an Azure AD Join profile in our example.

The first step is to give a name to your profile, for example, Azure AD Joined Deployment Profile. Keep the Convert all targeted devices to Autopilot set on No. Then choose Next.
We will keep it simple here, but you can create multiple profiles for different types of devices.

In the following steps, we are going to use the defaults as shown in the screenshot below. For more advanced profile settings, be sure to check Microsoft Docs. For our example, we are going to keep it simple.

NOTE: If you want to know the details of the settings, just hover over the information icon and the information will appear.

Choose Next, to get to the Assignments screen. Choose Add groups, search for the Dynamic Device group we’ve created in the previous step, and choose Select.

Be sure the group is shown in de groups list and choose Next.

Double-check the overview screen and choose Create. The deployment profile is ready to use.

Click on Refresh and your profile should be ready and visible.

So, these are the first (basic) steps in Getting Started with Windows Autopilot. Now that we set up the basics, our next step will be to add a device to Windows Autopilot. This will be discussed in a new blog post, that will be coming very soon. So stay tuned!

NOTE: Be sure to regularly check out the What’s new in Windows Autopilot page. This will keep you updated on any new features.

Nicky De Westelinck

Nicky De Westelinck is a Modern Workplace Expert for Arxus with several years of experience in Microsoft 365. His main focus is Microsoft Intune and Microsoft 365 Administration. He is also a Microsoft Certified Trainer since 2021.

View all posts by Nicky De Westelinck →

You might also like

How to organize your Microsoft Intune setup like a Rockstar

How to organize your Microsoft Intune deployments like a Rockstar – Part 2

How to disable Admin-Controlled Migration to new Outlook with Microsoft Intune

How to disable Admin-Controlled Migration to new Outlook for Windows with Microsoft Intune

How to disable Internet Explorer with Microsoft Intune

How to disable Internet Explorer with Microsoft Intune