'Zero-Touch' PC Provisioning with Microsoft's Windows AutoPilot Service
Microsoft announced a new Windows AutoPilot service this week that promises to ease the provisioning of new PCs for end users.
The service lets end users receive new Windows 10 PCs directly from the computer manufacturer, or OEM. They turn it on and the provisioning is automatic, according to Microsoft's description. IT pros don't have to reimage machines and add drivers. The service enables so-called "zero-touch" provisioning of new PCs and will skip some of the traditional out-of-the-box setup steps to get machines ready for use.
The Windows AutoPilot service currently functions with Windows 10 version 1703, the "creators update," according to Microsoft. The service, though, apparently is not yet broadly available. For organizations using Microsoft Surface devices, the Windows AutoPilot service will be arriving "later this year."
"The Surface team is working with customers and partners to roll out the Windows AutoPilot Deployment program and expects to make it broadly available to customers later this year," Microsoft explained in a TechNet blog post.
If organizations buy their Windows 10 PCs from other vendors, then they'll have to find out if the distributor participates in the Windows AutoPilot Deployment Program. Exactly when OEMs might have such support wasn't described by Microsoft.
The Windows AutoPilot service consists of three basic steps to easily provision Windows 10 machines, according to a Microsoft video. First, the PC vendor will send a "device ID file" to an organization when new hardware gets ordered. The IT department then uploads this file to the Windows AutoPilot service. Next, a deployment profile gets created and assigned to the devices. Lastly, users get the machines directly from the PC vendor, and they can just turn them on and get provisioned by signing in with their Azure Active Directory password.
Windows AutoPilot Requirements
The Windows AutoPilot service has certain requirements. The scheme is heavily dependent on using Microsoft's Azure Active Directory service. Each device needs to be registered to an organization's Azure AD tenancy.
Microsoft's Windows AutoPilot documentation seem to point to a requirement for having either Azure AD Premium P1 or P2 licensing in place, as well as a subscription to Microsoft Intune or other mobile device management (MDM) service. The service also seems to require using the Microsoft Store for Business or Partner Center admin portal.
For users with Azure AD Premium subscriptions, this service will automatically enroll users under Microsoft Intune management or another MDM solution, although IT pros need to set that up in Azure AD. It's likely that integration of the service with vendor MDM software providers is yet to come. The TechNet post explained that Microsoft is currently "working with MDM partners to integrate the AutoPilot Deployment configuration experience."
One of the benefits of the Windows AutoPilot service is the ability to upgrade devices automatically from Windows 10 Pro to Windows 10 Enterprise, with nothing required of the end user and no system reboots. However, that capability requires having Windows 10 Enterprise E3 licensing in place.
Other Windows AutoPilot Capabilities
Microsoft plans to add three new capabilities to the Windows AutoPilot service when the Windows 10 "fall creators update" gets released. The Windows 10 fall creators update likely will appear in September or October as a "monthly channel" release (see Microsoft's lingo changes here).
One of those new capabilities will be the ability to reset a device to a "business-ready state." These reset devices will retain Active Directory domain join and MDM enrollment states, Microsoft promised.
Another new feature coming with the Windows 10 fall creators update will be a "self-service Active Directory domain join" feature. Lastly, it will be possible to "preassign a new Windows 10 device to a specific user" to deliver a "highly personalized" out-of-the-box provisioning experience.
Microsoft also indicated that end users will see some sort of indicator of progress during the device provisioning process, but that capability will arrive with the Windows 10 fall creators update.
New Device Health
Tucked into Microsoft's Windows AutoPilot announcement was a note about a new addition to the Windows Analytics feature of the Microsoft Operations Management Suite (OMS). The addition, called "Device Health," is a service that purportedly tracks issues that could affect the experience of end users on Windows 10 devices.
Device Health will "soon be available to preview, with general availability expected later this year," Microsoft's announcement stated.
OMS is Microsoft's solution for managing public cloud workloads, but it also has some features that are designed for managing PCs. For instance, OMS has an Upgrade Readiness feature and an Update Compliance feature as part of Windows Analytics. The new Device Health feature is just the latest Windows Analytics tool along those lines. Microsoft sometimes suggests that these Windows Analytics features can be used without having to pay for an OMS subscription.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.