Rubix

View Original

How to configure Autopilot Device Preparation Part 2: User Experience

In part 1 we looked at the step-by-step process for configuring the Autopilot device preparation policy. Today, we’ll look at the end user experience and the ways this experience differs from Autopilot V1. I’ll also show you how critical Windows Pro VS Enterprise is for this version of provisioning.

You can follow along with this guide using either a physical PC or virtual machine. For info on setting up Hyper-V machines to use for testing, check my write-up on it here: Hyped-up Hyper-V — Rubix (getrubix.com)

Boot up and get started

Start up your physical PC or virtual machine and wait until you see the “Choose your country or region” selection screen. To verify what version of Windows you’re using, type fn+Shift+F10 to open the cmd prompt and type winver and hit return.

This will show you two important things:

  • First, if you’re using Windows 11 Pro or Enterprise. This will affect the screens you will see during the out-of-box experience (OOBE)

  • Second, you will see the Windows build number. The minimum requirement for Autopilot device preparation is 22631.3374 (Windows 23H2) or 22621.3374 (Windows 22H2). I have personally only tested 23H2 and the 24H2 insider build.

Choose your region and click yes.

On the next screens, choose your keyboard type and then decide whether to add a second keyboard or not (I have chosen to hit Skip).

No longer hidden

Now we come to three screens that were hidden in Autopilot V1. This is due to the flow of V2 and the fact that the hardware is no longer pre-registered to the tenant. In fact, the Autopilot profile in this version won’t come down to the device until after the user signs in, so we’re working with a pure, OOBE.

Keep in mind, two of these screens can be skipped by using Windows 11 Enterprise.

End user license agreement (EULA)

This page will be shown for both Windows 11 Pro and Enterprise versions.

  • Click Accept on the License Agreement page.

Device name

This will only be shown in Windows 11 Pro, however it is the most problematic given that in most situations, an organization will NOT want an end user to name their own PC.

If need be, the computer name can be changed again via a PowerShell script deployed through Intune after enrollment.

  • We will click on Skip for now.

Personal or work/school

Probably one of the most critical OOBE screens, this will also not be shown in Windows 11 Enterprise. Here, the end user can choose Set up for personal use or Set up for work or school.

In order for Autopilot V2 to work, you need to select the work/school option. Otherwise, the PC will be expecting a consumer Microsoft account and not an Entra ID.

  • To continue with Autopilot enrollment, choose Set up for work or school

  • Click Next

On the sign-in screen, the PC is expecting an enterprise or education account.

  • Enter your M365 credentials and click Next

Once you enter your email, you should see the corporate logo on the next screen.

  • Enter your password and click Sign in

We are now in Autopilot

Assuming the user you signed in with is part of the group that is assigned the device preparation profile, you will start seeing the setup screen and the new status page.

Start the setup

The new status page is quite different, only showing the user the overall setup progress of the PC.

So far from my testing, it seems like the numbers correlate to the following:

  • 1% = Intune management extension has started installing

  • 3% = Apps and scripts start installing

  • 3-100% = profit?
    It looks like it just jumps to 100% over the next few minutes depending on what you’re installing, stopping at random percentages along the way. I’m not really sure if there’s any deeper tracking happening here until it is complete.
    [IMAGE 13]

Once the required setup is complete, click Next

This is private

The last screen that is no longer skipped with Autopilot is the device privacy settings. These can also be configured through Intune and applied to the device after enrollment.

For now, just scroll to the bottom of the settings and click Accept.

Looks like we made it

After the privacy settings, the device should start preparing the user profile. Once completed, you will now be on the fully enrolled and managed desktop.

That’s it for today. There are definitely more screens visible in the OOBE compared to original Autopilot, but that seems to be the trade-off for not requiring hardware registration.

In the next part, we’ll zoom out and look at the actual flow of device preparation and what’s happening behind the scenes.