This blogpost is about creating a Windows 10 AutoPilot deployment profile based on a Azure AD joined scenario via Microsoft 365 or Microsoft Intune.
Creating the profile
Go to https://devicemanagement.microsoft.com/ and log on.
Go to Devices and to Windows:
After that click on “Windows Enrollment”:
We first need to setup automatic enrollment. Click on automatic enrollment:
You need the configure the MDM user scope. You can select a group or enable it for all users. I have test tenant so I have enabled it for all users:
Windows Hello for Business and the Enrollment Status Page are optional to configure:
We first need to create a dynamic group. Go to https://portal.azure.com/ and go to Azure Active Directory:
Go to groups:
Click on New group:
Name the group and click on add dynamic query:
The dynamic query must be stated like this:
This is the query: (device.devicePhysicalIDs -any (_ -contains “[ZTDId]”))
This query is needed to have Autopilot devices targetted which where uploaded via CSV upload. If you want to know how to do so click on this link:
For testing purpose to include Virtual Machines I have used the query:
(device.deviceModel -contains “Virtual”)
Now it is time to create the AutoPilot profile, click on Deployment Profiles:
Click on “Create Profile”
Name the policy and select the “Convert all targeted devices to Autopilot”:
Select the following options in the profile:
In addition, You can choose to allow White Glove OOBE, I enabled it by default.
At assignments select the dynamic group created earlier:
At review and create check your settings and click on create!
If you have done everything right and uploaded your devices to Microsoft 365 you should see this when you boot your AutoPilot device for the first time:
You enter your company credentials and your device will be enrolled.