Configure Autopilot profiles
- Windows 10
- Windows Holographic, version 2004 or later
After you have created a device group, you can apply a Windows Autopilot deployment profile to each device in the group. Deployment profiles determine the deployment mode, and customize the OOBE for your end users.
Create an Autopilot deployment profile
Autopilot deployment profiles are used to configure the Autopilot devices. You can create up to 350 profiles per tenant.
In the Microsoft Endpoint Manager admin center, choose Devices > Windows > Windows enrollment > Deployment Profiles > Create Profile > Windows PC or HoloLens. This article explains how to set up Autopilot for Windows PC. For more information about Autopilot and HoloLens, see Windows Autopilot for HoloLens 2.
On the Basics page, type a Name and optional Description.
If you want all devices in the assigned groups to automatically convert to Autopilot, set Convert all targeted devices to Autopilot to Yes. All corporate owned, non-Autopilot devices in assigned groups will register with the Autopilot deployment service. Personally owned devices won't be converted to Autopilot. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot will enroll it. After a device is registered in this way, disabling this option or removing the profile assignment won't remove the device from the Autopilot deployment service. You must instead remove the device directly.
On the Out-of-box experience (OOBE) page, for Deployment mode, choose one of these two options:
- User-driven: Devices with this profile are associated with the user enrolling the device. User credentials are required to enroll the device.
- Self-deploying (preview): (requires Windows 10, version 1809 or later) Devices with this profile aren't associated with the user enrolling the device. User credentials aren't required to enroll the device. When a device has no user associated with it, user-based compliance policies don't apply to it. When using self-deploying mode, only compliance policies targeting the device will be applied.
Options that appear dimmed or shaded are currently not supported by the selected deployment mode.
In the Join to Azure AD as box, choose Azure AD joined.
Configure the following options:
End-user license agreement (EULA): (Windows 10, version 1709 or later) Choose if you want to show the EULA to users.
Privacy settings: Choose if you want to show privacy settings to users.
The default value for the Diagnostic Data setting varies between Windows versions. For devices running Windows 10, version 1903, the default value is set to Full during the out-of-box experience. For more information, see Windows Diagnostics Data
Hide change account options (requires Windows 10, version 1809 or later): Choose Hide to prevent change account options from displaying on the company sign-in and domain error pages. This option requires company branding to be configured in Azure Active Directory.
User account type: Choose the user's account type (Administrator or Standard user). We allow the user joining the device to be a local Administrator by adding them to the local Admin group. We don't enable the user as the default administrator on the device.
Allow White Glove OOBE (requires Windows 10, version 1903 or later; additional physical requirements): Choose Yes to allow pre-provisioning support.
The white glove feature has been renamed to pre-provision. References to White Glove OOBE in Intune refer to the Autopilot pre-provisioning process.
When setting this to No (blocking pre-provisioning), be aware that it will still be possible to press the Windows key five times during OOBE to invoke pre-provisioning and progress down that path. However, Intune will subsequently enforce this setting and you will encounter a red screen indicating pre-provisioning failure with error code 0x80180005.
Apply device name template (requires Windows 10, version 1809 or later, and Azure AD join type): Choose Yes to create a template to use when naming a device during enrollment. Names must be 15 characters or less, and can have letters, numbers, and hyphens. Names can't be all numbers. Use the %SERIAL% macro to add a hardware-specific serial number. Or, use the %RAND:x% macro to add a random string of numbers, where x equals the number of digits to add. You can only provide a pre-fix for hybrid devices in a domain join profile.
Language (Region)*: Choose the language to use for the device. This option is only available if you chose Self-deploying for Deployment mode.
Automatically configure keyboard*: If a Language (Region) is selected, choose Yes to skip the keyboard selection page. This option is only available if you chose Self-deploying for Deployment mode.
On the Assignments page, choose Selected groups for Assign to.
Choose Select groups to include, and choose the groups you want to include in this profile.
If you want to exclude any groups, choose Select groups to exclude, and choose the groups you want to exclude.
On the Review + Create page, choose Create to create the profile.
Intune will periodically check for new devices in the assigned groups, and then begin the process of assigning profiles to those devices. This process can take several minutes to complete. Before deploying a device, ensure that this process has completed. You can check under Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program where you should see the profile status change from "Unassigned" to "Assigning" and finally to "Assigned."
Edit an Autopilot deployment profile
After you've created an Autopilot deployment profile, you can edit certain parts of the deployment profile.
In the Microsoft Endpoint Manager admin center, choose Devices > Windows > Windows enrollment > Deployment profiles.
Select the profile you would like to edit.
Select Properties on the left to change the name or description of the deployment profile. Click Save after you make changes.
Click Settings to make changes to the OOBE settings. Click Save after you make changes.
Changes to the profile are applied to devices assigned to that profile. However, the updated profile won't be applied to a device that has already enrolled in Intune until after the device is reset and reenrolled.