Pre-provision Microsoft Entra join: Configure and assign the Enrollment Status Page (ESP)

• Applies to:

  ✅ Windows 11, ✅ Windows 10

Autopilot for pre-provisioned deployment Microsoft Entra join steps:

• Step 1: Set up Windows automatic Intune enrollment
• Step 2: Allow users to join devices to Microsoft Entra ID
• Step 3: Register devices as Autopilot devices
• Step 4: Create a device group

• Step 5: Configure and assign Autopilot Enrollment Status Page (ESP)

• Step 6: Create and assign Autopilot profile
• Step 7: Assign Autopilot device to a user (optional)
• Step 8: Technician flow
• Step 9: User flow

For an overview of the Windows Autopilot for pre-provisioned deployment Microsoft Entra join workflow, see Windows Autopilot for pre-provisioned deployment Microsoft Entra join overview

Note

If you have already configured and assigned an ESP from another Autopilot scenario and want to keep the same settings for the ESP for the pre-provisioned Microsoft Entra join scenario, you can skip this step and move on to Step 6: Create and assign Autopilot profile.

The Enrollment Status Page (ESP)

The main feature of the Enrollment Status Page (ESP) is to display progress and current status to the end user while the device is being set up and enrolled via the Autopilot process. The other main feature of the ESP is to block a user from signing in and using the device until all required policies and applications are installed. Multiple ESP profiles can be created with different settings and assigned appropriately based on different needs and scenarios.

Out of box there's a default ESP that is assigned to all devices. The default setting in the default ESP is to not show app and profile progress during the Autopilot process. However, it's highly recommended to change this default via a separate custom ESP to show app and profile progress. Enabling and configuring an ESP allows end users to properly see the progress of their device being set up and prevents them using the device until it's fully configured and provisioned. A user signing into the device before it's fully configured and provisioned can cause issues.

The ESP has two phases:

• Device ESP - The portion of the ESP that runs during the OOBE process and applies device policies and installs device applications
• User ESP - The portion of the ESP that sets up user account, applies user policies, and installs user applications

Device ESP runs first followed by the User ESP.

Tip

For Configuration Manager admins, an ESP is similar and analogous to Configuration Manager client settings.

Autopilot Enrollment Status Page (ESP) configuration options

When the Enrollment Status Page (ESP) is configured, it has several options that can be configured to meet the needs of the organization. The following lists the different options and their possible configurations:

• Show an error when installation takes longer than specified number of minutes:

  • The default time-out is 60 minutes. Enter a higher value if more time is needed to install applications on the devices.

• Show custom message when time limit or error occur:

  • No: The default message is shown to users when an error occurs. That message is: Setup could not be completed. Please try again or contact your support person for help.

  • Yes: A custom message is shown to users when an error occurs. Enter a custom message in the provided text box.

• Turn on log collection and diagnostics page for end users:

  • No: The collect logs button isn't shown to users when an installation error occurs. The Windows Autopilot diagnostics page isn't shown on devices running Windows 11.

  • Yes: The collect logs button is shown to users when an installation error occurs. The Windows Autopilot diagnostics page is shown on devices running Windows 11. Logs and diagnostics may aid with troubleshooting. For this reason, it's recommended to enable this option.

• Only show page to devices provisioned by out-of-box experience (OOBE):

  • No: The enrollment status page (ESP) is shown during the device phase and the out-of-box experience (OOBE). The page is also shown during the user phase to every user who signs into the device for the first time.

  • Yes: The enrollment status page (ESP) is shown during the device phase and the OOBE. The page is also shown during the user phase, but only to the first user who signs into the device. It isn't shown to subsequent users who sign into the device.

• Block device use until all apps and profiles are installed:

  • No: Users can leave the ESP before Intune is finished setting up the device.

  • Yes: Users can't leave the ESP until Intune is done setting up the device. Enabling this option unlocks the following additional options:

    • Allow users to reset device if installation error occurs:

      • No: The ESP doesn't give users the option to reset theirs devices when an installation fails.

      • Yes: The ESP gives users the option to reset their devices when an installation fails.

    • Allow users to use device if installation error occurs:

      • No: The ESP doesn't give users the option to bypass the ESP when an installation fails.

      • Yes: The ESP gives users the option to bypass the ESP and use their devices when an installation fails.

    • Block device use until these required apps are installed if they are assigned to the user/device:

      • All: All assigned apps must be installed before users can use their devices.

      • Selected: Selected apps must be installed before users can use their devices. After enabling this option, select Select apps to select the managed apps from Intune that are required to be installed before users can use their device.

Configure and assign the Enrollment Status Page (ESP)

To configure and assign the Autopilot Enrollment Status Page (ESP), follow these steps:

1. Sign in to the Microsoft Intune admin center.

2. In the Home screen, select Devices in the left pane.

3. In the Devices | Overview screen, under By platform, select Windows.

4. In the Windows | Windows devices screen, select Windows enrollment.

5. Under General, select Enrollment Status Page.

6. In the Enrollment Status Page screen that opens, select Create.

7. The Create profile screen opens. In the Basics page:

   1. Next to Name, enter a name for the ESP profile.

   2. Next to Description, enter a description.

   3. Select Next.

8. In the Settings page, toggle the option Show app and profile configuration progress to Yes.

   1. After the option Show app and profile configuration progress is toggled to Yes, several new options will appear. Configure these options based on the desired behavior for the ESP as described in the section Autopilot Enrollment Status Page (ESP) configuration options:

   2. Once the different ESP options under the Settings page have been configured as desired, select Next.

9. In the Assignments page:

   1. Under Included groups, select Add groups.

   2. In the Select groups to include window that opens, select the device group(s) to target the ESP profile. The device group(s) selected would normally be the device group(s) created in the Create device group step.

   3. After selecting the device group, select Select to close the Select groups to include window.

      Tip

      After selecting the device group(s), you can select the Edit filter option on each device group added to the assignment to further refine what devices are targeted for the ESP profile. For example, further filtering can be useful if you want to exclude some of the devices that are members in the device group(s) selected.

   4. Select Next.

   Note

   ESPs are assigned to device groups and not directly to individual devices. To assign an ESP to a specific device, the device must be a member of a device group that has an ESP assigned to it.

10. In the Scope tags page, select Next.

    Note

    Scope tags are optional and are a method to control who has access to the ESP configuration. For the purpose of this tutorial, scope tags is being skipped and left at the default scope tag. However if a custom scope tag needs to be specified, do so at this screen. For more information about scope tags, see Use role-based access control and scope tags for distributed IT.

11. In the Review + create page, review the settings and verify everything is correct and configured as desired. Once verified, select Create to save the changes and assign the ESP profile.

Next step: Create and assign a pre-provisioned Microsoft Entra join Autopilot profile

Step 6: Create and assign Autopilot profile

More information

For more information on the Enrollment Status Page (ESP), see the following article(s):

• Windows Autopilot Enrollment Status Page
• Set up the Enrollment Status Page