Provisioning packages for Windows

Applies to

  • Windows 10
  • Windows 11

Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers.

A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.

Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.

Windows Configuration Designer is available as an app in the Microsoft Store.

Benefits of provisioning packages

Provisioning packages let you:

  • Quickly configure a new device without going through the process of installing a new image.

  • Save time by configuring multiple devices using one provisioning package.

  • Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure.

  • Set up a device without the device having network connectivity.

Provisioning packages can be:

  • Installed using removable media such as an SD card or USB flash drive.

  • Attached to an email.

  • Downloaded from a network share.

  • Deployed in NFC tags or barcodes.

What you can configure

Configuration Designer wizards

The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.

Step Description Desktop wizard Kiosk wizard HoloLens wizard
Set up device Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software ✔️ ✔️ ✔️
Set up network Connect to a Wi-Fi network ✔️ ✔️ ✔️
Account management Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account ✔️ ✔️ ✔️
Bulk Enrollment in Azure AD Enroll device in Azure Active Directory using Bulk Token

Set up Azure AD join in your organization, before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment.
✔️ ✔️ ✔️
Add applications Install applications using the provisioning package. ✔️ ✔️
Add certificates Include a certificate file in the provisioning package. ✔️ ✔️ ✔️
Configure kiosk account and app Create local account to run the kiosk mode app, specify the app to run in kiosk mode ✔️
Configure kiosk common settings Set tablet mode, configure welcome and shutdown screens, turn off timeout settings ✔️
Developer Setup Enable Developer Mode ✔️

Note

After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.

Configuration Designer advanced editor

The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.

Customization options Examples
Bulk Active Directory join and device name Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters
Applications Windows apps, line-of-business applications
Bulk enrollment into MDM Automatic enrollment into a third-party MDM service

Using a provisioning package for auto-enrollment to Microsoft Endpoint Manager isn't supported. To enroll devices, use the Configuration Manager console.
Certificates Root certification authority (CA), client certificates
Connectivity profiles Wi-Fi, proxy settings, Email
Enterprise policies Security restrictions (password, device lock, camera, and so on), encryption, update settings
Data assets Documents, music, videos, pictures
Start menu customization Start menu layout, application pinning
Other Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on

For details about the settings you can customize in provisioning packages, see Windows Provisioning settings reference.

WCD, simplified common provisioning scenarios.

Configuration Designer options

WCD supports the following scenarios for IT administrators:

  • Simple provisioning – Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.

    Learn how to use simple provisioning to configure Windows computers.

  • Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates) – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices.

  • Mobile device enrollment into management - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end users in the organization. IT administrators can use WCD to specify the management endpoint and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include:

    • Microsoft Intune (certificate-based enrollment)
    • AirWatch (password-string based enrollment)
    • MobileIron (password-string based enrollment)
    • Other MDMs (cert-based enrollment)