Provisioning packages for Windows
- Windows 10
- Windows 11
Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers.
A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
Windows Configuration Designer is available as an app in the Microsoft Store.
Benefits of provisioning packages
Provisioning packages let you:
Quickly configure a new device without going through the process of installing a new image.
Save time by configuring multiple devices using one provisioning package.
Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure.
Set up a device without the device having network connectivity.
Provisioning packages can be:
Installed using removable media such as an SD card or USB flash drive.
Attached to an email.
Downloaded from a network share.
Deployed in NFC tags or barcodes.
What you can configure
Configuration Designer wizards
The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
|Step||Description||Desktop wizard||Kiosk wizard||HoloLens wizard|
|Set up device||Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software||✔️||✔️||✔️|
|Set up network||Connect to a Wi-Fi network||✔️||✔️||✔️|
|Account management||Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account||✔️||✔️||✔️|
|Bulk Enrollment in Azure AD||Enroll device in Azure Active Directory using Bulk Token Set up Azure AD join in your organization, before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment.||✔️||✔️||✔️|
|Add applications||Install applications using the provisioning package.||✔️||✔️||❌|
|Add certificates||Include a certificate file in the provisioning package.||✔️||✔️||✔️|
|Configure kiosk account and app||Create local account to run the kiosk mode app, specify the app to run in kiosk mode||❌||✔️||❌|
|Configure kiosk common settings||Set tablet mode, configure welcome and shutdown screens, turn off timeout settings||❌||✔️||❌|
|Developer Setup||Enable Developer Mode||❌||❌||✔️|
- Instructions for the desktop wizard
- Instructions for the kiosk wizard
- Instructions for the HoloLens wizard
After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
Configuration Designer advanced editor
The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
|Bulk Active Directory join and device name||Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters|
|Applications||Windows apps, line-of-business applications|
|Bulk enrollment into MDM||Automatic enrollment into a third-party MDM service
Using a provisioning package for auto-enrollment to Microsoft Endpoint Manager isn't supported. To enroll devices, use the Configuration Manager console.
|Certificates||Root certification authority (CA), client certificates|
|Connectivity profiles||Wi-Fi, proxy settings, Email|
|Enterprise policies||Security restrictions (password, device lock, camera, and so on), encryption, update settings|
|Data assets||Documents, music, videos, pictures|
|Start menu customization||Start menu layout, application pinning|
|Other||Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on|
For details about the settings you can customize in provisioning packages, see Windows Provisioning settings reference.
WCD, simplified common provisioning scenarios.
WCD supports the following scenarios for IT administrators:
Simple provisioning – Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.
Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates) – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices.
Mobile device enrollment into management - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end users in the organization. IT administrators can use WCD to specify the management endpoint and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include:
- Microsoft Intune (certificate-based enrollment)
- AirWatch (password-string based enrollment)
- MobileIron (password-string based enrollment)
- Other MDMs (cert-based enrollment)
- How provisioning works in Windows client
- Install Windows Configuration Designer
- Create a provisioning package
- Apply a provisioning package
- Settings changed when you uninstall a provisioning package
- Provision PCs with common settings for initial deployment (simple provisioning)
- Use a script to install a desktop app in provisioning packages
- PowerShell cmdlets for provisioning Windows client (reference)
- Windows Configuration Designer command-line interface (reference)
- Create a provisioning package with multivariant settings