Provisioning packages for Windows 10

Applies to

  • Windows 10
  • Windows 10 Mobile

Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers.

A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.

Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.

The Windows Assessment and Deployment Kit (ADK) for Windows 10 includes the Windows Configuration Designer, a tool for configuring provisioning packages. Windows Configuration Designer is also available as an app in the Microsoft Store.

New in Windows 10, version 1703

  • The tool for creating provisioning packages is renamed Windows Configuration Designer, replacing the Windows Imaging and Configuration Designer (ICD) tool. The components for creating images have been removed from Windows Configuration Designer, which now provides access to runtime settings only.
  • Windows Configuration Designer can still be installed from the Windows ADK. You can also install it from the Microsoft Store.
  • Windows Configuration Designer adds more wizards to make it easier to create provisioning packages for specific scenarios. See What you can configure for wizard descriptions.
  • The wizard Provision desktop devices (previously called Simple provisioning) now enables joining Azure Active Directory (Azure AD) domains and also allows you to remove non-Microsoft software from Windows desktop devices during provisioning.
  • When provisioning packages are applied to a device, a status screen indicates successful or failed provisioning.
  • Windows 10 includes PowerShell cmdlets that simplify scripted provisioning. Using these cmdlets, you can add provisioning packages, remove provisioning packages and generate log files to investigate provisioning errors.
  • The Provision school devices wizard is removed from Windows Configuration Designer. Instead, use the Setup School PCs app from the Microsoft Store.

Benefits of provisioning packages

Provisioning packages let you:

  • Quickly configure a new device without going through the process of installing a new image.

  • Save time by configuring multiple devices using one provisioning package.

  • Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure.

  • Set up a device without the device having network connectivity.

Provisioning packages can be:

  • Installed using removable media such as an SD card or USB flash drive.

  • Attached to an email.

  • Downloaded from a network share.

  • Deployed in NFC tags or barcodes.

What you can configure

Configuration Designer wizards

The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.

StepDescriptionDesktop wizardMobile wizardKiosk wizardHoloLens wizard
Set up deviceAssign device name,
enter product key to upgrade Windows,
configure shared used,
remove pre-installed software
yesyes
(Only device name and upgrade key)
yesyes
Set up networkConnect to a Wi-Fi networkyesyesyesyes
Account managementEnroll device in Active Directory,
enroll device in Azure Active Directory,
or create a local administrator account
yesnoyesyes
Bulk Enrollment in Azure ADEnroll device in Azure Active Directory
Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization.
noyesnono
Add applicationsInstall applications using the provisioning package.yesnoyesno
Add certificatesInclude a certificate file in the provisioning package.yesnoyesyes
Configure kiosk account and appCreate local account to run the kiosk mode app,
specify the app to run in kiosk mode
nonoyesno
Configure kiosk common settingsSet tablet mode,
configure welcome and shutdown screens,
turn off timeout settings
nonoyesno
Developer SetupEnable Developer Mode.nononoyes

Note

After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.

Configuration Designer advanced editor

The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.

Customization options Examples
Bulk Active Directory join and device name Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters
Applications Windows apps, line-of-business applications
Bulk enrollment into MDM Automatic enrollment into a third-party MDM service*
Certificates Root certification authority (CA), client certificates
Connectivity profiles Wi-Fi, proxy settings, Email
Enterprise policies Security restrictions (password, device lock, camera, and so on), encryption, update settings
Data assets Documents, music, videos, pictures
Start menu customization Start menu layout, application pinning
Other Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on

* Using a provisioning package for auto-enrollment to System Center Configuration Manager or Configuration Manager/Intune hybrid is not supported. Use the Configuration Manager console to enroll devices.

For details about the settings you can customize in provisioning packages, see Windows Provisioning settings reference.

Changes to provisioning in Windows 10, version 1607

Note

This section is retained for customers using Windows 10, version 1607, on the Current Branch for Business. Some of this information is not applicable in Windows 10, version 1703.

Windows ICD for Windows 10, version 1607, simplified common provisioning scenarios.

Configuration Designer options

Windows ICD in Windows 10, version 1607, supported the following scenarios for IT administrators:

  • Simple provisioning – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.

    Learn how to use simple provisioning to configure Windows 10 computers.

  • Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates) – Allows an IT administrator to use Windows ICD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices.

  • Mobile device enrollment into management - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include:

    • System Center Configuration Manager and Microsoft Intune hybrid (certificate-based enrollment)
    • AirWatch (password-string based enrollment)
    • Mobile Iron (password-string based enrollment)
    • Other MDMs (cert-based enrollment)

Note

Windows ICD in Windows 10, version 1607, also provided a wizard to create provisioning packages for school PCs. To learn more, see Set up students' PCs to join domain.

Learn more