Windows Autopilot 自部署模式Windows Autopilot Self-Deploying mode

适用于: Windows 10 版本1903或更高版本Applies to: Windows 10, version 1903 or later

Windows Autopilot 自部署模式使你可以部署设备,几乎不需要用户交互。Windows Autopilot self-deploying mode lets you deploy a device with little to no user interaction. 对于具有以太网连接的设备,无需用户交互。For devices with an Ethernet connection, no user interaction is required. 对于通过 Wi-fi 连接的设备,用户只能:For devices connected via Wi-fi, the user must only:

  • 选择语言、区域设置和键盘。Choose the language, locale, and keyboard.
  • 建立网络连接。Make a network connection.

自部署模式提供以下所有内容:Self-deploying mode provides all the following:

  • 将设备加入到 Azure Active Directory。Joins the device to Azure Active Directory.
  • 使用 Azure AD 自动进行 MDM 注册,在 Intune (或另一个 MDM 服务) 中注册设备。Enrolls the device in Intune (or another MDM service) using Azure AD for automatic MDM enrollment.
  • 确保在设备上预配所有策略、应用程序、证书和网络配置文件。Makes sure that all policies, applications, certificates, and networking profiles are provisioned on the device.
  • 使用 "注册状态" 页来阻止访问,直到设备完全预配。Uses the Enrollment Status Page to prevent access until the device is fully provisioned.

备注

自部署模式不支持 Active Directory 联接或混合 Azure AD 联接。Self-deploying mode does not support Active Directory Join or Hybrid Azure AD Join. 所有设备将加入到 Azure Active Directory。All devices will be joined to Azure Active Directory.

通过自我部署模式,你可以将 Windows 10 设备部署为展台、数字告示设备或共享设备。Self-deploying mode lets you deploy a Windows 10 device as a kiosk, digital signage device, or a shared device.

设置展台设备时,可以使用 展台浏览器You can use the Kiosk Browser when setting up a kiosk device. 此应用构建于 Microsoft Edge 之上,可用于创建一个定制的 MDM 管理的浏览体验。This app is built on Microsoft Edge and can be used to create a tailored, MDM-managed browsing experience.

可以通过将 deploing 模式与 MDM 策略结合使用来完全自动完成设备配置。You can completely automate device configuration by combining self-deploing mode with MDM policies. 使用 MDM 策略创建配置为自动登录的本地帐户。Use the MDM policies to create a local account configured to automatically log on. 有关详细信息,请参阅:For more information, see:

备注

自部署模式目前不会将用户与设备 (相关联,因为未在进程) 中指定用户 ID 或密码。Self-deploying mode does not presently associate a user with the device (since no user ID or password is specified as part of the process). 因此,某些 Azure AD 和 Intune 功能 (例如 BitLocker 恢复、从公司门户安装应用或条件访问) 可能对登录到设备的用户不可用。As a result, some Azure AD and Intune capabilities (such as BitLocker recovery, installation of apps from the Company Portal, or Conditional Access) may not be available to a user that signs into the device. 有关详细信息,请参阅 Windows Autopilot 方案和功能为 Autopilot 设备设置 BitLocker 加密算法For more information, see Windows Autopilot scenarios and capabilities and Setting the BitLocker encryption algorithm for Autopilot devices.

Windows Autopilot 自行部署模式的用户体验

要求Requirements

自部署模式使用设备的 TPM 2.0 硬件向组织的 Azure AD 租户中对设备进行身份验证。Self-deploying mode uses a device’s TPM 2.0 hardware to authenticate the device into an organization’s Azure AD tenant. 因此,不能在此模式下使用不带 TPM 2.0 的设备。Therefore, devices without TPM 2.0 can't be used with this mode. 设备还必须支持 TPM 设备证明。Devices must also support TPM device attestation. 所有新的 Windows 设备都应满足这些要求。All new Windows devices should meet these requirements. TPM 证明过程还需要访问对每个 TPM 提供程序唯一的一组 HTTPS Url。The TPM attestation process also requires access to a set of HTTPS URLs that are unique for each TPM provider. 有关详细信息,请参阅 Autopilot 自助部署模式的条目和 网络要求中的 Autopilot 白色手套。For more information, see the entry for Autopilot self-Deploying mode and Autopilot white glove in Networking requirements.

重要

如果在不支持 TPM 2.0 的设备上或在虚拟机上尝试自行部署模式部署,则在使用0x800705B4 超时错误验证设备时,该过程将失败 (不支持 Hyper-v 虚拟 Tpm) 。If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported). 另请注意,由于 Windows 10 版本1809中的 TPM 设备证明存在问题,因此需要使用 Windows 10 版本1903或更高版本。Also note that Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. 由于 Windows 10 企业版 2019 LTSC 基于 Windows 10 版本1809,Windows 10 Enterprise 2019 LTSC 也不支持自部署模式。Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC. 若要查看其他已知的错误和解决方案,请参阅 Windows Autopilot 的已知问题See Windows Autopilot known issues to review other known errors and solutions.

你可以在 Autopilot 过程中显示组织特定的徽标和组织名称。You can display an organization-specific logo and organization name during the Autopilot process. 为此,必须将 Azure AD 公司品牌配置为包含要显示的图像和文本。To do so, Azure AD Company Branding must be configured with the images and text you want displayed. 有关更多详细信息,请参阅 "快速入门:将公司品牌添加到 Azure AD 中的登录页"See Quickstart: Add company branding to your sign-in page in Azure AD for more details.

分步操作Step by step

若要在自部署模式下部署 Windows Autopilot,需要完成以下准备步骤:To deploy in self-deploying mode Windows Autopilot, the following preparation steps need to be completed:

  1. 使用所需的设置创建自部署模式的 Autopilot 配置文件。Create an Autopilot profile for self-deploying mode with the settings you want. 在 Microsoft Intune 中,将在创建配置文件时显式选择此模式。In Microsoft Intune, this mode is explicitly chosen when creating the profile. 无法在适用于企业或合作伙伴中心的 Microsoft Store 中创建配置文件进行自我部署。It isn't possible to create a profile in the Microsoft Store for Business or Partner Center for self-deploying mode.
  2. 如果使用 Intune,请在 Azure Active Directory 中创建一个设备组,并将 Autopilot 配置文件分配给该组。If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group. 尝试部署设备之前,请确保已将该配置文件分配到设备。Ensure that the profile has been assigned to the device before attempting to deploy that device.
  3. 启动设备,如有必要,将其连接到 Wi-fi,然后等待预配过程完成。Boot the device, connecting it to Wi-fi if necessary, then wait for the provisioning process to complete.

验证Validation

使用 Windows Autopilot 在自我部署模式下部署时,应遵循以下最终用户体验:When using Windows Autopilot to deploy in self-deploying mode, the following end-user experience should be observed:

  • 连接到网络后,将下载 Autopilot 配置文件。Once connected to a network, the Autopilot profile will be downloaded.
  • 如果连接到以太网,并将 Autopilot 配置文件配置为跳过这些配置文件,则不会显示以下页面:语言、区域设置和键盘布局。If connected to Ethernet, and the Autopilot profile is configured to skip them, the following pages won't be displayed: language, locale, and keyboard layout. 否则,需要手动步骤:Otherwise, manual steps are required:
    • 如果在 Windows 10 中预安装了多种语言,则用户必须选择一种语言。If multiple languages are preinstalled in Windows 10, the user must pick a language.
    • 用户必须选取区域设置和键盘布局,并选择性地选择另一种键盘布局。The user must pick a locale and a keyboard layout, and optionally a second keyboard layout.
  • 如果通过以太网连接,则不需要网络提示。If connected via Ethernet, no network prompt is expected. 如果没有可用的以太网连接,并且在中内置了 Wi-fi,则用户需要连接到无线网络。If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network.
  • Windows 10 会检查重要的 OOBE 更新,如果有任何可用的更新,则会自动安装 (重新启动(如有必要)) 。Windows 10 will check for critical OOBE updates, and if any are available they'll be automatically installed (rebooting if necessary).
  • 设备将联接 Azure Active Directory。The device will join Azure Active Directory.
  • 加入 Azure Active Directory 之后,设备将在 Intune (或其他配置的 MDM 服务) 中进行注册。After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services).
  • 将显示 " 注册状态" 页The enrollment status page will be displayed.
  • 根据所部署的设备设置,设备将:Depending on the device settings deployed, the device will either:
  • 在登录屏幕上,组织的任何成员都可以通过指定其 Azure AD 凭据进行登录。Remain at the logon screen, where any member of the organization can log on by specifying their Azure AD credentials.
  • 对于配置为展台或数字告示的设备,自动以本地帐户身份登录。Automatically sign in as a local account, for devices configured as a kiosk or digital signage.

备注

对于展台部署,使用自部署模式部署 EAS 策略将导致自动登录功能失败。Deploying EAS policies using self-deploying mode for kiosk deployments will cause auto-logon functionality to fail.

如果观察到的结果与这些预期不符,请参阅 Windows Autopilot 故障排除 文档。In case the observed results don't match these expectations, consult the Windows Autopilot Troubleshooting documentation.