Renewing existing workstations with new (mobile) devices a lot of hassle? Maybe in the past, but thanks to Windows AutoPilot, a child – or rather the end user – can do the laundry. Here’s what you need to know about Microsoft’s new service.
Rolling out new workplaces can be quite challenging. Especially if there are employees within an organization who work in other locations or even in other countries. Something that is the rule rather than the exception today.
You have to have them come to the office to replace their workstation, and the new devices have to be delivered to the office to be prepared before the end user can use them. Cumbersome, and no longer needed.
This is how Windows AutoPilot works
Windows AutoPilot allows users to perform the installation of a new Windows 10 device completely without guidance from the IT department. This allows the device to be shipped directly from the supplier to the end user themselves. The end user then arranges their enrollment in Microsoft’s workplace management environment.
AutoPilot works with cloud management tool Intune (or other MDM solutions) to automatically install settings, drivers, policies and software. Users only need to turn on their new device, log into the corporate network, and then all applications (such as Office 365) are automatically prepared.
The difference
Before the advent of AutoPilot, deploying workstations typically meant delivering new devices to the office, unpacking them and providing them with an image. For each new (type of) device, the IT department had to create such a new image. A time-consuming and expensive process.
With AutoPilot, there is no need to flash an image or configure equipment manually. The IT department basically does not have to touch a physical device, but still maintains control. In turn, the end user almost has a BYOD experience, but with a business device.
Security ensured
Windows AutoPilot was introduced simultaneously with the April 2018 update to Windows 10 pro. So with this collection of (security) technologies, IT can implement all security rules automatically, as well as other policies. From what data you are allowed to share through what channels to what a password must meet. But it also allows you to control who should have access to which applications and software remotely.
In addition, by working with HP Sure Recover (pdf), you can be sure that the security of the devices is optimally guaranteed. HP Sure Recover lets you quickly and easily restore an imageto your PC. Useful if, for example, software-based malware needs to be removed. As with Windows AutoPilot, IT does not need to physically hold the device to restore the image with HP Sure Recover.
Simple configuration
The first step in rolling out new workstations with AutoPilot is device registration. This can be done in two ways.
- You can ask the vendor (through the reseller) for a file of device IDs after purchase. You need to upload those to Autopilot Deployment Services and link them to your organization. You basically only have to do this once. You can also ask your reseller with Microsoft Cloud Service Provider status to do this for you with this file.
- You can ask the vendor (through the reseller) to link the device IDs directly to your Azure AD environment when you purchase the PCs. For this, you give official permission via a URL to be sent out by the vendor. See here for more information on this permission.
The second step is to set up a Windows Autopilot profile. In that profile, which you assign to the appropriate devices, you can control which steps in the configuration are skipped. This way, you can avoid confronting an end user with privacy settings. Steps such as setting up assistant Cortana, OEM registration and choosing between a personal or business device can also be skipped.
The final step is transferring the new device to the employee. This can be done in the office, but just as easily by having the device mailed directly from the factory to the employee’s home. That turns it on and connects to the Internet. AutoPilot then launches a personalized installation (including your company name and logo), based on the profile assigned to the device.
When the user logs in with their account information, all settings and apps are automatically loaded. Within a few clicks, he can be up and running – without IT intervention. This video shows how simple that works in practice.
Want to know more about what’s involved when replacing desktops with laptops? Download the free white paper ‘Switching to mobile working in one go? Here’s how to do it’.