🚀 Windows Autopilot Self-Deploying Mode — Zero-Touch Setup That Feels Like Magic

-


Just imagine this:

You unwrap a brand-new PC or reinstall Windows 11 from scratch…
and before you even touch the keyboard, the device automatically:

✅ Joins Microsoft Entra ID (Azure AD)
✅ Syncs all Intune apps, settings, and policies
✅ Lands straight on the sign-in screen — ready for the user

No technician. No clicks. No wasted time.
That’s Windows Autopilot Self-Deploying Mode — effortless, hands-free provisioning that just works.

The only prerequisite?
Register the device’s Hardware Hash (HWID) in Intune first.

Here’s the cleanest 10-minute setup guide to make it happen — perfect for brand-new or freshly reinstalled devices.

Step-by-Step: Configure Windows Autopilot Self-Deploying Mode in Under 10 Minutes

1️⃣ Start Fresh
Use a new PC or perform a clean Windows 11 installation (OOBE stage).

2️⃣ Insert a USB Drive

3️⃣ Identify the Drive Letter
Press Shift + F10, open PowerShell, and run:

Get-Volume

Find your USB drive letter (e.g., E:).


4️⃣ Run the Script
Execute:

.\autopilot.ps1

A file named HWID.csv will appear on your USB drive — that’s your device’s hardware hash.


5️⃣ Upload to Intune



Navigate to Intune Admin Center → Devices → Windows enrollment → Devices → Import
Select your HWID.csv and click Import.
Wait until the status turns green (usually within 5–30 minutes).

6️⃣ Create a Dedicated Group (Avoid Conflicts)
Never mix User-Driven and Self-Deploying devices in the same group.

Best practice:
Create a static security group for self-deploying devices.
Avoid using a dynamic rule like (device.devicePhysicalIds -any _ -contains "[ZTDId]") — it will automatically add all new Autopilot devices and may cause profile assignment conflicts.


7️⃣ Assign the Device
Copy the device name from Intune →



Go to Entra Admin Center → Devices → Search → Add to your group.
Make sure the device is enabled.

8️⃣ Create the Self-Deploying Profile
In Intune:
Devices → Windows enrollment → Deployment Profiles → Create Profile → Self-Deploying

Set the options as follows:

  • Name: Autopilot – Self-Deploying – Standard

  • Convert all targeted devices to Autopilot: Yes

  • Skip EULA and Privacy settings: Yes

Assign this profile to your self-deploying group.



9️⃣ Configure Kiosk Mode
Go to Intune → Configuration Profiles → Windows 10 and later → Custom,
select OMA-URI, and paste your XML configuration.





🔟

💡 Extra tip: Don’t forget the Google Chrome package

Before you start deployment, make sure you already have a Google Chrome Win32 or MSI package uploaded in Intune — and assigned to the same Autopilot group.

This step is essential if you’re using a taskbar XML layout to automatically pin Chrome.
If Chrome isn’t installed first, the XML configuration won’t apply correctly, and the pinning will fail.

In short:

  • Upload your Chrome package in Intune

  • Assign it to the same group as your Self-Deploying profile

  • Then your XML layout will apply perfectly, pinning Chrome to the taskbar every time 🚀




XML:

                       -------------------------------------------------

<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config">

<Profiles>

<Profile Id="{7b089ffa-f670-4861-a8b4-0e0e8d45b437}">

<AllAppsList>

<AllowedApps>

<App DesktopAppPath="%ProgramFiles%\Google\Chrome\Application\chrome.exe"/>

</AllowedApps>

</AllAppsList>

<v5:StartPins>

<![CDATA[ { "pinnedList": [ { "desktopAppLink": "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" } ] } ]]>

</v5:StartPins>

<Taskbar ShowTaskbar="true"/>

</Profile>

</Profiles>

<Configs>

<Config>

<AutoLogonAccount rs5:DisplayName="Kiosk"/>

<DefaultProfile Id="{7b089ffa-f670-4861-a8b4-0e0e8d45b437}"/>

</Config>

</Configs>

</AssignedAccessConfiguration>


                               -------------------------------------------------------

🔟 Experience the Magic
After about 30 minutes, restart the device (allow time for sync).
You’ll see:
Identifying device… → Configuring your device… → Ready for sign-in.





That’s true zero-touch deployment — modern IT at its best. 🚀


💡 Coming Soon: Local Admin Automation via Script Remediation

Soon, a PowerShell script will be released that automatically creates a local administrator account through Intune Script Remediation.

This script allows you to log in and perform additional configuration tasks — without manual intervention.

Perfect for scenarios where you need a secure local admin for troubleshooting, initial setup, or offline access before the device fully syncs with Intune.

Stay tuned — the script is designed for seamless deployment and easy customization. ⚙️


Kommentarer

Skicka en kommentar

Populära inlägg i den här bloggen

🚀 Force Reinstallation of an Intune App

-
Bild
  – When Intune refuses to reinstall a program you’ve already removed Sometimes an application deployed through Microsoft Intune won’t reinstall even after you’ve manually uninstalled it. That’s because Intune tracks installation status using both registry entries and detection rules to decide whether an app is already present. Here’s how to fully reset that state and force a reinstallation — step by step. 💡 Why Intune won’t reinstall the app When a Win32 app is deployed via Intune, the Intune Management Extension stores app metadata in the Windows registry under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps This registry data tells Intune which apps are installed, when, and by which user. On every policy sync, Intune checks the detection rule defined for the app. If the detection rule still reports the app as “installed” — even though you removed it — Intune will skip reinstallation . 🔧 Step-by-Step Guide 1️⃣ Uninstall the App F...
Read more »

Boost Your Graphics Power med GPU-acceleration i Azure Virtual Desktop!

-
Bild
  🎯 Purpose Optimize performance for Remote Desktop sessions by enabling GPU acceleration and video optimization via Microsoft Intune or Group Policy (GPO). 🧠 Prerequisites & Requirements Required skills: Basic knowledge of Windows device management Experience with Microsoft Intune or Group Policy Understanding of Remote Desktop (RDP/AVD) concepts Technical requirements: Windows 10/11 on session hosts GPU-enabled VMs (e.g., NVv3, NVadsA10 v5, NCasT4_v3) Microsoft HEVC codec installed on client devices Proper GPU drivers installed (NVIDIA GRID or AMD) 1. Sign in Go to: https://intune.microsoft.com 2. Create or edit a configuration profile Go to Devices > Configuration profiles Click Create profile Select: Platform: Windows 10 and later Profile type: Settings catalog 3. Add settings Click Add settings and browse to: Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host ...
Read more »