Enrolling Windows Modern Devices Using Autopilot And Azure Join

Jump to main content Search

1. Home
2. Using the Console

   This section provides information about using the SOTI MobiControl console to perform the various management tasks.

3. Managing Devices
4. Enrolling Devices
5. Adding Windows Devices
6. Windows Modern Devices
7. Enrolling Windows Modern Devices using Autopilot and Azure Join

• Welcome to SOTI MobiControl 15.5 Help

  SOTI MobiControl is an enterprise mobile management solution dedicated to helping you manage your enterprise devices. Use SOTI MobiControl Help to learn about all the features available through SOTI MobiControl.

• Setting Up SOTI MobiControl

  This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.

• Using the Console

  This section provides information about using the SOTI MobiControl console to perform the various management tasks.

  • About the SOTI MobiControl Console
  • Managing Users
  • Managing Devices
    • Managing Android Enrollment Policies
    • Managing Device Enrollment Rules
    • Enrolling Devices
      • Device Agents
      • Adding Android Plus Devices
      • Adding Apple Devices
      • Adding Linux Devices
      • Adding Windows Devices
        • Enrolling Windows Mobile/CE Devices
        • Enrolling Windows Desktop Classic Devices
        • Windows Modern Devices
          • Enrolling Windows Modern Phone Devices
          • Enrolling Windows Modern Desktop Devices
          • Enrolling Windows Modern HoloLens Devices
          • Windows Notification Services
          • Enabling Automatic Server Discovery
          • Enrolling Windows Modern Devices with Azure Active Directory Join
          • Enrolling Windows Modern Devices using Autopilot and Azure Join
        • Setting Up a Local Agent Builder Service
      • Adding Printers
      • Using SOTI MobiControl Stage
      • Branding the Enrollment Page
      • Using Unified Enrollment
      • Defining Re-Enrollment Rules
    • Renaming Devices
    • Device Compliance Policies
    • Viewing Device Information
    • Grouping Devices
    • Updating Devices
    • Sending Messages to Devices
    • Sharing Devices
    • Using SHA-1 and SHA-2 Certificates on the Same Deployment Server
    • Removing Devices
  • Managing Configurations
  • Managing Applications
  • Managing Data
  • Monitoring Devices
  • Troubleshooting Device Issues
  • Generating Reports
  • Managing System Settings
  • Other Features
  • SOTI MobiControl Console Reference
• System Health

  View vital system stats in a variety of interactive, up-to-date charts and tables.

• SOTI MobiControl Administration

  This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.

• Using Package Studio

  This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.

• Using Script Commands

  Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on Android Plus, Linux, macOS, Windows Desktop Classic, and Windows Mobile/CE devices.

• Using SOTI MobiControl Stage

  This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.

• SOTI Cloud Link
• Glossary
• Notices

Enrolling Windows Modern Devices using Autopilot and Azure Join

Before you begin

Ensure you have configured Azure Active Directory as directed in Enrolling Windows Modern Devices with Azure Active Directory Join. Consult the following lists to ensure you meet Windows support and licensing requirements:

The following Microsoft Windows 10 editions are supported for Windows Autopilot:

• Windows 10 Pro
• Windows 10 Pro Education
• Windows 10 Pro for Workstations
• Windows 10 Enterprise
• Windows 10 Education
• Windows 10 Enterprise 2019 LTSC

For Windows Autopilot, one of the following subscriptions is required:

• Microsoft 365 Business Premium subscription
• Microsoft 365 F3 subscription
• Microsoft 365 Academic A1, A3, or A5 subscription
• Microsoft 365 Enterprise E3 or E5 subscription, which includes all Windows 10, Microsoft 365, and EM+S features (Azure AD and Intune)
• Enterprise Mobility + Security E3 or E5 subscription, which includes all needed Azure AD and Intune features
• Intune for Education subscription, which includes all needed Azure AD and Intune features
• Azure Active Directory Premium P1 or P2 and Microsoft Intune subscription (or an alternative MDM service)

Check the Microsoft 365 Enterprise Licensing Resource for more information.

Azure Active Directory subscription:

Autopilot requires an Azure Active Directory (AAD) premium subscription. You can check your subscription status by navigating to Azure Active Directory > Overview > License:

About this task

This procedure details the steps to enroll Windows Modern devices into on-premises SOTI MobiControl using Windows Autopilot. You can read more about Autopilot here: Overview of Windows Autopilot.

1. Capture the Hardware ID and Reset the Out-of-Box Experience on the Windows Device
2. Configure Company Branding and Bypass Intune Auto-Enrollment in Azure AD
3. Configure Registration, Device Group, and Autopilot Deployment Profile in Microsoft Endpoint Manager
4. Launch Windows Autopilot Setup Process

Capture the Hardware ID and Reset the Out-of-Box Experience on the Windows Device

Procedure

1. On the device to be enrolled, open an elevated PowerShell terminal and run the following commands in order: Note: This is only applicable for devices that have not been configured by the OEM or reseller. md c:\HWID Set-Location c:\HWID Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force Install-Script -Name Get-WindowsAutopilotInfo -Force $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts" Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
2. When you are prompted to install the NuGet package, select [Y] Yes. When this installation finishes, a .csv file titled AutopilotHWID.csv appears on the C:\ drive.
3. Copy the .csv file to a removeable storage device for later use when you set up Autopilot registration.
4. Reset the Windows 10 device back to the default out-of-box-experience. You can learn more here: How to refresh, reset, or restore your PC.

Configure Company Branding and Bypass Intune Auto-Enrollment in Azure AD

Procedure

1. Sign into Azure AD as an Administrator and select Company Branding > New Language.
2. Assign a custom background, company logo, and custom messages here as needed then click Save to apply your changes.
3. Select Mobility (MDM and MAM) > Microsoft Intune. Ensure that MDM user scope and MAM user scope are both set to None.

   

Configure Registration, Device Group, and Autopilot Deployment Profile in Microsoft Endpoint Manager

Procedure

1. Log into Microsoft Endpoint Manager as an Administrator and set up Autopilot registration.
2. Select Devices > Enroll Devices > Windows Enrollment > Windows Autopilot Deployment Program > Devices.

   

3. Click Import.
4. Upload the AutopilotHWID.csv file that you copied to removeable storage from the Windows device.
5. Click Import to add the data to Endpoint. Note: The process will take some time to complete (up to 15 minutes).
6. Create a device group for Windows Autopilot. Select Groups > New group.
7. Set the Group type to Security and enter a Group name.
8. Set Azure AD roles can be assigned to the group to No.
9. Set Membership type to Assigned.

   

10. Click the No members selected link to add your users to the group.
11. Create the Windows Autopilot Deployment Profile. Select Devices > Enroll Devices > Deployment Profiles > Create Profile > Windows PC
12. Name the profile and set Convert all targeted devices to Autopilot to No and click Next.

    

13. In the out-of-box experience (OOBE) section, set the following options:
    • Deployment mode - User-Driven
    • Join to Azure AD as - Azure AD joined
    • Microsoft Software License Terms – Hide
    • Privacy Settings – Hide
    • Hide change account options – Hide
    • User Account type – Standard
    • Allow pre-provisioned deployment – No
    • Language (Region) – Operating System default
    • Automatically Configure keyboard – Yes
    • Language (Region) – Operating System default
14. Click Next to proceed to the assignments.
15. Select the Autopilot group you created in step 6.
16. Click Next to proceed to the Review and create tab.
17. Click Create to create the Deployment Profile.
18. While still in Endpoint, navigate to Devices > Enroll devices > Windows Autopilot Deployment Program > Devices and make sure the Profile status is appears as Assigned.

    

Launch Windows Autopilot Setup Process

About this task

At this point, you can return to the Windows device you reset to default out-of-box-experience, turn it on and complete the setup.

Procedure

1. Proceed through the out-of-box experience starting with the region and keyboard selection screens, then on to the branded login based on the configurations you made earlier.
2. Enter the user Email address and click Next.
3. Enter the user Password and click Next.
4. After some time, you should be presented with the Terms and Conditions that were set in the SOTI MobiControl Windows Modern Add Devices Rule as described in Enrolling Windows Modern Devices with Azure Active Directory Join.
5. Accept the terms and conditions.
6. Let the out-of-box-experience complete and follow the steps to sign in and set up Windows Hello. The device should be enrolled into SOTI MobiControl.

On this page

• Capture the Hardware ID and Reset the Out-of-Box Experience on the Windows Device
• Configure Company Branding and Bypass Intune Auto-Enrollment in Azure AD
• Configure Registration, Device Group, and Autopilot Deployment Profile in Microsoft Endpoint Manager
• Launch Windows Autopilot Setup Process