https://portal.azure.com/#blade/Microsoft_Intune_Enrollment/EnrollmentMenu/windowsEnrollment
– MDM and MAM on “Some”
– Select a group
– Save
If you have not yet created an autopilot group, you can find the instructions here.
– Properties
– Congigure Windows Hello for Business: Enabled
– Use a Trusted Platform Module (TMP:) Preferred
– Minimum PIN length: 6
– Maximum PIN length: 127
– Lowercase letters in PIN: Not allowed
– Uppercase letters in PIN: Not allowed
– Special characters in PIN: Not allowed
– PIN expirations (days): Never
– Remember PIN history: No
– Allow biometric authentication: Yes
– Use enhanced anti-spoofing when avaiable: Yes
– Allow phone sign-in: Yes
– Use security keys for sign-in: Disabeld
– Save
Type | Hostnaam | Points to | TTL |
CNAME | EnterpriseEnrollment | enterpriseenrollment.manage.microsoft.com. | 1 uur |
CNAME | EnterpriseRegistration | EnterpriseRegistration.windows.net. | 1 uur |
– Select Default
– Settings
– Show app and profile installation progress: Yes
– Show time limit error when installations takes longer than specifed numbers of minutes
– Show custom message when time limit error occurs: Yes > Helpdesk contact info
– Allow users to collect logs about installation errors: No
– Block device use until all apps and profile are installed: Yes
– Allow users to reset device if installation error occurs: Yes
– Allow users to use device if installation error occurs: Yes
– Block device use until these required apps are installed if the are assigned to the users/device: Selected or All
Create profile
– Name: Autopilot profile
– Convert all targedted devices to Autopilot: Yes
– Deyloyment mode: User-Drive
– Join to Azure AD as: Azure AD joined
– Microsoft Software License Terms: Hide
– Privacy settings: Hide
– Hide change account options: Hide
– User account type: Choose Administrator or Standard
– Allow White Glove OOBE: Yes
– Apple device name template: YesCompanyname-%RAND:x%
– Change x to digit to add any string of numbers, where x stands for the number of digits to be added.
– Next > Next
– Select groups to include: Autopilot groups
– Next
– Create
– Import > Import
Add all computer that you want in Autopilot/Intune. You can import a .CSV file. You can generate this .CSV file with a PowerShell command.
AutoPilot.ps1
# om als administrator uit te voeren
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File "$PSCommandPath
"" -Verb RunAs; exit }
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
$path = "C:\AutoPilotCSV"
If(!(Test-path $path)) {New-Item -type Directory -Force -Path $path}
Save-Script -Name Get-WindowsAutoPilotInfo -Path $path -Force
. "$path\Get-WindowsAutoPilotInfo.ps1" -OutputFile c:\AutoPilotCSV\$env:UserName.csv
The .CSV file is saved in C:\AutoPilotCSV
NewPCAutoPilot.ps1
# om als administrator uit te voeren
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File "$PSCommandPath"" -Verb RunAs; exit }
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
$path = "C:\AutoPilotCSV"
If(!(Test-path $path)) {New-Item -type Directory -Force -Path $path}
Save-Script -Name Get-WindowsAutoPilotInfo -Path $path -Force
. "$path\Get-WindowsAutoPilotInfo.ps1" -OutputFile c:\AutoPilotCSV\newpc.csv
Type: Powershell
and press enter
Run the above NewPCAutoPilot.ps1 scriptcd c:\AutoPilotCSV\
copy newpc.csv X:\
(Change X:\ to USB letter)shutdown /s /t 0