Step by step tutorial for Windows Autopilot user-driven Microsoft Entra join in Intune

This step by step tutorial guides through using Intune to perform a Windows Autopilot user-driven scenario when the devices are strictly Microsoft Entra joined.

The purpose of this tutorial is a step by step guide for all the configuration steps required for a successful Windows Autopilot user-driven Microsoft Entra join deployment using Intune. The tutorial is also designed as a walkthrough in a lab or testing scenario, but can be expanded for use in a production environment.

Before beginning, refer to the How to: Plan your Microsoft Entra join implementation to make sure all requirements are met for joining devices to Microsoft Entra ID.

Windows Autopilot user-driven Microsoft Entra join overview

Windows Autopilot user-driven Microsoft Entra join is a Windows Autopilot solution that automates the configuration of Windows on a new device. Normally, the device is delivered directly from an OEM or reseller to the end-user without the need for IT intervention. Windows Autopilot user-driven deployments use the existing Windows installation installed by the OEM at the factory. The end-user only needs to perform a minimal number of actions during the deployment process such as:

• Powering on the device.
• In certain scenarios, selecting the language, locale, and keyboard layout.
• Connecting to a wireless network if the device isn't connected to a wired network.
• Signing into Microsoft Entra ID with the end-user's Microsoft Entra credentials.

Windows Autopilot user-driven deployments can perform the following tasks during the deployment:

• Joins the device to Microsoft Entra ID.
• Enrolls the device in Intune.
• Installs applications.
• Applies device configuration policies such as BitLocker and Windows Hello for Business.
• Checks for compliance.
• Enrollment Status Page (ESP) can be used to prevent an end-user from using the device until it's fully configured.

Windows Autopilot user-driven deployments consist of two phases:

• Device ESP phase: Windows is configured and applications and policies assigned to the device are applied.
• User ESP phase: Applications and policies assigned to the user are applied.

Once the Windows Autopilot user-driven deployment is complete, the device is ready for the end-user to use and they're immediately sent to the desktop.

Workflow

The following steps are needed to configure and then perform a Windows Autopilot user-driven Microsoft Entra join in Intune:

• Step 1: Set up Windows automatic Intune enrollment
• Step 2: Allow users to join devices to Microsoft Entra ID
• Step 3: Register devices as Windows Autopilot devices
• Step 4: Create a device group
• Step 5: Configure and assign Windows Autopilot Enrollment Status Page (ESP)
• Step 6: Create and assign Windows Autopilot profile
• Step 7: Assign Windows Autopilot device to a user (optional)
• Step 8: Deploy the device

Note

Although the workflow is designed for lab or testing scenarios, it can also be used in a production environment. Some of the steps in the workflow are interchangeable and interchanging some of the steps might make more sense in a production environment. For example, the Create a device group step followed by the Register devices as Windows Autopilot devices step might make more sense in a production environment.

Walkthrough

Step 1: Set up Windows automatic Intune enrollment

Related content

For more information on Windows Autopilot user-driven Microsoft Entra join, see the following article:

• User-driven mode for Microsoft Entra join.