- Windows 11
- Windows 10
Windows Autopilot is designed to simplify all parts of the Windows device lifecycle, but there are always situations where issues may arise. When troubleshooting an issue, it is helpful to understand:
- The Windows Autopilot process flow
- How Windows Autopilot device profiles are downloaded
- Key activities to perform during troubleshooting
Windows Autopilot diagnostics page
On Windows 11, you can open the Autopilot diagnostic page to view additional detailed troubleshooting information about the Autopilot provisioning process. To enable the Autopilot diagnostics page:
- Go to the ESP profile where the Autopilot diagnostics page needs to be enabled.
- Make sure that Show app and profile configuration progress is selected to Yes.
- Make sure that Turn on log collection and diagnostics page for end users is selected to Yes.
Once the diagnostic page is enabled, you can select the View Diagnostics button or use the keyboard shortcut Ctrl+Shift+D to access any diagnostic information. The Autopilot diagnostics page is currently supported for commercial OOBE, and Autopilot user-driven mode.
By default diagnostics will be automatically collected upon an Autopilot failure. For more information, see Collect diagnostics from a Windows device
For diagnostics to be able to upload successfully from the client, make sure that the URL
lgmsapeweu.blob.core.windows.net is not blocked on the network.
Windows Autopilot flow
Whether you're performing user-driven or self-deploying device deployments, the troubleshooting process is about the same. It's useful to understand the flow for a specific device:
- A network connection is established. The connection can be a wireless (Wi-fi) or wired (Ethernet) connection.
- The Windows Autopilot profile is downloaded. When you use a wired connection, or manually establish a wireless connection, the profile downloads from the Autopilot deployment service as soon as the network connection is in place.
- User authentication occurs. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
- Azure Active Directory join occurs. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials.
- Automatic MDM enrollment occurs. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (for example, Microsoft Intune).
- Settings are applied. If the enrollment status page is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in.
When an Internet-connected Windows device boots up, it will attempt to connect to the Autopilot service and download an Autopilot profile. The Autopilot profile is downloaded as soon as possible, and again after each reboot.
At this stage, it's important that an Autopilot profile exists in the tenant so that a blank profile isn't cached locally on the device. If necessary, you can retrieve a new Autopilot profile by rebooting the device.
If you need to reboot a computer during OOBE to retrieve a new Autopilot profile:
- Press Shift-F10 on the keyboard to open a command prompt window.
- In the command prompt window, enter one of the following two options:
shutdown.exe /r /t 0to restart immediately.
shutdown.exe /s /t 0to shut down immediately.
For more information, see Windows Setup Command-Line Options.
Key troubleshooting activities
For troubleshooting, key activities to perform are:
- Review configuration: Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in Windows Autopilot configuration requirements?
- Check network connectivity: Can the device access the services described in Windows Autopilot networking requirements?
- Autopilot out-of-box experience (OOBE) behavior: Are the expected OOBE screens displayed? Is the Azure AD credentials page customized with organization-specific details as expected?
- Azure AD join issues: Is the device able to join Azure Active Directory?
- MDM enrollment issues: IS the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
- Review logs that are automatically collected upon Autopilot failure. For more information, see Collect diagnostics from a Windows device.
See the following topics for help with troubleshooting specific issues:
- Troubleshoot device enrollment
- Troubleshoot OOBE issues
- Troubleshoot AAD join issues
- Policy conflicts
- Collect diagnostics from a Windows device
- Known issues
Submit and view feedback for