Pre-provision devices using Autopilot

  • 8 minutes

Windows Autopilot pre-provisioning enables partners or IT staff to prepare a Windows device so that it's fully configured and ready for business use before it's delivered to the end user. From the end user's perspective, the Windows Autopilot user-driven experience remains the same, but the time required to reach a fully provisioned state is significantly reduced.

Instead of completing the entire provisioning process when the user powers on the device, the deployment process is divided into two phases. During the technician phase, time-consuming tasks such as installing device-targeted applications and applying policies are completed by IT staff. During the user phase, final user settings and user-targeted policies are applied when the user powers on the device and signs in.

The process for configuring a pre-provisioned deployment is as follows:

  1. Enable the Allow pre-provisioned deployment option in the desired Autopilot profile.
  2. Start the device and allow it to enter the Windows out-of-box experience (OOBE).
  3. At the first OOBE screen, press the Windows key five times to open the Autopilot provisioning workflow.
  4. In the additional dialog options, select Windows Autopilot provisioning.
  5. Verify the device information.
  6. Select Provision to begin provisioning the device.
  7. When the process is complete, select Reseal.

The device can then be delivered to the user. When the user receives the device, they simply power it on, connect to a network, select regional and keyboard settings, and sign in with their organizational account.

Pre-provisioned deployment requires a supported version of Windows 10 or Windows 11 and a supported mobile device management solution such as Microsoft Intune. The device must support TPM 2.0 and device attestation, and virtual machines aren't supported. Access to an on-premises domain isn't required during the pre-provisioning phase. Internet connectivity is required, and for Microsoft Entra hybrid join scenarios, connectivity to a domain controller is required during the user sign-in phase.