Use Windows Configuration Designer

  • 3 minutes

The Windows Assessment and Deployment Kit (Windows ADK) includes a tool called Windows Configuration Designer which you can use to create provisioning packages.

Screenshot of the Windows Configuration Designer. Shows a project called Project1 open with the Computer Account option in the left view, with fields for Account, AccountOU, ComputerName, DomainName, and Password in the right view.

You can use the Windows Configuration Designer wizards to configure the following settings:

Step

Description

Desktop wizard

Mobile wizard

Kiosk wizard

Set up device

Assign a device name, enter the product key to upgrade Windows, configure shared use, and remove preinstalled software

Yes

Only device name and upgrade key

Yes

Set up network

Connect to a wireless network

Yes

Yes

Yes

Account management

Enroll the device in Active Directory Domain Services (AD DS), enroll the device in Microsoft Entra ID, or create a local administrator account

Yes

-

Yes

Bulk enrollment in Microsoft Entra ID

Enroll the device in Microsoft Entra ID before you use a Windows Configuration Designer wizard

-

Yes

-

Add applications

Install applications by using the provisioning package

Yes

-

Yes

Add certificates

Include a certificate file in the provisioning package

Yes

-

Yes

Configure kiosk account and app

Create a local account to run the kiosk mode app, and specify the app to run in kiosk mode

-

-

Yes

Configure kiosk common settings

Set tablet mode, configure welcome and shutdown screens, and turn off timeout settings

-

-

Yes

You can apply a provisioning package during Windows 10 or Windows 11 deployment or after the OS installation.

Microsoft Entra join with automatic MDM enrollment

The Microsoft Entra / MDM dynamic provisioning method is also cloud-driven and is also based on Microsoft Entra ID P1 or P2 and Microsoft Intune. After you enroll a device in Intune MDM, the MDM enforces compliance with your corporate policies, adds or removes apps, and much more. In addition, the MDM can report a device’s compliance to Microsoft Entra ID; this enables Microsoft Entra ID to allow access to corporate resources or applications secured by Microsoft Entra-only to devices that comply with policies.

Using Microsoft Entra ID / MDM, you can:

  • Join devices to Microsoft Entra ID automatically
  • Auto-enroll your users’ devices into MDM services
  • Configure the joined devices by using MDM policies

The requirements for implementing the Microsoft Entra / MDM deployment model are:

  • Windows 10/11 Pro or Enterprise edition
  • An instance of Microsoft Entra ID for identity management
  • An appropriate MDM, such as Microsoft Intune