ערוך

שתף באמצעות


Create device groups for Windows Autopilot

Note

HoloLens 2 devices require Windows Autopilot self-deploying mode. For more information about using Windows Autopilot to deploy HoloLens 2 devices, see Windows Autopilot for HoloLens 2. Assign to User isn't applicable for self-deployment Autopilot mode on HoloLens 2.

Create an Autopilot device group using Intune

  1. In the Microsoft Intune admin center, select Groups > New group.

  2. In New Group, configure the following properties:

    • Group type: Select Security.

    • Group name and Group description: Enter a name and description for the group.

    • Microsoft Entra roles can be assigned to the group: Select No, Microsoft Entra roles aren't assigned to this group.

      For more information, see Use cloud groups to manage role assignments in Microsoft Entra ID.

    • Membership type: Select how devices become members of this group. Select Dynamic Device. For more information, see Add groups to organize users and devices.

    • Owners: Select users that own the group. Owners can also delete this group.

    • Dynamic device members: Select Add dynamic query > Add expression.

      Create rules using Autopilot device attributes. Autopilot devices that meet these rules are automatically added to the group. Creating an expression using non-autopilot attributes doesn't guarantee that devices included in the group are registered to Autopilot.

      When creating expressions:

      • To create a group that includes all of the Autopilot devices, enter: (device.devicePhysicalIDs -any (_ -startsWith "[ZTDid]")).

      • Intune's group tag field maps to the OrderID attribute on Microsoft Entra devices. To create a group that includes all Autopilot devices with a specific group tag (the Microsoft Entra device OrderID), enter: (device.devicePhysicalIds -any (_ -eq "[OrderID]:179887111881")).

      • To create a group that includes all the Autopilot devices with a specific Purchase Order ID, enter: (device.devicePhysicalIds -any (_ -eq "[PurchaseOrderId]:76222342342"))

      Save the expressions.

  3. Select Create.

Note

Anything assigned to these attributes is only assigned if the device is registered with Autopilot.

For a detailed tutorial on creating a device group for each of the Windows Autopilot scenarios using Intune, see the following links:

Add devices

The dynamic device group that includes Autopilot devices automatically adds existing Autopilot devices to the device group. To manually add new devices as Windows Autopilot devices using a CSV file so that they become part of the device group, see Manually register devices with Windows Autopilot.

Assign a user to a specific Autopilot device

A licensed Intune user can be assigned to a specific Autopilot device. For supported OEMs, this assignment will:

  • Pre-populate the Microsoft Entra user Principal Name (UPN) under the pre-provisioning landing page and Microsoft Entra sign-in page.
  • Allows setting of a custom greeting name.

For more information including a list of supported OEMs, see Return of key functionality for Windows Autopilot sign-in and deployment experience.

Note

Assigning a licensed user to a specific Autopilot device only affects pre-populating the UPN and setting of a custom greeting name. It doesn't affect assigned policies and applications that are deployed to the device or to the user. The assigned policies and applications are still deployed regardless of the OEM. For more information, see Windows Autopilot for pre-provisioned deployment.

Important

Assigning a user to a specific Autopilot device doesn't work if using Active Directory Federation Services (ADFS).

  1. Sign into the Microsoft Intune admin center.

  2. In the Home screen, select Devices in the left hand pane.

  3. In the Devices | Overview screen, under By platform, select Windows.

  4. In the Windows | Windows devices screen, under Device onboarding, select Enrollment.

  5. In the Windows | Windows enrollment screen, under Windows Autopilot, select Devices.

  6. In the Windows Autopilot devices screen, select a device, and then in the toolbar select Assign user.

  7. Select a Microsoft Entra ID user licensed to use Intune and select Select.

  8. In the User Friendly Name box, enter a friendly name or just accept the default.

  9. Select Save.

For a detailed tutorial on assigning a user for each of the Windows Autopilot scenarios via Intune, see the following articles:

Using Autopilot in other portals

If there isn't interest in mobile device management (MDM), Autopilot can be used in other portals. While using other portals is an option, Microsoft recommends only using Intune to manage Autopilot deployments. When Intune is used with another portal, Intune isn't able to:

  • Display changes to profiles created in Intune, but edited in another portal.
  • Synchronize profiles created in another portal.
  • Display changes to profile assignments done in another portal.
  • Synchronize profile assignments done in another portal.
  • Display changes to the device list that were made in another portal.

Windows Autopilot for existing devices

When enrolling Windows devices via Autopilot for existing devices, a correlator ID can be used to group the Windows devices. The correlator ID is a parameter of the Autopilot configuration file. The Microsoft Entra device attribute enrollmentProfileName is automatically set to equal OfflineAutopilotprofile-<correlator ID>. Arbitrary Microsoft Entra dynamic groups can be created when using the correlator ID from the enrollmentprofileName attribute.

Warning

Because the correlator ID isn't pre-listed in Intune, the device might report any correlator ID they want. If the user creates a correlator ID matching an Autopilot or Apple ADE profile name, the device is added to any dynamic Microsoft Entra device group based off the enrollmentProfileName attribute. To avoid this conflict:

  • Always create dynamic group rules matching against the entire enrollmentProfileName value.
  • Never name Autopilot or Apple ADE profiles beginning with OfflineAutopilotprofile-.

If all devices in the groups should automatically register to Autopilot, in any Autopilot profiles assigned to the groups, set the setting Convert all targeted devices to Autopilot to Yes. All non-Autopilot devices in assigned groups register with the Autopilot deployment service. Allow 48 hours for the registration to be processed. When the device is unenrolled and reset, Autopilot enrolls it again. After a device is registered in this way, disabling this setting or removing the profile assignment won't remove the device from the Autopilot deployment service. The device must be removed by deregistering the device from Autopilot. For more information on how to properly deregister a device, see Deregister a device.

For a full tutorial on Windows Autopilot for existing devices, see the following article:

Next steps

After a device group is created, a Windows Autopilot deployment profile can be configured and deployed to each device in the group. Deployment profiles determine the deployment mode, and customize the OOBE for the end users. For more information, see Configure deployment profiles.

For a detailed tutorial on configuring and assigning a Windows Autopilot deployment profile, see the following articles. Each article has detailed instructions on configuring and assigning a Windows Autopilot deployment profile in Intune for each of the Autopilot scenarios:

For more information about managing Windows Autopilot devices, see What is Microsoft Intune device management?.