Windows Autopilot, a New Era.
“Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows Autopilot to reset, repurpose and recover devices”
(Windows IT Pro Center)
Back in My Day
The operating system that first graced my eyes with its magnificence was Windows XP. I was in high school at the time aged about 13 or so and I couldn’t help but notice how closely the computer rooms where guarded by the two I.T guys the school employed. We gave them names, “Ad” and “Min”, creative I know. They never spoke to students, wore white lab coats and would crucify you (by remotely locking your PC) if you dared stray into a folder or settings you were strictly forbidden from. To us, they were computer Gods that plugged themselves into the Matrix instead of going home at 3:30pm Mon – Fri.
Years later, whilst in a bar not too far away from my school (and definitely over the age of 18) I bumped into one the guys (it was “Min”) and we had quick chat.
To cut a long story short, I asked Min “Why did you and ‘Ad’ guard those computer rooms with your lives?”
His response was simple “You have no idea how long it takes to set up a PC, or how long it takes to fix one do you?” I had no idea what he was on about, sarcastically I pretended I knew and returned to my friends for the rest of the evening.
I started my I.T career 18 months later.
The Battle of Sysprep:
With my eyes wide open and shuddering with excitement, I started my I.T career. The likes of System Center Configuration Manager (ConfigMgr), Microsoft Deployment Toolkit (MDT), Windows Automated Installation Kit (AIKs) and Device Drivers quickly sunk their claws into me and drained my youthful exuberance in a matter of months. I was assigned to the Desktop Support “Team” (Squadron would have been cooler). We had one mission, make Windows operating systems stick to the hard drives of computers.
At the time we needed a “Gold” image to remove the noise or “bloatware” if you prefer, installed by the hardware manufacturers. A common requirement, right? This is what we did 9 years ago.
Once this spider’s web of technical gymnastics was complete, you’re in a position to deploy Windows at a basic level. No one really complained about the process, because at the time, it’s all we had to go by, best practices were being applied, the end users weren’t bamboozled by the manufactures very helpful “tools” and we had a clean “Gold” image. All was well.
But, this is I.T we’re talking about after all, change and more change in technology has become an occupational hazard. The Windows desktop has never seen more change than that introduced with Windows 8, 8.1 and 10. However, the deployment methods of operating systems have largely stayed the same.
The process of capturing a Windows operating system and getting it ready for deployment isn’t something you cobbled together in an afternoon. it took a serious amount of time, it’s not straight forward, (at first) it’s a pain to maintain due the amount of moving parts and the likelihood of keeping Windows images up to date, is well simply put, slim.
If we take a step back, here’s the logic and the steps we took to meet our criteria 9 years ago;
- Purchase computers that came prebuilt with an operating system.
- Spend time creating an operating system image to replace the operating systems that are already installed on the computers you have just purchased.
- Install applications (or cheat and have your applications welded onto the captured operating system)
Now, once upon a time this made perfect sense. Then in no particular order, Windows 10 happened, Azure happened, Intune happened, Office 365 happened. The winds of change swooped in like summer breeze cooling the sweat on the brows of I.T departments everywhere.
A New Horizon Awaits
Let’s recap, so far we’ve talked about the old ways of getting into a position to deliver Windows and what that meant almost a decade ago. Now, we can start looking down the rabbit hole that is Windows 10 and talk about Windows Autopilot.
Why do I need to know about Windows Autopilot and what will I gain?
- No need to create a Windows 10 image, devices are typically shipped with an Original Equipment Manufacturer (OEM) Windows 10 operating system already installed
- T assigns a Pro or Enterprise Windows 10 license to a user
- End users require an internet connection, corporate (Azure Active Directory (AD) Account) email address and password, two clicks of the mouse and they are ready to go.
- No requirement to connect to the corporate network, any viable internet connection is perfectly acceptable.
- Security settings (yes, including encryption), applications and Windows Updates are applied by Intune
- T simply and easily automates the end users Windows 10 adoption experience and deliver a fully automated and cloud driven Windows 10 desktop solution to the business.
- For higher levels of control I.T can use the Windows Configuration Designer to automate the process further.
The process described above is detailed here:
What does Windows Autopilot allow me to do?
- One fundamental aspect of Windows Autopilot allows I.T to register hardware directly to the organisation
- Your hardware vendor can aid this process or I.T can handle this aspect as part of the procurement process
- Devices are automatically joined to Azure AD
- Devices are automatically enrolled into Intune
- End users enrolled via Windows Autopilot can be restricted from obtaining local administrator access
- T can provide a custom Out of Box Experience (OOBE) relevant to your business
Food For Thought
A few areas that are worth mentioning beyond the meat and potatoes discussed above is the flexibility that’s available using this cloud service and are as follows;
- Integration with current desktop management platforms like ConfigMgr will allow I.T departments to deliver Windows 10 whilst still maintaining traditional management capabilities.
- Customisation of the Windows 10 look and feel is something that shouldn’t be overlooked and can be applied to the following via Intune
- Customised desktop backgrounds
- Customised desktop lock screens
- Customised Windows 10 Start Menu
- Applying the organisations traditional Windows 10 image (for political or compliance purposes) and using Windows Autopilot to smooth the end user experience can also be adopted.
Microsoft has hinted at a few items on the roadmap that’s likely to entice more business towards the service. They are as follows;
- Support for traditional AD joining of devices
- Assign a device to specific user for much friendlier and personal experience
- Specify the computer (or host) name of Autopilot devices
- Apply Multifactor Authentication for increased security and better identifying the end user
- Fully automated device setup, aimed at frontline and kiosk devices
Next Steps and Conclusions
If we boil it down, the entire purpose of this service is to reduce complexity, save time, automate the desktop experience and simplify the adoption of Windows 10. I argue that in part it does very much what it says on the tin.
Does it tick every box? No. As mentioned I.T cannot domain join devices, give a host name and you are limited to deploying applications and policy from Intune only in a cloud centric configuration. But that’s not the point, it’s about moving in the right direction, as with most cloud services they are almost never fully completed and ready to go, they evolve over time.
For more information please see the following: https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot
Ultimately Windows Autopilot allows business and people to save the most important asset we have. Time.