Microsoft Intune Autopilot Zero-Touch Deployment for Windows 10/11

In today's modern workplace, IT administrators seek efficient ways to deploy Windows devices without requiring physical intervention. Microsoft Intune Autopilot provides a zero-touch deployment experience, streamlining the setup process for new devices. This article will cover two deployment methods:

1. Using a Command Prompt (CMD) to Get the Hardware Hash and Manually Uploading It to Intune

2. Adding a Vendor to Register Devices Automatically in Autopilot (Recommended for geographically dispersed offices and business continuity planning, such as during a pandemic.)

What Is Windows Autopilot?

Windows Autopilot is a cloud-based deployment technology that enables organizations to configure and provision Windows 11 devices with minimal IT involvement. With Autopilot, new devices can be shipped directly to users, who only need an internet connection to set up their device according to organizational policies.

Method 1: Manually Collecting and Uploading the Hardware Hash

This method is ideal for organizations with a small number of devices or those that do not have vendor integration enabled.

Step 1: Boot the Device into Windows Setup

1. Start the Windows 11 device and press Shift + F10 when on the first Out-of-Box Experience (OOBE) screen.

2. A Command Prompt window will open.

Step 2: Extract the Hardware Hash

Run the following PowerShell command to capture the device's hardware identifier:

cmd c:\HWID Set-Location c:\HWID Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv

Note: If Get-WindowsAutopilotInfo.ps1 is not available, download the script from Microsoft’s PowerShell Gallery using:

Install-Script -Name Get-WindowsAutopilotInfo

Step 3: Upload the Hardware Hash to Intune

1. Sign in to the Microsoft Intune Admin Center.

2. Navigate to Devices > Windows > Windows enrollment > Devices.

3. Click Import and upload the AutopilotHWID.csv file.

4. Wait for the device to appear in the list (this may take some time).

5. Assign an Autopilot profile to the device.

Step 4: Create a Dynamic Device Group for Autopilot Devices

To manage devices automatically, create a dynamic Azure AD group that includes all Autopilot-registered devices:

1. Go to Azure Active Directory > Groups > New Group.

2. Select Security as the group type.

3. Choose Dynamic Device as the membership type.

4. Under Dynamic Membership Rules, enter the following rule:

   (device.devicePhysicalIDs -any _ -contains "[ZTDId]")

5. Click Save and create the group.

This dynamic group ensures that any new Autopilot device is automatically assigned relevant policies and profiles.

Step 5: Reset and Deploy the Device

Once the device is registered in Intune:

1. Reset the device to initiate the Windows Autopilot process by running:

systemreset -factoryreset

2. The device will now be automatically enrolled in Intune upon setup.

Method 2: Using a Vendor to Pre-register Devices in Autopilot (Recommended)

For organizations that frequently deploy devices across multiple locations or need an automated deployment process, partnering with an Original Equipment Manufacturer (OEM) or a reseller is the best option.

Step 1: Choose a Supported Vendor

Many device vendors, such as Dell, HP, Lenovo, and Microsoft Surface, support direct Autopilot registration. Confirm with your vendor that they offer Windows Autopilot pre-provisioning.

Step 2: Provide Your Tenant ID to the Vendor

The vendor will need your Azure AD Tenant ID to register devices to your organization.

• Find your Tenant ID in Azure AD > Overview.

• Share this Tenant ID with the vendor.

Step 3: Vendor Registers Devices Automatically

1. The vendor captures the hardware hash of all purchased devices.

2. They upload the data directly to Microsoft Intune under your tenant.

3. You will see the registered devices in Devices > Windows Enrollment > Devices in Intune.

Step 4: Assign an Autopilot Deployment Profile

1. Go to Devices > Windows Enrollment > Deployment Profiles.

2. Click + Create Profile and configure:

   • Deployment Mode: User-driven or self-deploying

   • Out-of-box Experience (OOBE) Settings: Hide unnecessary setup screens

   • User Account Type: Standard or Administrator

3. Assign the profile to the devices.

Step 5: End Users Receive a Ready-to-Use Device

Once the user unboxes and connects their device to the internet:

1. The device automatically checks in with Microsoft Intune.

2. The assigned Autopilot profile applies.

3. The user logs in, and all necessary apps, policies, and settings deploy automatically.

Why Vendor Registration Is the Best Approach

1. No Manual IT Involvement

With vendor registration, IT teams don’t need to manually collect and upload hardware hashes, reducing workload and deployment time.

2. Ideal for Geographically Dispersed Offices

If an organization has multiple office locations, direct vendor enrollment ensures that devices arrive pre-configured and ready to use, minimizing the need for IT staff to be physically present.

3. Business Continuity During a Pandemic or Remote Work

In the event of a pandemic, employees can receive new devices at their homes without requiring in-person IT setup, ensuring business continuity.

4. Faster Deployment and Scalability

Vendor registration allows bulk deployments without IT needing to touch each device. As a company grows, this method ensures seamless scaling.

Conclusion

Microsoft Intune Autopilot is a game-changer for Windows 11 deployments, reducing manual configuration and enabling a true zero-touch experience. While manually uploading hardware hashes works for smaller setups, integrating vendor registration provides a scalable, automated approach ideal for dispersed teams and modern workplaces.

By leveraging Autopilot, businesses can ensure efficient and secure deployments, freeing IT teams to focus on more strategic tasks. Ready to streamline your Windows 11 device deployments? Start implementing Autopilot today!

About the Author

Chris Romualdo is a Modern Workplace Engineer at Independent Timber Merchants Support Office in Auckland, New Zealand. With extensive experience in IT, he specialises in Microsoft 365, Intune, Teams Telephony, SharePoint, Power Automate, and Logic Apps. Passionate about technology and automation, Chris is dedicated to enhancing workplace efficiency through cloud solutions and modern device management strategies.

He focuses on streamlining IT operations, optimising endpoint security, and implementing zero-touch deployment solutions like Windows Autopilot. As an advocate for productivity and cost-effective IT management, Chris continuously explores innovative ways to simplify complex workflows while ensuring compliance and security.