Provisioning Windows devices with Windows Autopilot

Windows Autopilot helps IT admins prepare new devices for use by pre-configuring and making them ready for work within minutes of unboxing. With Windows Autopilot, enrolling and configuring Windows devices will become much simpler and faster. This device will be automatically enrolled in Hexnode when the user powers on the device for the first time. Autopilot enrollment allows new devices to be set up automatically with predefined configurations and policies. This is especially useful for large organizations that need to deploy a significant number of devices efficiently.

Step 1: Configuring Microsoft Entra ID in Hexnode

1. On your Hexnode UEM console, navigate to Enroll > Platform-Specific. Under Windows, choose Windows Autopilot.
2. Start by configuring Microsoft Entra ID and provide the Custom domain/Directory (Tenant) ID and then click on Configure.
3. Select either Allow self enroll or Map UPN to email address.
4. Under Scheduled sync choose how often the AD domain should be synced with Hexnode. Specify the hours and minutes at which the sync to be initiated. Also, choose the frequency of sync (Weekly/Daily).
5. Click Save.

Configuring Autopilot settings:

Policies are applied after enrollment. You can choose to associate policies with the devices from the Hexnode UEM console.

1. Under Configure Autopilot Settings, click Select Default Policy > Associate policies.
2. Select the policies that should be applied to the devices.
3. Click Save.
4. On the subsequent page, the MDM terms of use URL and the MDM discovery URL will be shown. These URLs are required when adding the Hexnode UEM app to the Microsoft Entra ID portal.

Step 2: Adding Hexnode UEM app to Microsoft Entra ID portal

1. Log in to your Microsoft Entra ID portal.
2. Click on the menu bar on the top left
3. Navigate to Microsoft Entra ID.
4. Navigate to the Mobility (MDM & WIP) tab within the Manage section. Click the + Add application option on the top and select Hexnode UEM app from the available applications.
5. The app will be added to the list.
6. Now click on the Hexnode UEM app from the list.
   Note:

   • To automatically install the Hexnode agent app on devices enrolled through Autopilot, make sure to enable the “Install Hexnode Service App Silently on Windows Devices” option in the Hexnode App Updates section under Admin > General Settings before enrollment. The installation process will begin automatically after 5 minutes.

     

   • If you haven’t enabled the “Install Hexnode Service App Silently on Windows Devices” option during enrollment, you can still manually trigger the installation of the Hexnode agent app by clicking the refresh button next to the Hexnode Service (Agent) App status in the Enrollment Details section of the Device Summary for that Windows device from the Hexnode UEM console.

     

   • Make sure the MDM user scope is set to:
   • ‘All’ or ‘Some’ for the Hexnode UEM app
   • And ‘None’ for the Microsoft Intune app

   Choosing the option ‘All’ allows all users to proceed with automatic enrollment for their Windows devices, whereas the option ‘Some’ lets you choose the groups that can automatically enroll the devices.
   

7. Copy the URLs for both MDM terms of use URL and MDM discovery URL from the Hexnode portal (Enroll > Platform-Specific > Windows > Windows Autopilot) and paste it here.

Step 3: Extracting the hardware IDs of the Windows devices

The next step is to extract the hardware IDs of the devices. You can get the hardware IDs of the devices using either of the following two ways:

• From vendor: You can get the hardware IDs from the vendor or reseller from where you have procured the devices. The vendor will provide you a CSV file that can be uploaded to the Microsoft Entra ID portal.
• Using script: If you want to enroll your devices to Autopilot, then you can use the script provided below. Please follow the steps below to extract the Hardware IDs.
  1. Copy this script file to the PC.
  2. Once copied, on the target device open the command prompt with administrator privileges and execute the PowerShell file.
     Script to fetch hardware hash IDs

     [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 New-Item -Type Directory -Path "C:\HWID" Set-Location -Path "C:\HWID" $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts" Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo -Force Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Confirm:$false -ForceBootstrap Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv Write-Host "`n Hardware Hash: " (Import-Csv AutopilotHWID.csv).{Hardware Hash}

     1 2 3 4 5 6 7 8 9 10

     [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 New-Item -Type Directory -Path "C:\HWID" Set-Location -Path "C:\HWID" $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts" Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo -Force Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Confirm:$false -ForceBootstrap Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv Write-Host "`n Hardware Hash: " (Import-Csv AutopilotHWID.csv).{Hardware Hash}

  Once the PowerShell file is executed, it generates a CSV file named AutopilotHWID.csv in the C:\HWID directory. This file is then copied to the current directory where the PowerShell script was run.

  This CSV file has 3 columns: Device Serial Number, Windows Product ID and Hardware Hash.

  You can also execute the above script using Hexnode’s Execute Custom Script remote action on a group of Windows devices and fetch the hardware IDs directly to the Hexnode console. Once the action is successful, you can view the fetched hardware IDs by clicking on the Show Output button corresponding to it on the Action History tab of the device.

Step 4: Uploading the Hardware IDs to Microsoft Intune admin center

Once you get the CSV file, the next step is to add it to the Microsoft Intune admin center. Follow the steps below:

1. Login into Microsoft Intune admin center.
2. Click Devices > Windows > Device onboarding > Enrollment.
3. Under the section Windows Autopilot, select Devices.

   

4. Click Import.
5. Upload the *.csv file obtained in Step 3 and click Import.

   

6. Once the CSV file is imported, the screen will be updated to show the devices that are imported from the CSV.

   

Step 5: Assign Users to hardware IDs

Once you have uploaded the hardware IDs, you can assign the users. This will make sure that only the assigned user can complete the enrollment on the Windows device using their credentials.

If you choose to assign a user, you need to make sure that the user is a licensed Intune user.

Follow the steps below to assign a user,

1. Navigate to Devices > By platform > Windows > Enrollment. Under the Windows Autopilot section, click on Devices.
2. Choose the device and click Assign user.

   

Step 6: Creating Deployment Profile

1. Login into Microsoft Intune admin center.
2. Navigate to Devices > Windows > Device onboarding > Enrollment.
3. Under the section Windows Autopilot, select Deployment profiles.

   

4. Select Create profile > Windows PC.

   

5. Provide a name and description for the profile and click Next.

   

6. Set up the Out-of-Box Experience (OOBE) on the next page.

   

7. In the following step, assign the profile to devices by selecting either Add groups or Add all devices.

   

8. Finally, review the configured settings, then click Create.

   

The newly created profile will be added to the list of Windows Autopilot deployment profiles.

Checking the Autopilot devices in the Hexnode portal

After creating the configuration profile, the details of the devices that are synced from your Microsoft Entra ID portal will be listed in the Hexnode UEM console under Enroll > Platform-Specific > Windows > Windows Autopilot. From this list, you can manage and associate the policies with devices. To modify/delete the Autopilot configuration, click on the Actions menu in the upper right corner.