Windows AutoPilot is one of the most underrated cloud technologies currently available, quietly transforming how fast and easy our Windows 10 devices are set up, deployed and delivered to users.
Amidst the big news at Microsoft Ignite 2018 were several new features announced for AutoPilot; whereas the last few months of updates have focused on improving the 'zero-touch' experience, Ignite has put the spotlight on long-requested new capabilities like Hybrid Azure AD Join, which will enhance user-driven cloud deployment further.
The team at Xello have picked our top Windows AutoPilot feature announcements from Microsoft Ignite, which went into public release with the Windows 10 October 2018 Update (Version 1809) - and explain how they're making the program even more essential to adopt and achieve a more modern device provisioning and deployment pipeline.
Windows AutoPilot Hybrid Azure AD join support is now here
By far the biggest new feature announced for Windows AutoPilot is official support for Hybrid Azure AD.
As a cloud-powered process and technology, Windows AutoPilot is heavily dependent on Azure Active Directory (AAD) to get the job done. Thankfully, for businesses still reliant on Active Directory (AD) for your on-premises networks, you will no longer need to overhaul your identity management right away before adopting AutoPilot.
Windows AutoPilot's new Hybrid Azure AD join support feature enables user-driven deployments to join their Windows devices to either AD (existing on-premises ID management) or AAD (cloud-based identity management).
Previously, any device registered in the Windows AutoPilot Deployment Program:
- Required an Azure AD Premium subscription (P1 or P2) to be eligible
- Automatically was joined to Azure AD
- Required Microsoft Intune MDM auto-enrolment in Azure AD
Now, your system admins can choose to join devices to either AD or AAD - or join any device to an on-premises AD (using an Offline Domain Join connector and a VPN connection) and then join it to Azure AD while still maintaining access to on-premises resources that require local authentication.
The new capability released alongside Windows 10, version 1809 and allows organisations to opt to use their on-premises directory services to store their identities and groups - while still leveraging AutoPilot's modern device deployment benefits - and provides more time to prepare for a future move to Azure cloud identity management.
Need help setting up Hybrid Azure AD join with Windows AutoPilot? Our Windows AutoPilot Assessment provides a detailed walkthrough for businesses seeking to leverage Hybrid Azure AD with their AutoPilot device deployment. Speak to our team today for more information.
What is Hybrid Azure AD join?
For those unfamiliar, Hybrid Azure Active Directory Join is an extension to registering a Windows device - the process to automatically register your on-premises domain-joined devices with Azure AD.
Typically, organisations use the domain join to their on-premises Active Directory to help their IT teams manage all work-owned devices from one place, and so users can sign in to their devices with their AD work or school account.
Hybrid Azure AD join is the main option for businesses who still rely on on-premises hardware but want to begin leveraging the capabilities of Azure Active Directory. For example, if you're still using Group Policy (GP) to manage your devices or have Win32 apps on these devices relying on AD machine authentication, but also want to use SSO.
Why does Windows AutoPilot Hybrid Azure AD join support matter?
With devices in the Windows AutoPilot program now able to be joined to your on-premises Active Directory thanks to official Hybrid Azure AD join support, organisations can continue to use local AD tools like Group Policy (GP) and System Center Configuration Manager (SCCM) to manage their Windows work devices.
Hybrid Azure AD allows Windows AutoPilot devices to also be registered with Azure AD, letting system admins use and take advantage of both cloud-based and on-premises identity management features for work devices like:
- Conditional Access (CA)
- Mobile Device Management (MDM)
- Pass-through Authentication (PTA)
- Single Sign On (SSO)
Combined with Windows AutoPilot's many perks, your end-users can get set up with their new work devices faster and your IT department can leverage a range of identity management tools for centralised device management.
In summary, Windows AutoPilot now supports Hybrid Azure AD Join, and makes it possible to manage AutoPilot devices with existing AD tools like GPOs and SCCM. It also enables organisations who still have a big on-premises AD footprint to enrol with Windows AutoPilot, while planning for a future migration to a modern digital workplace.
You can now upgrade Windows 7 devices to Windows 10 with AutoPilot
Do you still have work devices on Windows 7 that need an upgrade?
Windows AutoPilot will now allow organisations to use System Center Configuration Manager to directly take existing devices still using Windows 7 OS into Windows 10 - which is a huge game-changer for fast modernisation.
After upgrading to Window 10, these devices can be configured and taken through the Windows AutoPilot deployment process as normal after they are fully booted.
AutoPilot now makes it easier for Windows 7 users to upgrade
The announcement may be low-key compared to the other new services announced at Ignite, but an even easier migration to the latest Windows environment cannot be understated, especially when it also gives organisations with outdated hardware a faster, streamlined pathway towards a modernised device deployment pipeline.
It's especially helpful if you have a large number of existing Windows 7 devices you need re-purposed for new users in your organisation - you can knock out an OS upgrade and modernise your device deployment in one go.
Ultimately, AutoPilot will be better able to empower businesses to upgrade older, perfectly capable devices from an obsolete OS to the latest and greatest and get everything in a business-ready state for new users more efficiently.
Assign specific users to a Windows AutoPilot device
You can now assign a specific user to a specific Windows AutoPilot device.
System administrators can now ensure a particular user can get a customised greeting name with Windows AutoPilot, with all settings and configuration pre-filled and added during the fast-tracked Windows setup process.
- Head to the Intune Azure Portal and select Device Enrolment.
- Navigate to Windows Enrolment, then Devices and choose the device.
- Assign an Azure user licensed to use Intune and choose 'Select'.
- Enter your custom name in the 'User Friendly Name' box and click ok.
You must have Azure Active Directory and Azure Directory Company Portal set up for this particular capability, as the feature prefills a user from their Azure AD details in the company-branded sign-in page during the Windows Setup.
In addition, only users licensed to use Intune may be assigned via this method.
Windows AutoPilot for specific users is one step forwardIt may seem like a smaller feature compared to the rest, but being able to assign specific users for specific devices is one of the most requested capabilities from businesses currently using AutoPilot - and another key step forward towards enhancing the user-driven device deployment process.
Windows Autopilot gets more official support from major hardware vendors
Windows AutoPilot has been a quiet achiever for the past few months, but it's clear major OEMs and vendors are rightly paying attention to its capabilities and potential. At Microsoft Ignite 2018, several new and major device manufacturers officially announced their support for the AutoPilot program, including:
- Microsoft Surface
These big names join Dell and Lenovo, who had previously provided their support for the Windows AutoPilot Deployment Program earlier this year.
From November 30, 2018, Dell is also going a step further and will now register and pre-configure any purchased devices in the program at no additional cost (applicable globally) when it is ordered with Dell commercial PCs.
Why should anyone care?
The growing number of OEMs and vendors becoming part of the AutoPilot supply chain integration will encourage more Windows 10 OEMs and hardware vendors to integrate Windows AutoPilot into their supply chain and fulfilment systems, ensuring devices are automatically registered in the program once your purchase is finalised.
This makes registration of Windows AutoPilot devices closer to the touted 'zero-touch', 'zero IT' benefits that have been teased with each new Windows AutoPilot update, as everything's now set up for you by the vendors/OEMs.
Windows AutoPilot: What's next?
Windows 10 October 2018 Update (Version 1809) is undoubtedly set to make Windows AutoPilot even better.
With more expanded capabilities and manufacturers jumping on-board the Windows AutoPilot train, it's about to become infinitely easier to order new work devices and have them automatically enrolled in AutoPilot, pre-configured to our particular setting and policies preferences, and ready-to-use for business as soon as they are delivered.
Xello are experts in helping organisations of all sizes leverage Windows AutoPilot for a more modern device deployment pipeline - we've compiled a list of resources to help you get started on learning its many benefits.
- What is Windows AutoPilot zero-touch deployment?: A deeper look into the 'zero-touch' benefits of Windows AutoPilot and how it's simplifying device provisioning.
- Top Windows AutoPilot benefits: Discover the biggest business benefits to using AutoPilot to achieve an easier and faster device deployment pipeline with our guide, updated when new capabilities are released.