Cloud Managed Desktop: Provisioning Package + AutoPilot

Cloud Managed Desktop: Provisioning Package + AutoPilot

As we look at the new Modern Management paradigm, leveraging Azure Active Directory and Intune to manage Windows 10 devices on the go, one of the challenges is onboarding the device in a simple and convenient way.  With Windows AutoPilot, we can input device-specific information from the manufacturer ahead of time and apply a configuration profile to those machines.  The result is a more customized and branded OOBE wizard…but there are still some things that we may want to do like renaming the machine and removing manufacturer bloatware.  Moreover, in a Choose Your Own Device scenario we may not have the system information ahead of time, and the user may even have already unboxed it and run through OOBE on their own.

One simple way to draw this remote system into the Modern Management paradigm is by leveraging Provisioning Packages.  Two of the options we want are available in the simple provisioning wizard: the option to rename the computer, and the option to remove pre-installed applications (ie, bloatware).  However, we also want to have the user run through the OOBE wizard again, and to do that we need to open the Advanced Editor.

Here we have the Computer name setting (in this case using a prefix and appending the serial number):

image

Next it the option to remove preinstalled software (perform a “reset”):

image

And finally, we want to enable OOBE during startup after the reset:

image

Once we export this PPKG file, we can run it on our Windows 10 machine and initiate the process of resetting the Windows installation and rerunning the OOBE wizard (depending on our situation, we may use this script my Michael Niehaus to generate the information we need ahead of time for AutoPilot configuration):

image

image

An interesting change using this method is that you are presented with an additional License Agreement screen that doesn’t show if you just do a clean media build:

image

As we continue through the OOBE wizard, the registration of the device with AutoPilot picks right up and presents us with a branded login screen:

image

Once the OOBE finishes and we finalize the reset, we can see that it’s prepped to rename the system at the next restart:

image

So now have a solution to take a machine with bloatware and trialware, reset it to a clean Windows 10 build (while still keeping the manufacturer’s drivers), rerun the OOBE wizard, presented the users with a branded login screen and customized experience, join Azure AD, auto-enroll in Intune, and ultimately provision it for cloud-based management.

More and more features are being added to support this scenario on a regular basis, so check back for updates!

Leave a Reply

Your email address will not be published. Required fields are marked *