Windows Autopilot enrollment

IBM® MaaS360® integrates with Microsoft Entra ID to allow administrators to configure and enroll Windows devices (Windows desktops, tablets, phones) with Autopilot. IT administrators can enroll new or repurposed devices to configure or maintain custom operating systems according to corporate requirements.

Before you begin

Note: Due to Microsoft’s deprecation of the Business Store as given in Microsoft Store for Business and Education retiring March 31, 2023 - Microsoft Lifecycle, the Windows Autopilot enrollment is impacted. You can use the Windows Out of Box Experience (OOBE) enrollment method to automatically enroll Windows devices into IBM MaaS360 when the users register by using Microsoft Entra. For more information, see Windows Out of Box Experience (OOBE) enrollment.

About this task

Follow the steps to use Windows Autopilot with MaaS360.

Procedure

  1. Install the Get-WindowsAutoPilotInfo script (Install-Script -Name Get-WindowsAutoPilotInfo) from https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/2.5 by opening a PowerShell session as an administrator.
    • Type Y when prompted with the following question: "installation path 'C:\Program Files\WindowsPowerShell\Scripts' to the PATH environment variable?"
    • Type A after the following prompt: "You are installing the scripts from an untrusted repository" to install scripts from PSGallery.
  2. Run Get-WindowsAutoPilotInfo.ps1 -OutputFile c://exportAutoPilot.csv to export the device details to a CSV file.
    If you receive the following error FullyQualifiedErrorId : UnauthorizedAccess while running the Get-WindowsAutoPilotInfo.ps1 -OutputFile c://exportAutoPilot.csv run set-executionpolicy remotesigned command, running scripts are disabled on the system. For more information, see About Execution Policies at https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-6.
  3. To provide access, run set-executionpolicy remotesigned.
    Type A when prompted with a policy change question. For more information, see the security risks that are described in the About Execution Policies: Change the execution policy help topic at https://go.microsoft.com/fwlink/?LinkID=135170.
  4. To export device details, run Get-WindowsAutoPilotInfo.ps1 -OutputFile <filepath>/<file_name>.csv.
  5. Before you add device details in the Microsoft Entra directory, configure enrollment details, and then follow the steps.
    1. Use your Microsoft Entra account ID to log in to https://businessstore.microsoft.com/en-us/store.
    2. Go to Manage > Devices, and click Add Devices.
    3. Upload the exported file and, if you are using the file for a Group, name the file.
    The device details are now uploaded to the Microsoft Entra account.
  6. Log in to the Microsoft Entra ID directory at https://entra.microsoft.com/.
  7. Go to Microsoft Entra Active Directory > All Devices to view all the devices that are added to the Microsoft Entra directory.
    1. Check the Enabled column as No. The value of the column changes after the device is enrolled.
  8. Click Windows and go to Settings > Update & Security > Recovery. From the Reset this PC section, click Get started.
  9. Provide the Microsoft Entra user details to enroll the device.
    For more information, see https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot and https://docs.microsoft.com/en-us/microsoft-365/business/add-autopilot-devices-and-profile.