Windows Autopilot enrollment

MaaS360® integrates with Azure AD to allow administrators to configure and enroll Windows devices (Windows desktops, tablets, phones) with Autopilot. IT administrators can enroll new or repurposed devices to configure or maintain custom operating systems according to corporate requirements.

Before you begin

A Windows Professional, Enterprise, or Education device (physical or virtual) with version 1703 or later connected to the internet.
Read the topics in the Integrating Azure AD with MaaS360 section on the MaaS360 Documentation site at https://www.ibm.com/support/knowledgecenter/SS8H2S/com.ibm.mc.doc/pag_source/concepts/pag_azure_integration.htm.
Users or Groups must have permissions to join devices to Azure AD. You can either allow a specific group if the group is already created and applied or you can allow all users.
A working Azure AD tenant and an Azure AD admin account that you can log in to https://portal.azure.com.
A Microsoft Business Store account that you can log in to https://businessstore.microsoft.com/en-us/store.
- Your Windows devices must be pre-registered in the Microsoft Store for Business portal at https://businessstore.microsoft.com/en-us/manage/dashboard.

About this task

Follow the steps to use Windows Autopilot with MaaS360.

Procedure

Install the Get-WindowsAutoPilotInfo script (Install-Script -Name Get-WindowsAutoPilotInfo) from https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/2.5 by opening a PowerShell session as an administrator.
- Type Y when prompted with the following question: "installation path 'C:\Program Files\WindowsPowerShell\Scripts' to the PATH environment variable?"
- Type A after the following prompt: "You are installing the scripts from an untrusted repository" to install scripts from PSGallery.
Run Get-WindowsAutoPilotInfo.ps1 -OutputFile c://exportAutoPilot.csv to export the device details to a CSV file.
If you receive the following error FullyQualifiedErrorId : UnauthorizedAccess while running the Get-WindowsAutoPilotInfo.ps1 -OutputFile c://exportAutoPilot.csv run set-executionpolicy remotesigned command, running scripts are disabled on the system. For more information, see About Execution Policies at https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-6.
To provide access, run set-executionpolicy remotesigned.
Type A when prompted with a policy change question. For more information, see the security risks that are described in the About Execution Policies: Change the execution policy help topic at https://go.microsoft.com/fwlink/?LinkID=135170.
To export device details, run Get-WindowsAutoPilotInfo.ps1 -OutputFile <filepath>/<file_name>.csv.
Before you add device details in the Azure directory, configure enrollment details, and then follow the steps.
1. Use your Azure account ID to log in to https://businessstore.microsoft.com/en-us/store.
2. Go to Manage > Devices, and click Add Devices.
3. Upload the exported file and, if you are using the file for a Group, name the file.
The device details are now uploaded to the Azure account.
Log in to the Azure directory at https://portal.azure.com.
Go to Azure Active Directory > All Devices to view all the devices that are added to the Azure directory.
1. Check the Enabled column as No. The value of the column changes after the device is enrolled.
Click Windows and go to Settings > Update & Security > Recovery. From the Reset this PC section, click Get started.
Provide the Azure user details to enroll the device.
For more information, see https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot and https://docs.microsoft.com/en-us/microsoft-365/business/add-autopilot-devices-and-profile.