12 June 2024

Autopilot Device Preparation - Part 2 - Getting started

 In this blog post I will look at the steps in setting up Autopilot Device Preparation (ADP).

I will start with creating the groups, and then create the ADP profile.

User security group

The ADP profile will be targeted a User security group.
This is just an ordinary Entra ID security group, where the Membership type can be either Assigned or Dynamic User.
As this is a test, I’ve chosen Assigned, and added my test users.

Device security group

Then we need to configure a device group for the “just-in-time enrollment grouping”.
When you enroll your device with ADP, the device automatically becomes a member of this “just-in-time enrollment group”.

So, in Entra ID, create a new security group where Membership type is Assigned.
The important thing here, is to add an Owner.
As owner, add “Intune Autopilot ConfidentialClient” (It may have a display name of “Intune Provisioning Client, make sure that the service principal ID for the is f1346770-5b25-470b-88bd-d5744ab7952c)

Windows Autopilot device preparation

Now we are ready to create the ADP profile.
In the Intune portal, go to Devices > Enrollment > Device preparation policies

Here we choose Create

On the Introduction page, click on Next.


Fill in the name for the policy and click Next

Device Group

Enter the previously created device group and click Next

Configuration settings

This page has 4 configuration parts

Deployment settings

Not much to configure here, as ADP only supports Single user, User driven and Azure AD joined at the moment. But you can choose if the user can be an administrator or Standard user.

Out-of-box experience settings

Minutes allowed before showing installation eror:
Default is 30 minutes. Enter a number of minutes that you are sure are enough for setup and installation of Apps.


Add the apps you want to be installed during OOBE.
These apps should be assigned to the device group.
There can be multiple apps assigned to the device, but the apps selected here will be installed during OOBE, the rest of the apps will not be installed until the user logs in.


Like Apps, you can select sripts you want to be ran during the OOBE.

Scope tags

Here you add additional scope tags.


Enter the user group created earlier

Hit Save and we are through and ready to go.

In next blog post I will go through the User experience.

No comments:

Post a Comment