Autopilot Device Preparation: First Contact

Patch My Pc | install & update thousands of apps

Are you anxiously waiting for the Autopilot V2 Announcement? APv2 has just been officially announced and has a nice new shiny name: Autopilot Device Preparation. With Autopilot Device Preparation announced formally, I can also start talking about it (a bit)

1. Introduction

I stumbled upon some new shiny DLL files inside the Intune Management Extension (IME) Folder a few months ago (or maybe more than a half year). In addition to the new DLL files, something called APv2 was also mentioned in the IME logs. As shown below, the IME detected the DevicePrepHintValue = 0

the intune management extension log showing : apv2 Found deviceprephintvalue = 0

That made me curious about what was going on. I decided to write it all down in this blog below as it was evident that Microsoft was working on the new version of Autopilot. Microsoft even named it Autopilot V2 (APv2)

Windows Autopilot Version 2 | APv2 mode | DevicePreparation (call4cloud.nl)

The outcome of that blog was that the IME was looking at a registry key (autopilotdeviceprephint) to determine if the device was in APv2 Mode.

Writing that blog made me more curious about whether I could get the device into APv2 mode myself. I decided to spend some time on the dll files to find out if that was possible. Within an hour, it stumbled upon the Device Preparation CSP and what this CSP was doing.

the devicepreparation csp pageenabled showing that the device preparation page is enabled. We could also spot this in the autopilotsettings\devicepreparatin settings

As shown above, this CSP configured the PageEnabled in the Device Preparation to 1. I combined the PageEnabled and the AutopilotDevicePrephint keys and started the enrollment process. Those two registry keys got me an excellent new shiny enrollment status page.

Autopilot Device Preparation showing that it is installing the management Extension

If you want to read the details, I advise you to read this blog.

Autopilot Version 2 Device Preparation Page | APV2 (call4cloud.nl)

2. The announcement of APv2

Since I could manually configure these settings, it seems it was just a matter of time before Microsoft officially announced Autopilot Device Preparation, also known as Autopilot V2 (APv2).

Today was the day we were all waiting for!!! Microsoft just announced Autopilot Version 2!!

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/windows-deployment-with-the-next-generation-of-windows-autopilot/ba-p/4148169

3. Autopilot V1 VS Autopilot V2

With the official announcement from Microsoft, it is time to take a look at the differences first before zooming in a bit (with the knowledge I have by looking at the dll files)

Let’s compare the existing Autopilot and the new Autopilot Device Preparation.

When you examine the picture above closely, you will realize that the new Autopilot version finally removes the Hardware Hash requirement (1)! I guess with the hardware hash requirement gone, I think it’s safe to say that the Hardware Hash remediation issues we could get will belong to the past (and Apv1)

Besides this very big improvement, I also want to address some other details from that picture.

  • A way less complex Enrollment Status Page, just a couple of screens (installing the IME and Installing the required apps)
  • You can still use the old Autopilot! You are not required to choose!
  • The Autopilot Profile will be downloaded after the user-sign in!
  • The Autopilot V2 flow will be launched when the user signs in to the device. The Device Preparation profile is targeted at users, not devices! (2)
  • By the looks, it will NOT support autopilot pre-provisioning or hybrid for now!!!
  • APv2 Is cloud-native!!!
  • The tracking of apps and scripts is way different! No ESP tracking apps! So, the get-autopilotdiagnostics script needs some updates… With this change, we need to look up the status of the Autopilot progress in a new blade designed explicitly for Autopilot V2

There are many differences! It’s good to know that you don’t need to choose between using the old-school Autopilot or the new shiny Autopilot Device Preparation. If you want to continue using Autopilot pre-provisioning, you could still use Autopilot version 1. Enabling one doesn’t mean the other one is disabled!

Of course, the Autopilot Device Preparation details I mentioned above could lead to questions. That’s obvious. Let me explain them by just using and showing the whats new In Intune docs”

Question 1: If we are not required to upload the hardware hash, how will we mark the device as corporate? Well, here’s how: with Corporate Identifiers!

Question 2: Assigned to users, not devices: how do we assign Apps or policies to devices? Well, this is how…With the use of something called: Enrollment Time Grouping

Enrollment Time Grouping is a core feature for apv2

4. Comparing The ESP

As mentioned in the previous chapter and in my older blogs about APv2, the whole ESP has got some nice new improvements. Improvements? Well, I would instead call it a total rebuild.

Autopilot V1 ESP

Autopilot version 1 shows every single step with a lot of information. Do I need to remind you that Autopilot was designed to be directly shipped to the end customer?

OLd Autopilot ESP

With that idea in mind, it’s a bit weird that the end user should stare at all these steps, right? Don’t get me wrong because I want a more detailed one… but that’s only for troubleshooting, not for end-user experience!

Autopilot V2 ESP

With the end-user experience in mind, this is what the new Autopilot flow looks like! It only mentions that it is installing the Intune Management Extension, and after the required IME is installed, it will start installing the required apps and policies for your organization. Once those steps are done

Afbeelding met tekst, schermopname, Lettertype, logo  Automatisch gegenereerde beschrijving
Device Preparation showing us that it is installing required apps and policies

Nothing more… once those few steps are finished successfully (a lot is happening in the background, but again… the end user shouldn’t care about it), it will show you this page mentioning that the required setup is complete.

Afbeelding met tekst, schermopname, ontwerp  Automatisch gegenereerde beschrijving

If somehow something unexpected happens, you will be prompted that it. Can’t complete device setup

Autopilot Device Preparation mentioning that it can't complete device setup

A way less complex enrollment status page! Thats really, really nice!

5. The details

Once Autopilot v2 is officially GA and available for everyone I will start posting blogs about what’s happening under the hood. Why? Well, having a less complex Enrollment Status Page is all fine for the end user and gives a better experience but what if something breaks? That’s where I step in and will provide you with the insights and all the details you need to know what’s happening and where you want to start looking when the Autopilot v2 enrollment breaks.

I’m giving you a small heads-up! This is what the new (not) mspaint flow will look like! Yeah, it’s scrambled, but that’s on purpose.

Autopilot Device Preparation Technical Flow

Conclusion

I am so happy that Microsoft has officially announced Autopilot Device Preparation and its lovely new name is Autopilot Device Preparation. Hopefully, this blog has shown you the differences you need to beware of and that you don’t need to choose—you can use both!

One thought on “Autopilot Device Preparation: First Contact

  1. Hmm, the profile is now targeting users, gonna have to look we assign profiles using group tags in the future then or will that not be a thing

    hopefully we can target devices in the future for the profiles

Leave a Reply

Your email address will not be published. Required fields are marked *

7  +  2  =  

Proudly powered by WordPress | Theme: Wanderz Blog by Crimson Themes.