When using Windows Autopilot, Deployment Profiles customize the OOBE for a device or group of devices. You can create a single default deployment profile of settings for your whole organization or assign additional deployment profiles to device groups.
At the time of this writing, the available profile settings you can configure within a Windows Autopilot deployment profile are shown in Table 1-9.
TABLE 1-9 Windows Autopilot Deployment Profile Settings
| Profile setting | Description |
| Convert all targeted devices to Autopilot | Enables you to register all targeted devices to Autopilot if not already registered. The next time registered devices go through the OOBE, they go through the assigned Autopilot scenario. |
| Deployment mode | User-driven devices are devices that are associated with the user enrolling the device.Self-Deploying (preview) devices have no user affinity; an example is a kiosk device. |
| Join to Azure AD as | Azure AD–joined = Cloud-only.Hybrid Azure AD–joined = Cloud and on-premises Windows Server Active Directory. |
| Microsoft Software License Terms | This means that organizations accept the software license terms on behalf of their users. |
| Privacy settings | Organizations can choose not to ask users about Microsoft-related privacy settings during the OOBE process. |
| Hide change account options | Removes the option for users to restart the OOBE process with a different account. (Requires Windows 11 1809 or later.) |
| User account type | Typically, during the OOBE process, a device will automatically be set up with administrator access. This option can be disabled when using Windows Autopilot because you can choose a Standard or Administrator account type. |
| Allow preprovisioned deployment | Enables a partner or IT pro to press the Windows key five times during OOBE to run without user authentication, enroll the device, and provision all system-context apps and settings. |
| Language (Region) | Enables you to select the appropriate regional settings. The keyboard is automatically selected based on this selection unless you choose otherwise. Defaults to Operating System Default. |
| Automatically configure keyboard | If set to Yes, uses the regional selection to choose the keyboard layout. |
| Apply device name template | Allows you to specify a naming convention to name devices automatically. For example, Contoso-%RAND:3% will generate a device name such as Contoso-565. |
Note Company Branding is Required for Autopilot
You will notice that Autopilot profiles allow you to choose whether a user is presented with the company branding during OOBE. This setting is optional in each profile you create. However, you must configure Azure Active Directory Company Branding.
Use the following procedure to create a deployment profile using Microsoft Intune for a user-driven device that is to be joined to Azure AD:
- Sign in to the Microsoft Intune admin center (https://endpoint.microsoft.com/) as a Global Administrator.
- Select Devices > Enroll devices, and then select the Automatic Enrollment tile.
- Ensure the MDM user scope is not set to None.
- Go back to Enroll devices, and select Deployment Profiles.
- Select Create profile, and choose Windows PC.
- On the Create profile page, on the Basics tab, enter a profile name and optional description.
- Select Next, and then, on the Out-of-box experience (OOBE) tab, displayed in Figure 1-7, configure the values described in Table 1-9, and then select Next.
FIGURE 1-7 Creating an Autopilot profile
8. On the Assignments page, choose the device groups you want to include or exclude or choose Add all devices. Then select Next.
9. On the Review + create tab, select Create.
After you’ve assigned the profile, devices are allocated to use this profile during the Windows Autopilot deployment process.
Note Force Autopilot Profile to be Downloaded
If a device has not downloaded an Autopilot profile, you should reboot the device during OOBE to allow the device to retrieve the profile. You can press Shift-F10 to open a command prompt at the start of the OOBE and then enter shutdown /r /t 0 to restart the device immediately or enter shutdown /s /t 0 to shut down immediately.
Windows Autopilot uses Azure AD company branding to show custom logos and text during the OOBE Azure AD authentication and join process. You need to have Azure AD Premium licensing to configure company branding. There are three image layouts that you need to configure.
- A square logo; 240 pixels by 240 pixels; PNG or JPG; 10KB or smaller
- A banner logo; 280 pixels by 60 pixels; PNG or JPG; 10KB or smaller
- A background image; 1920 pixels by 1080 pixels; PNG or JPG; 300KB or smaller
To configure your company branding, use these steps.
- Sign in to the Azure portal or the Microsoft Entra admin center using a Global Administrator account for the directory.
- Under User experiences, select Company branding.
- Under Default Sign-In Experience, select Edit.
- On the Basics blade, upload your images for Favicon and Background image. You can also configure the Page background color.
- Select Review & create.
- Select Create.