Creating JSON Files for Windows Autopilot Deployment Profiles

In today’s fast-paced digital landscape, organizations need efficient and effective ways to deploy operating systems and applications. Windows Autopilot provides a streamlined process for deploying Windows to existing devices, allowing for easy reimaging and provisioning. In this guide, we will walk you through the steps to create a seamless Autopilot experience for existing devices, ensuring that both IT administrators and users can enjoy rapid deployments and consistent user experiences.

Understanding Windows Autopilot for Existing Devices

Windows Autopilot is designed to simplify the setup and configuration of new devices, leveraging cloud-based management. This is particularly strong for existing devices, allowing organizations to reimage them into a user-driven mode. Key benefits include automatic app installation and data synchronization via OneDrive, ensuring users can quickly resume their work.

Prerequisites for Deployment

Before diving into the deployment process, ensure you meet the following prerequisites:

1. Supported Version of Microsoft Configuration Manager: Ensure you are using a version compatible with the current branch of Microsoft Configuration Manager.
2. Microsoft Intune Licenses: You must have assigned licenses for users accessing Intune.
3. Microsoft Entra ID P1 or P2: This is necessary for identity management.
4. Supported Windows Version: The OS image must be imported into Configuration Manager.
5. Windows Management Framework: Required if you are running commands on Windows Server 2012/2012 R2.
6. Enrollment Restrictions: Make sure restrictions do not block personal devices.

Step 1: Setting Up Enrollment Status Page (Optional)

A user-friendly Enrollment Status Page (ESP) can enhance the user experience during setup.

• Navigate to Microsoft Intune admin center.
• Go to Devices > Device onboarding > Enrollment and choose Enrollment Status Page. Follow prompts to set it up.

Step 2: Installing Required PowerShell Modules

You will need to install specific modules for Windows Autopilot functionality.

1. Open Windows PowerShell with elevated privileges.
2. Run the following commands to install the required modules:

   Set-ExecutionPolicy -ExecutionPolicy Bypass

   Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
   Install-Module -Name WindowsAutopilotIntune -MinimumVersion 5.4.0 -Force
   Install-Module -Name Microsoft.Graph.Groups -Force
   Install-Module -Name Microsoft.Graph.Authentication -Force
   Install-Module -Name Microsoft.Graph.Identity.DirectoryManagement -Force

   Import-Module -Name WindowsAutopilotIntune
   Import-Module -Name Microsoft.Graph.Groups
   Import-Module -Name Microsoft.Graph.Authentication
   Import-Module -Name Microsoft.Graph.Identity.DirectoryManagement

3. Connect to the Graph API with appropriate scopes:

 Connect-MgGraph -Scopes "Device.ReadWrite.All", "DeviceManagementManagedDevices.ReadWrite.All", "DeviceManagementServiceConfig.ReadWrite.All", "Domain.ReadWrite.All", "Group.ReadWrite.All", "GroupMember.ReadWrite.All", "User.Read"

Step 3: Obtaining Autopilot Profiles

Next, you’ll need to extract the available Autopilot profiles and save them as JSON files.

1. Use the following command in PowerShell:

   Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON

2. Save this configuration as AutopilotConfigurationFile.json, ensuring your file is in ASCII or ANSI format.

   Connect-MgGraph -Scopes "Device.ReadWrite.All", "DeviceManagementManagedDevices.ReadWrite.All", "DeviceManagementServiceConfig.ReadWrite.All", "Domain.ReadWrite.All", "Group.ReadWrite.All", "GroupMember.ReadWrite.All", "User.Read"
$AutopilotProfile = Get-AutopilotProfile
$targetDirectory = "C:\Autopilot"
$AutopilotProfile | ForEach-Object {
    New-Item -ItemType Directory -Path "$targetDirectory\$($_.displayName)"
    $_ | ConvertTo-AutopilotConfigurationJSON | Set-Content -Encoding Ascii "$targetDirectory\$($_.displayName)\AutopilotConfigurationFile.json"
}

3. Ensure each profile has its own folder named after the profile with the required JSON file inside.

Step 4: Creating a Configuration Manager Package

Import the JSON file into the Microsoft Configuration Manager.

1. In the Configuration Manager console, navigate to Software Library > Application Management > Packages.
2. Click on Create Package and follow the wizard.
   • Name: Autopilot for existing devices config
   • Source folder: Specify the UNC path of your JSON file
3. Choose Don’t create a program and complete the wizard.

Step 5: Device Collection Creation

You will need to create a device collection that will be utilized for the Autopilot provisioning.

1. Access the Assets and Compliance workspace and then select Device Collections.
2. Click Create Device Collection:
   • Name: Autopilot for existing devices collection
   • Limiting Collection: Choose All Systems
3. Add rules for membership based on your criteria.

Step 6: Task Sequence Creation

Create a task sequence to handle the deployment.

1. In the Software Library, go to Operating Systems > Task Sequences.
2. Click Create Task Sequence and select Deploy Windows Autopilot for existing devices.
3. Fill in the necessary information, including naming and selecting the correct boot image.
4. Configure installation settings, including selecting the Windows image index and other options related to BitLocker and administrator accounts.

Step 7: Deploy the Autopilot Task Sequence

Distribute the task sequence to necessary distribution points.

1. Select Deployment:
   • Task Sequence: Autopilot for existing devices
   • Collection: Select the previously created Autopilot collection.
2. Configure the deployment settings:
   • Set action to Install and Purpose to Available.
   • Schedule and distribute the content.

Step 8: Completing the Deployment Process

1. On the target Windows device, navigate to Software Center.
2. Locate Autopilot for existing devices and select Install.

The system will handle the following steps automatically:

• Download content.
• Restart into Windows PE.
• Format the drive and install Windows.
• Complete the Autopilot setup process.

Conclusion

The deployment of existing devices using Windows Autopilot simplifies the complexity often associated with OS provisioning. By following the outlined steps, IT administrators can efficiently manage devices, ensuring users enjoy a seamless transition into a prepared environment. Stay ahead of the curve by adopting modern deployment practices with Windows Autopilot today!