Is Microsoft Autopilot Right For You?

What is Microsoft Autopilot anyway?

Microsoft Autopilot is a service within Microsoft 365 that permits PC manufacturers to load a single, standardized Windows 10/11 operating system instance and ship that computer direct to an end-user. The expectation is that the PC is going to be immediately used by an end-user and connected to Microsoft 365 rather than be shipped to an IT department and prepared there.

It avoids devices being delivered to the IT department, avoids that system being immediately re-imaged with the company standard load, and avoids additional shipment costs as the device is dispatched to the end-user. It also avoids the regular re-creation of the IT image as applications are introduced, updated, or retired, which can be rather time-consuming.

The benefit to Autopilot is that the end-user received the PC, logs onto it using their Microsoft 365 credentials, and is immediately productive. Furthermore, the same technology can be used to repurpose a device hitherto used by one person for another user, again without the reimaging of the device.

To learn a little more about Autopilot take a look at this article.

How Does It Work?

Autopilot is a multi-part process. You engage with a preferred PC hardware vendor and allow them, through the portal they provide, a limited amount of access to your Microsoft 365 tenant. When an order is placed on a PC, the vendor is told who the device is for and they return the compliment by telling the Microsoft 365 tenant what the machine name, serial number, and end-user is. When the PC arrives at the end users’ office or home that user can start the process to silently install all the software assigned to the user.

The Microsoft 365 administrators do the application assignment through Intune ahead of time and the whole system waits for the user to log on where it matches the data coming to it and starts to provision the applications.

PCs received by the end-user at home for example can be put onto the Active Directory domain without an administrator having to intervene or for the PC being on the office network. This is achieved through a setting in the Autopilot configuration process.

Great, Sign Me Up.

Not so fast. There’s the small matter of the applications. The Microsoft Office productivity applications are one thing. They are the simplest things to set up through Microsoft Endpoint Manager – formerly known as Intune, but what about other things?

There are a great number of applications that can be set up through MEM such as Slack, browsers, VPN clients etc. In addition, Outlook and other plug-ins can be deployed through this and the add-in feature within Microsoft 365. However, installing applications that do not exist within the Microsoft Store are somewhat more difficult – and that is where the decision on whether to use Autopilot may rest within an organization.

There is quite a process to go through in order to get an application deployed to a PC using MEM. Remember that Autopilot is simply the process to get a PC into an end users’ hands. Applications are deployed using MEM.

Other management applications can take a binary delivered by a software vendor and deliver it out to end-users with little modification. With MEM the application must be wrapped inside a “.intunewin” file and uploaded to Microsoft 365. The installation parameters are input separately as part of the deployment package and can be changed without changing the uploaded file. Each update to the application requires repackaging, uploading and then re-deployment to users.

If an organization finds itself in the situation where several applications just don’t support, or only support with a lot of effort, deployment via MEM then you might want to look at just going back to the system whereby the IT department does imaging, and re-ships the new PC to the user. Hopefully, that’s going to be rare and don’t baulk at doing anything just because a couple of probably legacy applications don’t want to play ball with MEM. There’s no point hobbling yourself from moving forward with a new way of getting the applications to the users. Remember that in the new way of working these days there are going to be far more users who are not in an office and not necessarily using VPN to get to resources that are increasingly cloud-based, so using MEM to deploy applications is going to be the go-to method in the future.

Some Anexinet customers have engaged us with the expectation that migrating over to Autopilot is going to be the one-stop solution to new PCs and loading all the company applications. As you have read here that’s not the case and there is a lot more to think about before taking the Autopilot plunge.

The Takeaway

The generally good decision to move to systems delivered direct to end-users from the PC manufacturer does not mean you are done with deploying applications to those devices, leaving it to the vendor; that’s just not how Autopilot works. You will be replacing one deployment method with a different one and, in some cases, you may well still have another solution to deliver the more complicated applications if they cannot be worked into the Microsoft Endpoint Manager service. Most things can be deployed using MEM but not all. Maintain your existing deployment solution but constantly keep on the lookout for new ways to get the more obscure apps into MEM.

To learn more about how Autopilot can help your organization, please don’t hesitate to reach out to Anexinet to take a deeper dive into all that Autopilot has to offer.