To provision Windows 10 PCs using Autopilot and Intune, they must first be registered as Windows Autopilot devices in the Device Directory Service, which is really the cloud Autopilot service. When a device is registered to the Autopilot service, its hardware hash is used to generate a Zero Touch Device ID (ZTDID) – a globally unique identifier for that device based on hardware information such as (but not only) MAC address, disk serial number, and system serial number.
The ideal way to do this is to get your supplier to do it. When you buy a device, they can automatically register the ZTDID in your tenant. You can also get your devices in there yourself by using PowerShell, generating CSVs, and uploading these – a long-winded process that detracts from the benefits of Autopilot. Regardless of how you get the data in there, as soon as devices are registered as Autopilot devices, a special device object is populated in Azure AD by the Device Registration Service (DRS) with that ZTDID.
When Windows 10 Pro/Enterprises go through the out-of-box experience (OOBE) (the factory reset screen), after getting a network connection it will check the Autopilot service to see what Autopilot tenant and rules it should follow by downloading what’s called an Autopilot deployment profile. How does it know what profile to assign? Because against the profile, you have assigned a group, which contains that aforementioned Autopilot Azure AD device object.
That’s great for new or redeployed devices, but you have a fleet of PCs already out there. The good news is we can also use these deployment profiles to take existing Azure AD devices and register than into the Autopilot service. These devices should be enrolled in Intune MDM, so if you are using on-premises AD you should consider Hybrid Azure AD Join + automatic enrolment, which I’ve blogged about here.
In the Microsoft Endpoint Manager admin centre, browse to your deployment profile or create a new one, and select Yes against the option to Convert all targeted devices to Autopilot.
Proceed to give your profile the required settings, and on Assignments choose an Azure AD group with the existing device(s) in it.
At the moment in my example tenant, I have no Autopilot registered devices, as evident from the screenshot below.
However, the group I assigned the profile to does have a full Azure AD device object in it.
Microsoft’s documentation advises it can take a couple of days for the devices in the group to be registered as Autopilot devices. This is consistent with my experience. When the device is finally registered, you’ll find it in the Windows Autopilot devices page, linked to the Associated Azure AD device when you select it.
The device has to have been online long enough for Intune to gather hardware information and store this against the device object. If you have gone days without the device showing as an Autopilot device, investigate this as a starting point. In the example below, I’ve navigated to the device object in Microsoft Endpoint Manager, then chosen the Hardware tab. The Process Architecture is “unknown”, but CPU info is needed as part of the required information for the ZTDID discussed earlier. In my testing, after the device hadn’t been added for four days (with no hardware information in Intune), it then appeared as an Autopilot device within hours of being booted up and letting Intune populate the data.