Learn Windows Autopilot | Full Tutorial 2025

Onboarding new devices has traditionally been one of the most painful, time-consuming tasks for IT teams. Hours are wasted configuring operating systems, installing applications, and applying security settings before a new hire can even log in.

But with Windows Autopilot, all of that changes. Autopilot streamlines device provisioning so that you no longer have to manually configure every laptop or maintain custom OS images. Better yet, you can even apply security patches during the out-of-box experience (OOBE) before the employee touches the device.

By the end of this post, you’ll see how Autopilot can save you at least one hour per device.

The Old Way: Painful and Manual Let’s imagine a fictional company, Northwind Outdoors. They’re a fast-growing business with only two IT technicians handling new employee onboarding. Here’s what their process looks like today: Order laptops from Dell or HP. Have them shipped to headquarters. Unbox and reimage the device with a USB stick. Manually install applications and security software. Package the device and ship it out to the remote employee. Sounds familiar? That workflow can take anywhere from 2–5 hours per device. Multiply that across dozens of employees, and you’ve got an IT bottleneck that slows down the business.

The New Way: Autopilot + Intune

Now, let’s reimagine that workflow with Microsoft Intune and Windows Autopilot:

• Devices are still procured from an OEM, but instead of shipping to HQ, the OEM sends the hardware IDs (hashes) directly to your Intune tenant.

• Intune becomes the single source of truth for apps, security baselines, and settings.

• The device ships straight to the end user, already associated with your organization.

• When the user turns it on and connects to Wi-Fi, Autopilot provisions everything:

  • Microsoft 365 Apps

  • OneDrive folder redirection

  • Security baselines like Microsoft Defender Antivirus

  • Custom branding and lock screen settings

From unboxing to productivity, the user is ready to go in 30–60 minutes, without IT ever touching the device.

Configure Autopilot

Step 1: Set Up Your Autopilot Environment

Inside the Intune Admin Center, the process starts with creating a group (e.g., Windows Autopilot Devices). This group acts as the container for assignments like apps, security policies, and deployment profiles.

You can also configure company branding so your users see a customized welcome message during OOBE. Imagine your new hire booting up a laptop to: “Welcome to Northwind Outdoors!”—a simple touch that makes IT feel personal.

Step 2: Register Devices

There are a couple of ways to get devices into Autopilot:

• OEM integration (Dell, HP, Microsoft Surface) – Devices automatically appear in your tenant when you purchase.

  • Dell Example: How to Connect Dell Management Portal to Microsoft Intune | Dell US

• Manual upload – Use PowerShell (Get-WindowsAutopilotInfo -Online) to upload a device hash to Intune during the OOBE experience: Manually register devices with Windows Autopilot | Microsoft Learn

  • https://learn.microsoft.com/en-us/autopilot/add-devices 

Once registered, you can assign the device to a user or dynamic group, so policies and profiles apply automatically.

Step 3: Create a Deployment Profile

Intune lets you push down everything the device needs:

• Configuration Profiles (e.g., Wi-Fi, lock screen timeout, OneDrive Known Folder Move)

• Applications (e.g., Office, Chrome, Teams, line-of-business apps)

• Security Policies (e.g., Defender Antivirus, compliance baselines, Endpoint Protection)

Assign these to your Autopilot device group, and they’ll flow automatically during enrollment.

Create Configuration Profiles: Configure device configuration profiles in Microsoft Intune – Microsoft Intune | Microsoft Learn

Deploy the M365 apps: How to Deploy Microsoft 365 Apps With Intune – Our Cloud Network

Step 5: Enrollment Status Page (ESP)

The Enrollment Status Page controls what users see during setup. You can require all apps and policies to install before login, or allow users to sign in sooner while apps continue in the background.

For sensitive environments, it’s best to block device use until security apps are fully installed. That way, no one starts working on an unprotected machine.

Full Instructions: Set up the Enrollment Status Page in the admin center copy – Microsoft Intune | Microsoft Learn

The End-User Experience

Here’s what your employees see:

1. Boot device → connect to Wi-Fi.

2. Custom branded login screen.

3. Enrollment Status Page showing progress as apps and settings install.

4. Desktop with Office, Chrome, and OneDrive already configured when they get access to the desktop. 

In under an hour, they’re ready to work, no IT intervention required.

The Payoff

Switching to Autopilot doesn’t just save time. It also:

• Standardizes configurations across the company.

• Eliminates reimaging and manual setup.

• Improves security posture by ensuring baselines are applied consistently.

• Delivers a better employee experience on day one.

For a company like Northwind Outdoors (or yours), that can mean hundreds of hours saved each year and happier employees from the start.