- Article
- 8 minutes to read
Applies to:
- Windows 11
- Windows 10
- Windows Holographic, version 2004
You can perform Windows Autopilot device registration within your organization by manually collecting the hardware identity of devices (hardware hashes) and uploading this information in a comma-separated-values (CSV) file. Capturing the hardware hash for manual registration requires booting the device into Windows. So, this process is primarily for testing and evaluation scenarios.
Device owners can only register their devices with a hardware hash. Other methods (PKID, tuple) are available through OEMs or CSP partners.
This article provides step-by-step guidance for manual registration. For more information about registration, see:
- Windows Autopilot registration overview
- Manual registration overview
- Windows Autopilot for HoloLens 2
Prerequisites
- Intune subscription
- Windows automatic enrollment enabled
- Azure Active Directory Premium subscription
Required permissions
Device enrollment requires Intune Administrator or Policy and Profile Manager permissions. You can also create a custom Autopilot device manager role by using role-based access control. Autopilot device management requires only that you enable all permissions under Enrollment programs, except for the four token management options.
Note
In both Intune Administrator and role-based access control methods, the administrative user also requires consent to use the Microsoft Intune PowerShell enterprise application.
Collect the hardware hash
The following methods are available to harvest a hardware hash from existing devices:
- Using Microsoft Endpoint Configuration Manager
- Using Windows PowerShell
- During OOBE by using the Diagnostics Page (Windows 11 only)
- From the Desktop using Settings > Accounts
Each of these methods is described below.
In Windows 10 version 1809 and earlier, it's important to capture the hardware hash and create an Autopilot device profile before you connect a device to the internet. Those steps include collecting the hardware hash, uploading the CSV file into Microsoft Store for Business (MSfB) or Intune, assigning the profile, and confirming the profile assignment.
Connecting the device to the internet before this process is complete will cause the device to download a blank profile and store it until you explicitly remove it. In Windows 10 version 1809, you can clear the cached profile by restarting the Windows Out of Box Experience (OOBE). In previous versions, the only way to clear the stored profile is to reinstall the operating system, reimage the device, or run sysprep /generalize /oobe.
After Intune reports the profile as ready to go, you can connect the device to the internet.
Note
If OOBE is restarted too many times, it can enter a recovery mode and fail to run the Autopilot configuration. You can identify this scenario if OOBE displays multiple configuration options on the same page, including language, region, and keyboard layout. The normal OOBE process displays each of these on a separate page. The following value key tracks the count of OOBE retries:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UserOOBE
To ensure that OOBE has not been restarted too many times, you can change this value to 1.
Configuration Manager
Microsoft Endpoint Configuration Manager automatically collects the hardware hashes for existing Windows devices. For more information, see Gather information from Configuration Manager for Windows Autopilot. You can extract the hash information from Configuration Manager into a CSV file.
PowerShell
The hardware hash for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running a supported version of Windows. You can use a PowerShell script (Get-WindowsAutopilotInfo.ps1) to get a device's hardware hash and serial number. The serial number is useful for quickly seeing which device the hardware hash belongs to.
To use this script, you can use either of the following methods:
- Download the script file from the PowerShell Gallery and run it on each computer.
- Install the script directly from the PowerShell Gallery.
To install the script directly and capture the hardware hash from the local computer:
Use the following commands from an elevated Windows PowerShell prompt:
New-Item -Type Directory -Path "C:\HWID"Set-Location -Path "C:\HWID"$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSignedInstall-Script -Name Get-WindowsAutopilotInfoGet-WindowsAutopilotInfo -OutputFile AutopilotHWID.csvYou can run the commands remotely if both of the following are true:
(Video) How to import hardware device ID to Intune - Autopilot- WMI permissions are in place.
- WMI is accessible through Windows Firewall on the remote computer.
While OOBE is running, you can start uploading the hardware hash by opening a command prompt (Shift+F10 at the sign-in prompt) and using the following commands:
PowerShell.exe -ExecutionPolicy BypassInstall-Script -name Get-WindowsAutopilotInfo -ForceSet-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSignedGet-WindowsAutopilotInfo -OnlineYou're prompted to sign in. An account with the Intune Administrator role is sufficient, and the device hash will then be uploaded automatically.
After you confirm the details of the uploaded device hash, run a sync in the Microsoft Endpoint Manager admin center. Select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program) > Sync.
After the device appears in your device list, and an Autopilot profile is assigned, restarting the device causes OOBE to run through the Windows Autopilot provisioning process.
On first run, you're prompted to approve the required app registration permissions.
Note
Because Intune offers free (or inexpensive) accounts that lack robust vetting, and because 4K hardware hashes contain sensitive information that only device owners should maintain, we recommend registering devices through Microsoft Endpoint Manager via a 4K hardware hash only for testing or other limited scenarios. In most cases, you should instead use the Microsoft Partner Center for Autopilot device registration.
For more information about running the Get-WindowsAutopilotInfo.ps1 script, see the script's help by using Get-Help Get-WindowsAutopilotInfo.
Diagnostics page hash export
To export a hardware hash using the Windows Autopilot Diagnostics Page, the device must be running Windows 11.
Windows Autopilot Diagnostics are available in OOBE.
During OOBE, press Ctrl-Shift-D to bring up the Diagnostics Page. From this page, you can export logs to a thumb drive. The logs will include a CSV file with the hardware hash.
Desktop hash export
- From the Windows 10 or Windows 11 Desktop, click Settings > Accounts > Access work or school.
- Export log files. The logs will include a CSV file with the hardware hash.
- Windows 11: In the Export your management log files tile, click Export.
- Windows 10: Click the Export your management log files link.
Log files are exported to the Users\Public\Documents\MDMDiagnostics directory.
For more information, see Diagnose MDM failures in Windows 10
Ensure that the CSV file meets requirements
Device information in the CSV file where you capture hardware hashes should include:
- Serial number
- Windows product ID
- Hardware hash
- Optional group tag
- Optional assigned user
You can have up to 500 rows in the file's list of devices. The header and line format must look like this:
Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User<serialNumber>,<ProductID>,<hardwareHash>,<optionalGroupTag>,<optionalAssignedUser>
Keep these other requirements for the CSV file in mind:
- You can't use extra columns.
- You can't use quotation marks.
- You can use only ANSI-format text files (not Unicode).
- Headers are case-sensitive.
Important
Use a plain-text editor with this CSV file, like Notepad. Don't use Microsoft Excel. Because of the requirements, editing an Excel file and saving it as .csv won't generate a usable file for importing to Intune.
When you upload a CSV file to assign a user, make sure that you assign valid User Principal Names (UPNs). If you assign an invalid UPN (that is, an incorrect username), your device might be inaccessible until you remove the invalid assignment.
During upload of a CSV file, the only validation that Microsoft performs on the Assigned User column is to check that the domain name is valid. Microsoft doesn't perform individual UPN validation to ensure that you're assigning an existing or correct user.
Add devices
Now that you've captured hardware hashes in a CSV file, you can add Windows Autopilot devices by importing the file. To import the file by using Intune:
In the Microsoft Endpoint Manager admin center, select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program) > Import.
(Video) Manually register devices with Windows Auto Pilot to intuneUnder Add Windows Autopilot devices, browse to the CSV file that lists the devices that you want to add.
Select Import to start importing the device information. Importing can take several minutes.
After import is complete, select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program) > Sync.
A message says that the synchronization is in progress. The process might take a few minutes to complete, depending on how many devices are being synchronized.
Refresh the view to see the new devices.
Edit Autopilot device attributes
After you've uploaded an Autopilot device, you can edit certain attributes of the device:
- In the Microsoft Endpoint Manager admin center, select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program).
- Select the device that you want to edit.
- On the pane on the right of the screen, you can edit:
- Device name
- Group tag
- Username (if you've assigned a user)
- Select Save.
Note
Device names can be configured for all devices but are ignored in Hybrid Azure Active Directory (Azure AD) deployments. The device name still comes from the domain join profile for Hybrid Azure AD devices.
Delete Autopilot devices
You can delete Windows Autopilot devices that aren't enrolled in Intune:
- Select Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program).
- Choose the devices that you want to delete, and then select Delete. The deletion process can take a few minutes to complete.
Completely removing a device from your tenant requires you to delete the Intune, Azure AD, and Windows Autopilot device records. You can do all these deletions from Intune, in this order:
- If the devices are enrolled in Intune, delete them from the Intune All devices pane.
- Delete the devices from Windows Autopilot at Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program). Choose the devices that you want to delete, and then select Delete. The deletion process can take a few minutes to complete.
- Delete the devices from Azure AD at Devices > Azure AD devices.
Next steps
Create device groups to apply Autopilot deployment profiles.
FAQs
Is IT possible to register an existing device for Windows Autopilot? ›
You can automatically register an existing device if it's: Running a supported version of Windows. Enrolled in an MDM service such as Intune. A corporate device that's not already registered with Autopilot.
How do I manually register a device in Intune? ›- Login to Windows 10 with an Administrator account.
- Go to Start and click Start Menu -> Settings.
- Select Accounts > Access work or school > Connect.
- Enter Corporate Email ID and Password.
- Click on Done to complete the Azure AD registration process.
Successful registration requires that two processes are complete: The device's unique hardware identity (known as a hardware hash) is captured and uploaded to the Autopilot service. The device is associated to an Azure tenant ID.
How to manually onboard devices to Windows Autopilot Part 2? ›Just navigate to Accounts > Access work or school and then click Connect. Follow the instructions to connect the device to Azure AD, making sure on the Set up a work or school screen that you click Join this device to Azure Active Directory. You'll need an Azure AD account that has permission to connect devices.
How do I manually register a device in Azure? ›In the Microsoft Azure Portal, go to Settings > Accounts > Access work or school, and then click Connect. Enter your Azure email address in the Set up a work or school account field, and then click Next. You can skip the option to Join this device to Azure Active Directory. Enter your password, and then click Sign in.
How do I convert an existing device to Autopilot? ›Go to Intune > Device enrollment > Windows enrollment and Set up the Enrollment Status Page. Go to Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune and enable Windows automatic enrollment. Configure the MDM user scope for some or all users.
Can you use Autopilot without Intune? ›Windows Autopilot depends on specific capabilities available in Windows client and Azure Active Directory (Azure AD). It also requires an MDM service such as Microsoft Intune.
How to add Windows 10 devices to Windows Autopilot even faster? ›- Turn on a new device. ...
- Run Powershell.
- Run the following commands for creating a local “scripts” folder and downloading the Get-WindowsAutoPilotInfo script. ...
- When asked to install and import the NuGet provider, type Y and press Enter.
- In the root ADOM, go to Device Manager and click Unregistered Devices in the quick status bar. ...
- Select the unregistered device or devices, then click Add. ...
- If ADOMs are enabled, select the ADOM in the Add the following device(s) to ADOM list. ...
- Click OK to register the device or devices.
Click Start > All Programs > Accessories and right-click on "Command Prompt" and select "Run as Administrator" OR in the Search box, type CMD and when cmd.exe appears in your results, right-click on cmd.exe and select "Run as administrator" At the command prompt, enter: REGSVR32 "PATH TO THE DLL FILE"
How do I register a device in endpoint? ›
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Devices > Enroll devices.
- Select Device enrollment managers.
- Select Add.
- In the User name field, enter the user principal name of the user you're adding.
- Select Add.
AutoPilot requires one of the following licenses — Microsoft 365 Business, Microsoft 365 F1, Microsoft 365 E3 or E5, Enterprise Mobility & Security E3 or E5, or any other license that provides AAD/MDM services. Your vendor needs to support AutoPilot.
Which of the following are requirements for Windows Autopilot? ›- A supported version of Windows 10 Semi-Annual Channel or Windows 10 General Availability Channel is required.
- The following editions are supported: Windows 10 Pro. Windows 10 Pro Education. Windows 10 Pro for Workstations. Windows 10 Enterprise. Windows 10 Education.
To use Windows Autopilot, IT must connect the devices to a Microsoft Azure portal and enroll them in Microsoft Windows Azure Active Directory. Once IT enrolls the device or devices, it can assign a desktop image to each user before users register their devices.
How do I reset my Autopilot manually? ›Navigate to Devices tab in the Intune console. In the All devices view, select the targeted reset devices and then click More to view device actions. Select Autopilot Reset to start the reset task.
How do I add an existing device to Intune? ›- Open Company Portal and sign in with your work or school account.
- On the Set up your device screen, select Next.
- On the Connect to work screen, select Connect.
Self-deploying mode uses a device's TPM 2.0 hardware to authenticate the device into an organization's Azure AD tenant. Therefore, devices without TPM 2.0 can't be used with this mode. Devices must also support TPM device attestation.
How do I get my device registered? ›Tap the menu icon. Tap anywhere in the section containing your name and profile picture. Tap DEVICES. Tap on Register Device.
How do I activate device registration? ›- On your federation server, open a Windows PowerShell command window and type: Copy. Enable-AdfsDeviceRegistration.
- Repeat this step on each federation farm node in your AD FS farm..
Go to Settings > Connections > Mobile Networks > Network Operators > Search now and select your carrier's network.
What does convert all targeted devices to AutoPilot do? ›
Configuring the Convert all targeted devices to AutoPilot setting to Yes will automagically convert all devices in the assigned group to AutoPilot. This is a one-time conversion that also works for co-managed devices.
Can you AutoPilot over WIFI? ›Wi-Fi AutoPilot is constantly scanning and analyzing the end user's Wi-Fi environment. If any detrimental changes are detected, the CPE Wi-Fi parameters will automatically adjust, without compromising the internet connection experience (based on a patented algorithm).
What licenses are needed for AutoPilot? ›Windows Autopilot licensing
Customer will need one of the following subscriptions to be able to use Windows Autopilot: Microsoft 365 Business. Microsoft 365 F1. Microsoft 365 E3 or E5.
- Security issues. One of the potential cons about self-driving cars is the possibility of hacking. ...
- Job losses. Those who depend on driving to make a living may find their career obsolete with the introduction of self-driving cars. ...
- Initial costs. ...
- Moral Machine dilemma. ...
- Machine error.
Autopilot lets you register devices in Intune directly when you use it to buy new hardware. With Autopilot, employees can unbox their new devices, log into their Microsoft account and have a fully setup device. Intune syncs with Autopilot and will push updates and configurations to the devices.
What happens if a device is not compliant in Intune? ›The result of this default is when Intune detects a device isn't compliant, Intune immediately marks the device as noncompliant. After a device is marked as noncompliance, Azure Active Directory (AD) Conditional Access can block the device.
Does Windows Autopilot need Internet? ›Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly.
How do I enable Windows Autopilot? ›- Step #1: Create an AutoPilot profile.
- Step #2: Obtain device details for AutoPilot deployment.
- Step #3: Upload device details and associate profile.
- Step #3.1(Optional): Branding the device activation screen.
- Step #4: Assign users to enrolled devices.
You can purchase Autopilot, Enhanced Autopilot or Full Self-Driving Capability at any time through the Tesla app – and the Autopilot software required will be added to your car.
How do I manually add a device in Windows 10? ›- Select Start > Settings > Devices > Bluetooth & other devices.
- Select Add Bluetooth or other device and follow the instructions.
How do I specify unspecified devices in Windows 10? ›
- Log on to Windows as "Administrator."
- Click [Start] > [Devices and Printers].
- Right-click on the driver for your machine under "Unspecified," and click [Properties]. ...
- Click the [Hardware] tab, and double-click the name of the machine being used.
- Turn on a new device that isn't set up yet. Put the device in pairing mode.
- Turn on your phone's screen.
- On your phone, you'll get a notification offering to set up the new device.
- Tap the notification.
- Follow the onscreen steps.
- Locate your missing . dll file at the DLL Dump site.
- Download the file and copy it to: "C:\Windows\System32"
- Click Start then Run and type in "regsvr32 name_of_dll. dll" and hit enter.
Short answer is that you don't need to register DLLs in order to use them. The only exception to this is COM and ActiveX DLLs which need to add certain keys to the registry. For a normal DLL (including . NET class libraries), all you need to know is the path to the DLL.
How do I register a DLL in Windows 10 64-bit? ›- Go to the Search window and type cmd, right click on Command Prompt and choose Run as an administrator option.
- Type the following command in the command window and hit Enter - regsvr32 <dllname>
In the Microsoft Endpoint Manager Admin Center, choose Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program > choose the device > Assign user.
How do I register a device on MDM? ›- Click Start > Settings > Accounts.
- Click Access Work or School.
- Click +Connect.
- Go to the Alternate actions section and click Join this device to Azure Active Directory.
- Enter your enterprise user name and password.