Many methods are available for enrolling Windows devices into Microsoft Intune, but the most common method for corporate devices is using Windows Autopilot.

Windows Autopilot is a Microsoft cloud service that simplifies the setup and pre-configuration of new devices to prepare them for end users. It removes the need for imaging and re-imaging devices, as it builds on the existing preinstalled operating system and allows IT to distribute any required configurations, scripts and apps during the out-of-box-experience (OOBE).

With that, it takes away the time spent on imaging, reduces the need for on-premises infrastructure, and further simplifies the user experience. For all the simplicity, issues can still arise, and Intune administrators need to be ready to troubleshoot them and resolve them quickly.

IT administrators should be familiar with the flow of the Windows Autopilot enrollment process because it is essential to understanding the troubleshooting process.

Windows Autopilot enrollment process The high-level flow of the Windows Autopilot enrollment process is pretty straightforward. It starts with connectivity and ends with Autopilot applying the actual settings. Figure 1 shows an overview of that process. Figure 1. The steps that IT needs to take during Autopilot enrollment. Network connection. Autopilot initiates a network connection by relying on either the existing wired connection or the specified wireless connection. Profile downloaded. The Windows Autopilot profile for the device is downloaded as soon as the network connection is available. User authentication. This step is optional. In a user-driven Windows Autopilot deployment, the user must provide their Microsoft Entra credentials, and then Autopilot validates them. Microsoft Entra join. When performing a user-drivern Windows Autopilot deployment, the device is joined to Microsoft Entra by relying on the provided credentials. When performing a self-deploying Windows Autopilot, the device is joined without user credentials. Automatic MDM enrollment. The device is automatically enrolled into the mobile device management (MDM) provider -- in this case, Microsoft Intune -- as part of the Microsoft Entra join. Settings applied. Autopilot applies the appropriate settings to the device and user during the enrollment status page (ESP) -- when configured or after sign-in.

Troubleshooting Intune enrollment during the out-of-box-experience Troubleshooting issues during OOBE is critical because it is the foundation of the enrollment. During OOBE, the IT administrator can use the Shift + F10 key combination to start a Command Prompt dialog box. That box provides the IT administrator with direct access to the device with high privileges. The IT administrator can use that box to directly access the event logs, registry keys, and more. It's a great place for the IT administrator to start the troubleshooting process. It's worth noting that the Shift + F10 key combination is available for every user during OOBE. Any issues related to Windows Autopilot are logged in the Event Viewer at Application and Services Logs > Microsoft > Windows > Modern Deployment-Diagnostics-Provider > Autopilot. Profile settings for Windows Autopilot are stored in the registry at the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\Autopilot Windows 11 even has a special Windows Autopilot diagnostics page available during OOBE that the IT administrator can use. To enable that diagnostics page, the administrator must make sure that the correct configuration is in place for the ESP with the following steps: Open the Microsoft Intune admin center portal and navigate to Devices > Windows > Enrollment > Enrollment Status Page.

> > > On the Enrollment Status Page, select the desired profile and click Edit in the Settings section.

in the section. On the Edit profile page, ensure the following settings are in place and click Review + save (Figure 2) .

page, ensure the following settings are in place and click (Figure 2) Show app and profile configuration progress should be set to Yes.

should be set to Turn on log collection and diagnostics page for end users should be set to Yes.

should be set to On the Review + Save page, verify the changes and click Save. Figure 2. The Intune Edit profile page with the necessary settings to change highlighted. In addition to the local options, Windows Autopilot also automatically collects logs after a failure during the process. Admins can find the collected logs within Microsoft Intune in the Device diagnostics section of the device. The action itself will be listed as a Collect diagnostics action within the Device actions status.