Microsoft describes Windows AutoPilot as “Windows AutoPilot is a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs”.  That roughly translates to a cloud based method of deploying new Windows 10 devices. To use Windows AutoPilot you’ll need to fulfill some requirements namely:

• Devices must be registered to the organization
• Company branding needs to be configured
• Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
• Devices must have access to the internet
• Azure AD Premium P1 or P2
• Microsoft Intune or other MDM services to manage your devices

Windows 7 is not going to gain access to this new technology and new devices are the target (from the OEM for example). There is a way to re-provision existing Windows 10 devices via a Windows Reset but I’ll cover that in another blog post.

This post will explain how you can get around one obstacle that currently exists (29th of November 2017) with Windows AutoPilot, and that is the ability to connect to the Internet across a Proxy. Windows AutoPilot needs to be able to connect to the internet to do it’s magic, and proxies can throw a spanner in that.

In this post I assume you have already enrolled a Windows 10 device into Windows AutoPilot and that you plan on connecting the new Windows 10 device to the internet via a Proxy. All screenshots are from a Windows 10 version 1709 computer (Fall Creators Update).

Windows AutoPilot default behavior (with direct connection to Internet)

During OOBE (Out of Box Experience) on a Windows AutoPilot enrolled device, the following should be observed in the order listed below:

1. Vocal Intro from Cortana (unless it’s a Hyper-v VM)
2. Let’s start with this region. Is this right? [United States] <Yes>
3. Is this the right keyboard layout? [US] <Yes>
4. Want to add a second keyboard layout? <Skip>
5. Now we can go look for updates…(takes some time to download things and do magic)
6. Welcome to [Tenant Name] <Next>

Windows AutoPilot default behavior (with a proxy)

When a Windows AutoPilot enrolled device is booted behind a Proxy, it goes through these steps in OOBE:

1. Vocal Intro from Cortana (unless it’s a Hyper-v VM)
2. Let’s start with this region. Is this right? [United States] <Yes>
3. Is this the right keyboard layout? [US] <Yes>
4. Want to add a second keyboard layout? <Skip>
5. Let’s connect you to a Network.

In the above scenario, the Windows AutoPilot magic that should occur cannot take place due to a lack of direct Internet connectivity and therefore the following things will not happen:

• Automatically join devices to Azure Active Directory (Azure AD)
• Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription)
• Restrict the Administrator account creation
• Create and auto-assign devices to configuration groups based on a device’s profile
• Customize OOBE content specific to the organization

In other words, Windows AutoPilot can’t configure the device and you’ll need to do those actions manually.

Solution

Before starting this step, download the following PowerShell script

Note: To download scripts from windows-noob.com you must be logged on as a valid member.

SetWindowsAutoPilotProxy.ps1

edit the highlighted variables below and replace them with your proxy details

copy the edited script to your target Windows AutoPilot device.

Next, boot the Windows 10 device that is enrolled into Windows AutoPilot, once OOBE  starts it will take you to the Let’s start with region question.

Press Left shift and F10 keys together, a command prompt should appear.

In the cmd prompt that appears type the following

PowerShell

then type the following

Set-ExecutionPolicy UnRestricted

Next, run the script by typing .\SetWindowsAutoPilotProxy.ps1 and press Enter.

The script will run quickly and you’ll see a reboot prompt, you can ignore it, if you look carefully you can see your proxy settings in the PowerShell output.

This will gracefully reboot the computer with the Proxy settings in place and it will start the OOBE again except this time with a direct connection to the internet (via the Proxy).The OOBE experience after configuring proxy settings

After the reboot you’ll get prompted with the usual OOBE screens,

followed by Is this the right keyboard layout ?

and whether you Want to add a second keyboard layout ?

and the License Agreement screen

and now that the proxy settings are set, it will check directly with the Internet to verify for updates,

after accepting the EULA you’ll get to the Windows AutoPilot specific part of the process. You’ll know when that happens because your tenant name (and branding if configured) will appear.

After entering your credentials Windows setup will configure your profile

and depending on your settings, you may have to confirm Microsoft Verification for Windows Hello for Business (setup PIN)

Enter and confirm your PIN

after confirming the PIN you’ll see the Enrollment Status Screen (if configured in Windows Enrollment options in Intune), note that this is a Windows 10 version 1709 capability..

Once you click on Got it, Windows is ready to use and Intune policies are applied (such as Applications, start menu and more.)

That’s it, job done.

cheersniall