Skip to main content

BYOD AutoPilot Device enrollment

Lucas Neuman
Updated
Here are the steps you'll need to enroll a new Windows 11 device in Scorpion's Intune/AutoPilot MDM.
 
A couple of important pre-requisites for the IT team to be aware of:
  • The device should be owned by Scorpion, not personal.
  • Assumes the machine is not domain-joined.
  • The device must have a valid Windows Pro or Enterprise license.
  • The user must have a valid Microsoft O365 E3 or Intune License, and be in the following Entra ID security groups:
    1)Intune_Windows_USERS (AAD/Entra join)
    2)Intune_User_Enrollment (user enrollment + hash upload)
    3)AutoPilot Apps Users

1. Out-of-Box Experience (OOBE) — Create a Local Account

When Windows 11 Home first boots, Microsoft pushes you toward an online Microsoft Account. Here's how to get around that requirement and create a local administrator account:

During OOBE:

  1. Pick your language and region
  2. On the "Let's connect you to a network" screen — do not connect to Wi-Fi yet (skip if possible)
  3. Run a command to create the local user, called "localadmin":
    • Press Shift + F10 to open the CMD prompt with administrative privileges
    • Run: start ms-cxh:localonly

  4. You'll see the screen: Create a User for this PC

  5. Create a local username and password (no Microsoft Account)
  6. Answer the security questions for the password recovery options
  7. You may decline or skip the preferences and telemetry questions when prompted.

Tip: Avoid picking a username like "Admin" or "User" — use a generic staging name like localadmin since this account may persist or need to be cleaned up later.

 

2. Post-Login Steps

Once on the desktop, install ConnectWise ScreenConnect remote software for our IT Team to assist remotely.

  1. Connect to the internet (Wi-Fi or Ethernet)
  2. If a Scorpion IT technician is assisting remotely, follow these steps to join a ScreenConnect session; otherwise, you may skip to step 3:
    • Browse to https://cwa-scorpionsd.screenconnect.com/ with Microsoft Edge or other browser (choose the option Start without your data, uncheck the box, then Confirm and Start Browsing

    • Type in the code provided by the technician, then launch the downloaded ScreenConnect.client application. 

    • Agree to the prompts about running the application and giving full access to your computer. 

      1. Click Run

2. Check the Acknowledge box, click Connect

3. Click Yes on the User Account Control prompt, Do you want to allow this app to make changes to your device? 
ScreenConnect.ClientService.exe


Scorpion IT Team will take control at this point 

or if instructed, the user may continue with the steps.

 

3. Check Windows edition from the command prompt or Windows search bar: 

Type Winver and press Enter

  • If you have Windows 11 Pro or Enterprise, then you are good to proceed to the Windows MDM Enrollment steps below
  • If you are on Windows 11 Home, then you'll need to enter a product key in Activation settings.

 

Windows MDM enrollment

  1.  Windows Update 
    • Settings → Windows Update → Check for updates, Download & install all
    • Reboot as needed, repeat until no more updates pending
  2. Set the time zone in Date & Time settings if it is not already correct

  3. Scorpion IT will check Windows AutoPilot devices to see if the device hash has been imported. If not, then continue using the Windows search bar, open PowerShell as Administrator

Note: Open PowerShell prompt as administrator:
If you have not logged into Windows yet on a fresh install, use SHIFT + F10 to get a command prompt then type these commands, one line at a time pressing enter after each line, and enter Y for YES when prompted:

#Use these commands to extract the hardware hash for Microsoft Intune MDM enrollment:
Set-ExecutionPolicy Unrestricted -Scope CurrentUser

Install-Script -name Get-WindowsAutopilotInfo -Force
#Insert a USB drive or use a local path to save the CSV hardware hash file:
Get-WindowsAutoPilotInfo -OutputFile D:\<path to external drive>\AutoPilotHWID<serial number>.txt
 
4. Email the resulting AutoPilotHWID.txt file to Scorpion IT for importing into AutoPilot devices, and wait for them to confirm profile assignment. 

Note:  We temporarily use the txt extension so that the file does not get blocked by our spam filter, however IT team will need to convert it to CSV before importing the hash file.

Before proceeding, make sure that the user account is in the proper AutoPilot/Entra ID groups (Intune_Windows_USERS and AutoPilot Apps Users):
5.  Once the Device hash has been imported and the AutoPilot profile assigned, to enroll the device in AAD/Entra from a local profile, in the Windows search bar, type Access work or school (under Accounts), then click Connect on the Add a work or school account
 

 
4. On the Set up a work or school account screen, do NOT enter your email address yet; 
First, click on Join this device to Microsoft Entra ID
 

 
5. On the Let's get you signed in screen, type your email address (first.lastname@scorpion.co), and then select Next.

6. When you see the Make sure this is your organization screen, review the information to make sure it's right, and then click Join.
 

 
7. Click Done to continue
 
8. Sign out of your local Windows profile and then log back in with Other user and enter your full email address at the login screen. 

You'll see it cycle through a couple of screens like this for approximately 2-3 minutes, while it creates a new Scorpion user profile.

 
Wait for the enrollment steps to complete:
  • Device preparation (waiting)
  • Device Setup (waiting)
  • Account Setup (working on it...)

This should not take more than 5-10 minutes, if it goes longer, feel free to force a reboot and login with your Scorpion account.

9. Log in to Windows with your Scorpion email address. 
  • Check device enrollment from a command prompt: 
  • Type dsregcmd /status, then enter and you should see output like this:

10. Let ServiceDesk@scorpion.co know you completed the device enrollment.
 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk