While working in AzureGov recently I was able to connect to a few AutoPilot interfaces in the Microsoft Endpoint Manager/Intune portal.
AutoPilot allows organizations to effectively “PIN” or “LOCK” a device to their AAD environment and then asset with auto enrollment/provisioning when it is setup by a user in Windows OOBE. See https://learn.microsoft.com/en-us/mem/autopilot/windows-autopilot
AutoPilot has been available in Azure Public and is the key to features like
- Intune Proactive Remediation
- Surface Enterprise Management Mode (SEMM)
Unfortunately, Autopilot has been on the roadmap for a while for Microsoft’s Azure Government but it has not been made private preview nor a timeline discussed.
I am excited to share that I have seen some of the early deployment indicators for Windows Autopilot in Azure Government! After contacting Microsoft support I was informed that while the web pages and APIs are available the service is not yet deployed nor supported. Boo!
I was able to get to the AutoPilot interfaces through the new Intune Device Enrollment portal. The entry points into the Windows AutoPilot device interface are now missing from the standard Intune/Endpoint Device Enrollment page. However, you can still browse directly to the original URLs.
Fingers crossed this means that Autopilot support isn’t too far away! By looking at the Microsoft Intune for US Government GCC High and DoD service description you see that Windows AutoPilot is still in the “Planning Phase”.
Here is the Portal link for Windows Autopilot devices in Microsoft Intune Government admin center. https://endpoint.microsoft.us/#view/Microsoft_Intune_Enrollment/AutoPilotDevicesBlade/filterOnManualRemediationRequired~/false
An attempt to import or enroll my devices for Azure Government GCC-High Intune Windows Autopilot resulted in an error while saving the device. “Device has already been AAD joined. Union the device before retrying.” Error Code 640 – StorageError.
