In this post, I give a quick rundown of the key differences between deploying new computers using Autopilot vs. using the more tried and true Configuration Manager Operating System Deployment (OSD). I have been in this industry for coming up on 25 years and have done a lot of OS imaging and deployments. Remember the old NT 4 unattend.txt? That’s where I started. But now, as a senior consultant, I often find myself having to explain to customers what you gain or lose in the OS deployment realm if switching to Intune Autopilot. I hope this blog entry helps capture some of the key points that help you understand the right choice for your organization.
To first lay some groundwork, Autopilot is a set of cloud-based technologies, with its foundation in Intune and AzureAD, that can be used to “image” computers for distribution to end users. This can be new computers shipping direct from manufacturer or older computers you wish to repurpose.
Here is the official summary page from Microsoft, if that helps:
Having worked extensively with both, from my perspective the key differences between Autopilot and SCCM OSD are these:
SCCM OSD Notes
- With OSD, you typically create a gold image, or several gold images, that contain pre-installed apps, drivers and preconfigured settings.
- You capture that image and then redeploy using Task Sequences.
- The Task Sequences can further customize the deployment by getting it to join the domain, rename the computer, install further drivers and applications.
- This SCCM model of imaging provides extensive customization and flexibility.
- You could also add more automation by PXE booting computers off the network and into the build process.
- All of this requires local network access to the SCCM infrastructure servers.
Autopilot in More Detail
- Autopilot does none of this. Every Windows 10/11 computer comes from the manufacturer with a built-in OS. When you first turn it on the end user goes through an “Out-of-box Experience” where you answer some questions to setup your computer at first start. An older computer can be put back into factory mode and start the Out-of-box experience again.
- Autopilot gives you, the administrators of the company, an automated way of controlling that out-of-box experience. You are not deploying a gold image of your making; you are instead configuring the existing image that comes from the manufacturer.
- You decide when out-of-box experience happens whether the following things are preconfigured for the user/device: (called an Autopilot Profile):
- Join the domain
- Name the computer
- Install apps
- Push polices to configure the device for company standards
- All the user has to do (or an admin can pre-do this for them) is sign in with their Office 365 credentials when they first turn on the computer and go through Out-of-box experience. Once they give their O365 email and pw it starts the Autopilot which does all the rest. This can take some time as applications probably need to be installed. The end result is a company-controlled computer (Intune) that is joined to the domain and named according to standard and has all the applications and configuration that are for that user group.
- With this approach, no local infrastructure is necessary to ready computers. Therefore, you could ship computers direct to end users and have them login without the need for amins to do all the prep work. However, to save the end user some time, an admin could open the computer and take it through the first part of Autopilot.
There are other things to understand about Autopilot but hopefully this summary helps. A few other quick notes:
- Intune and Autopilot do not work with Windows Servers. SCCM (or other solutions) would still be needed for centrally managing them.
- For a device to be approved for your Autopilot environment, a hardware hash has to be entered into Intune. When purchasing from manufacturer, they can enter those hashes for you. That can help save a lot of effort. For an existing computer that you wish to repurpose with Autopilot, you would have to retrieve the hash and enter it yourself.
I hope this helps clarify some of the differences if you are considering moving away from SCCM and into Intune Autopilot.