Assign a user to a Windows AutoPilot device

This blog post uses capabilities that are added in Windows 10, version 1809, which is currently still in preview.

This week a short blog about another relatively new Windows AutoPilot feature. This week is all about assigning a specific user to a specific Windows AutoPilot device. That enables an administrator to directly assign a user to a Windows AutoPilot device. Assigning a user to a Windows AutoPilot device will make sure that the username will be pre-filled during Windows setup. It also lets the administrator set a custom greeting name, which will also be added during the Windows setup. In this post I’ll show the actual configuration steps, followed by the end-user experience.

Configuration

Before starting with the actual configuration steps, it’s important to name a few prerequisites.

  • Azure AD company branding is configured;
  • Device is running Windows 10, version 1809 or later;
  • User is Microsoft Intune licensed

When the prerequisites are in place, it’s time to start looking at the actual configuration. The following five steps walk through assigning a user to a Windows AutoPilot device.

1 Open the Azure portal and navigate to Intune > Device enrollment > Windows enrollment to open the Device enrollment – Windows enrollment blade;
2 On the Device enrollment – Windows enrollment blade, click Devices to open the Windows AutoPilot devices blade;
3 On the Windows AutoPilot devices blade, select the specific device (make sure to check the box) and click Assign user to open the Select user blade;
AP-AssignUser
4 On the Select user blade, select the specific user and click Select, which will open the Properties blade of the device;
5

AP-UserFriiendlyNameOn Properties blade of the device, provide the User Friendly Name and click OK to return to the Windows AutoPilot devices blade.

Note: This will provide a message like in this case “Awesome dude has ben successfully assigned to 3008-9109-1000-6969-987…

End-user experience

Now let’s end this post by looking at the end-user experience when using a user-driven deployment. After configuring the location and the keyboard, the user will get a personal welcome message. The message includes the configured custom user friendly name and the username will be preconfigured (as shown below). The user only needs to provide a password and click Next.

AP-UserExperience

Note: This experience does not work when used in combination with ADFS.

More information

For more information about assigning a user to a Windows AutoPilot device, please refer to the documentation Enroll Windows devices by using the Windows AutoPilot | Assign a user to a specific Autopilot device.

29 thoughts on “Assign a user to a Windows AutoPilot device”

  1. what if you need to reassign it to someone else afterwards ? Do you ‘wipe’ or do an autopilot reset ?

    Both result in deleting all the apps. Then the pain of reinstalling the apps.

    Reply
  2. Hi Peter,

    Assign user to autopilot wasn’t successful for me. Self deployment auto pilot works but not the assign user.

    Reply
    • Hi Priyaa,
      You mean assigning an user to a device for self-deploying mode? If so, self-deploying mode is not really designed for user specific device. That’s the user drive mode.
      Regards, Peter

      Reply
  3. Hi Peter, do you happen to know how to bypass the assigned user when first logging into Autopilot? There does not seem to be a (documented) way and one can imagine scenarios where this might be required. Just want it to ask for the user name instead of pre-populating. Thanks!

    Reply
  4. Hi Peter,

    I am trying to learn Intune as best I can but always seem to be hitting walls. I tried the Assign User feature in Intune Autopilot but now want to remove the user (and not add another.) Is there an easy way to remove the user (again without adding a different user.)?

    Reply
      • Hi Peter,
        Just an FYI. I finally found the remove assigned user option for the autopilot device. You must click the three dots to the right of the object you want to remove the assigned user from. I guess they don’t want you doing this to multiple devices at once. I also believe I have clicked this before but did not have the option presented so I cannot say when the option became available. Just glad it is there.

        Reply
  5. I have a question. I have been assigning autopilot devices to users using this method. Generally, the OOBE is like this as expected, but occasionally, even when it passes the white glove and shows the correct assigned user, upon reboot the user is greeted with a screen that says, “Who’s going to use this PC?” I want the OOBE to restrict access to only the assigned user, like in this article. Is there a reason why this would sometimes happen?

    Reply
  6. Hey Peter
    We use a custom role for our admins to enable them to import devices to Autopilot and set GroupTags as well as giving them other needed rights to manage devices in Intune.
    But we do not find the setting to enable them to assign a user to a new device. The button is greyed out.
    Do you know the setting how to activate this?

    Greetings, Thomas

    Reply
      • I’m having a similar issue. We want to hire a group of sneakers to do a bulk whiteglove deploy of a large batch of new laptops and rather not give them any more permissions that necessary to do the assignment of users to the autopilot and then go through whiteglove to get it done.

        The Custom Intune Role “AutoPilot Operator” was created with the following permissions:

        Audit data
        – Read
        Enrollment programs
        – Assign profile
        – Create device
        – Sync device
        – Delete device
        – Read device
        – Read profile
        Managed devices
        – Read
        – Set primary user
        – Update
        Organization
        – Read

        Unfortunately, the “Set Primary User” permission only has relevance to the Intune management object and not the autopilot object.

        Reply
          • I would like the sneakers to be able to assign a user to an autopilot registered asset, to prepare the device for whiteglove deployment.

            The “set primary user” only lets the sneakers change the primary user after deployment, but that defeats the purpose of whiteglove deploying all applications, including the specifically user assigned apps.

            Right now I need a privileged user with the intune admin entra role on standby all the time to do (re)configure the assigned user.

          • Figured it out with a lot of outside help (big shout out to Frans Oudendorp).

            Apparently in older tenants, you need to hit the “Allow access to unlicensed admins” button to actually activate the Intune RBAC roles. Missed that step since tenants created after a certain year, have this enabled by default and I never came across this setting because of that.

  7. Hey Peter,
    do you know if something has changed in this procedure?
    We we’re using the user assignment for quite a long time – but now if we assign a user, the assignment is ignored.
    The user is presented the welcome screen (“Welcome to xxx GmbH!”) but he is asked for the email address, just like no user was assigned.
    We thought maybe something was wrong with the new user account – but also tried with a account that was working previously – also the same.
    Thanks in advance!
    Werner

    Reply
  8. Hello,
    Anyone hve the same problem? Since few month when I assign in Autopilot a user, it appear but, when I start the process in laptop, it ask to me the UPN. Always I assigned the device to users and they only need to introduce their passwords.
    In Autopilot page i view the assignments correctly, but the proccess allow introduce otherupn.

    Thank you

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.