Why Windows Autopilot devices is important?
If you’re willing to have a solution to onboard users remotely you probably heard about Autopilot.
This is not about deploying Windows 10/11 from “the cloud” to your device.
Summary
All procured devices are enrolled to your M365 tenant by default and theyāll get the āblankā GroupTag
You can leverage the GroupTag to associate all autopilot devices (in blank) to be either AADJ (Azure AD joined) or HAADJ (Hybrid Azure AD joined).
https://learn.microsoft.com/en-us/mem/autopilot/enrollment-autopilot
| All Autopilot devices | (device.devicePhysicalIDs -any (_ -contains “[ZTDID]”)) |
| Segmenting AADJ | (device.devicePhysicalIds -any (_ -eq “[OrderID]:AADJ“)) |
| Segmenting HAADJ | (device.devicePhysicalIds -any (_ -eq “[OrderID]:HAADJ“)) |
| Segmenting by Purchase Order Id | (device.devicePhysicalIds -any (_ -eq “[PurchaseOrderId]:76222342342“)) |
TIP!
For each Windows autopilot deployment that you assign an included group with its targeted devices you should exclude the other WAP sec. groups from it. Or you can use the āAll Autopilot devicesā however, excluding all AADJ and HAADJ Group tags from it (check table below).
| WAP Name / Join Type | Assignments ā Included Groups | Assignments ā Excluded Groups |
| AADJ / Azure AD joined | All-AADJ-Devices | All-HAADJ-Devices |
| HAADJ / Hybrid Azure AD joined | All-HAADJ-Devices | All-AADJ-Devices |
| HAADJ / Hybrid Azure AD joined | All Autopilot devices | All-AADJ-Devices
All-HAADJ-Devices Here you should exclude all Dynamic Device Groups where you have GroupTags associated with them. |
Windows autopilot devices (Screenshot)
Post 1 ā PPKG part 1
Post 2 ā PPKG part 2
You can use PPKG to register your devices hash to Windows autopilot devices based on the GroupTag (AADJ or HAADJ WAP) as the previous table.
Cheers,
Thiago Beier
Thiago Beierš 