Microsoft describes Windows AutoPilot as “Windows AutoPilot is a suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs”.  That roughly translates to a cloud based method of deploying new Windows 10 devices. To use Windows AutoPilot you'll need to fulfill some requirements namely:

  • Devices must be registered to the organization
  • Company branding needs to be configured
  • Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
  • Devices must have access to the internet
  • Azure AD Premium P1 or P2
  • Microsoft Intune or other MDM services to manage your devices

Windows 7 is not going to gain access to this new technology and new devices are the target (from the OEM for example). There is a way to re-provision existing Windows 10 devices via a Windows Reset but I’ll cover that in another blog post.

This post will explain how you can get around one obstacle that currently exists (29th of November 2017) with Windows AutoPilot, and that is the ability to connect to the Internet across a Proxy. Windows AutoPilot needs to be able to connect to the internet to do it's magic, and proxies can throw a spanner in that.

In this post I assume you have already enrolled a Windows 10 device into Windows AutoPilot and that you plan on connecting the new Windows 10 device to the internet via a Proxy. All screenshots are from a Windows 10 version 1709 computer (Fall Creators Update).

Windows AutoPilot default behavior (with direct connection to Internet)

During OOBE (Out of Box Experience) on a Windows AutoPilot enrolled device, the following should be observed in the order listed below:

1. Vocal Intro from Cortana (unless it's a Hyper-v VM)
2. Let’s start with this region. Is this right? [United States] <Yes>
3. Is this the right keyboard layout? [US] <Yes>
4. Want to add a second keyboard layout? <Skip>
5. Now we can go look for updates…(takes some time to download things and do magic)
6. Welcome to [Tenant Name] <Next>

Windows AutoPilot default behavior (with a proxy)

When a Windows AutoPilot enrolled device is booted behind a Proxy, it goes through these steps in OOBE:

1. Vocal Intro from Cortana (unless it's a Hyper-v VM)
2. Let’s start with this region. Is this right? [United States] <Yes>
3. Is this the right keyboard layout? [US] <Yes>
4. Want to add a second keyboard layout? <Skip>
5. Let's connect you to a Network.

In the above scenario, the Windows AutoPilot magic that should occur cannot take place due to a lack of direct Internet connectivity and therefore the following things will not happen:

  • Automatically join devices to Azure Active Directory (Azure AD)
  • Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription)
  • Restrict the Administrator account creation
  • Create and auto-assign devices to configuration groups based on a device’s profile
  • Customize OOBE content specific to the organization

In other words, Windows AutoPilot can't configure the device and you'll need to do those actions manually.

Solution

The solution for now involves some manual steps, and here’s how to do it. When booting a new Windows 10 device that is enrolled into Windows AutoPilot, click through the OOBE until it takes you to the Let's connect you to a Network screen. It will look something like this (if there is a mix of WiFi and LAN). It will list your LAN Network connection with No Internet and if WiFi capability is available, automatically highlight a WiFi connection.

lets connect you to a network.png

Press Left shift and F10 keys together, a command prompt should appear.

start-with-this-region-command-prompt.pn

Apply Proxy Settings Step

Depending on your Proxy requirements, use one of the following methods below:

Method #1

In the command prompt, enter the following command:

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_SZ /d http://mysite/proxy.pac

 

replace http://mysite/proxy.pac with your the URL needed for your Automatic Configuration Script.

Method #2

If you need to configure the proxy without an AutoConfiguration Script, then use the following reg keys instead, replacing proxyserveraddress:proxyport and username/password with the valid url,port and associated settings.

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d proxyserveraddress:proxyport /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password /f

Method #3

Set a System wide Proxy using the following netsh command

netsh winhttp set proxy proxyserveraddress:proxyport

replacing proxyserveraddress:proxyport and username/password with the valid url,port, press enter when done.

Method #4

The settings that worked in my environment are listed below,  a mixture of the above user and system settings

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d proxyserveraddress:proxyport /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_SZ /d http://mysite/proxy.pac
netsh winhttp set proxy proxyserveraddress:proxyport

Don't forget to gracefully reboot

After you've applied the proxy settings using the methods above, you'll need OOBE to become aware of the changes, and to do that, reboot the computer gracefully.

Enter the following command

Shutdown /r

This will gracefully reboot the computer with the Proxy settings in place and it will start the OOBE again except this time with a direct connection to the internet (via the Proxy).

The OOBE experience after configuring proxy settings

After the reboot you'll get prompted with the usual OOBE screens, continue through the OOBE until you get to the Windows AutoPilot specific part of the process (occurs directly after the keyboard questions). You’ll know when that happens because your tenant name (and branding if configured) will appear.

welcome-to-windows-noob.png

After entering your credentials Windows setup will configure your profile

this-might-take-several-minutes.png

and depending on your settings, you may have to confirm Microsoft Verification for Windows Hello for Business (setup PIN)

windows-hello.png

Enter and confirm your PIN

confirm-pin.png

after confirming the PIN you’ll see the Enrollment Status Screen (if configured in Windows Enrollment options in Intune)

enrollment-status-screen.png

Once you click on Got it, Windows is ready to use and Intune policies are applied (such as Applications, start menu and more.)

windows-is-ready.png

That’s it, job done.

cheers

niall