Windows Autopilot on existing devices

Question

Windows Autopilot on existing devices

tommy soo 81

Hi Team

Just a bit of a background, I am in a hybrid environment and our machines are prepped via MDT

I'd like to know whether is it possible to configure these already existing devices to Autopilot. I have followed multiple tutorials online to configure Autopilot in our Intune Admin Center, nothing fancy just the basics in order to see how it works with our current setup

I am testing via a VM with the following configs

Re-imaged VM via MDT
AAD hybrid joined and Intune enrolled
HWID imported into Autopilot
Ensure that the machine is enabled for Autopilot

I know that Autopilot Reset is not an available option as it isn't support in a hybrid environment, I have tried using Fresh Start and Wipe but both have failed. I got the standard "There was a problem resetting your PC. No changes were made" error

A bit puzzled as to where i got wrong or why the reset isn't moving forward

Essentially what I'd like to achieve is the following

Enroll existing MDT devices into Autopilot
When needed I'd like to wipe the device via Autopilot and re-issue the device to a new user as opposed to re-imaging via MDT

1 answer

Your answer

Answer 1

Quinnie Quoc 5,835 Independent Advisor

Hi tommy soo,

Thank you for reaching out and providing detailed context. Enrolling existing devices into Windows Autopilot in a hybrid environment is possible, but it does require specific configuration steps. Since your devices are re-imaged via MDT and already hybrid Azure AD joined with Intune enrollment, you're on the right track.

To enable Autopilot for existing devices, ensure you're using the Windows Autopilot for Existing Devices scenario, which involves applying a deployment profile via a JSON file during the MDT task sequence. You can find guidance and templates for this setup on Deployment Research. Also, confirm that your Intune Connector for Active Directory is properly installed and configured, and that your domain join profile is mapped to the correct OU2.

Regarding the reset issue, you're correct that Autopilot Reset is not supported in hybrid environments. Instead, consider using a re-deployment strategy with Autopilot profiles and MDT task sequences tailored for re-issuance. The “Fresh Start” and “Wipe” options may fail if system components or policies block reset operations, especially in hybrid domain-joined scenarios.

Let us know if you'd like help reviewing your deployment profile or MDT integration steps.

Best regards,

Quinnie Quoc.

tommy soo 81 Reputation points

2025-09-01T20:50:14.3366667+00:00

Thanks for your response, i need help understanding this

"The “Fresh Start” and “Wipe” options may fail if system components or policies block reset operations, especially in hybrid domain-joined scenarios."

What policies should i be checking that would prevent either options to work for?

My current concern is that our current devices which are all re-imaged via MDT will not work with Autopilot

"To enable Autopilot for existing devices, ensure you're using the Windows Autopilot for Existing Devices scenario, which involves applying a deployment profile via a JSON file during the MDT task sequence. You can find guidance and templates for this setup on Deployment Research. Also, confirm that your Intune Connector for Active Directory is properly installed and configured, and that your domain join profile is mapped to the correct OU2."

I assume this means i will need to create a new task sequence in MDT which is specific for Autopilot? Yes, Intune Connector for AD is configured and domain joined profile is mapped to a specific OU. A bit confused when you mentioned correct OU
tommy soo 81 Reputation points

2025-09-23T21:10:02.03+00:00
Thanks for getting back to me. I managed to get Autopilot working however i do have questions based on its behavior during the entire process from wipe to user login

Just to re-cap, we are on a hybrid environment so that already limits quite a bit of Autopilot's potential

I am aware that in order for Autopilot to work we need the following

Line of sight from PC to DC

PC must already be enrolled into Intune

HWID needs to be imported

User who logs into the PC will need to have either an intune license or a license that includes intune

My current configuration based on the above seems to be working fine as I can use Autopilot Wipe without any issues. I do though need some clarification on some things

Naming

After using Autopilot wipe on a PC, as the PC was already intune joined and intune connector already configured, I can see that PC's name was changed from COM-1912 to Autopilot-i8Vt2. If you look at the screenshot below, prior to these 2 entries, I added the PC's serial number per HWID instead

These are just the few things I noticed so far, still testing on my end and will get back to you with more questions

OOBEAfter the Autopilot wipe process, I can see that the serial number was replaced with Autopilot-i8Vt2. As we are a hybrid environment, when i go change the PC name in AD from Autopilot-i8Vt2 to COM-1912 and synce to AAD, i can see in Intune Windows devices there is only COM-1912 however in the group above i see 2 entries. Both these entries are in AAD devices and i am unable to delete either entry. I assume the entries are Intune enrollments? However how do I delete either one? In this case Autopilot-i8Vt2 as there is no option to delete, just disable

After the wipe process, I am brought to the OOBE screen where i as asked to enter a security key (my email) and password. This initiates the configuration however after the configuration is completed, i am brought to the standard Windows login screen where i am have to re-enter both username and password again. Just trying to understand what was the purpose of entering the credentials the first time when i have to re-enter again post Windows configuration?

Windows App

I have an issue where a LoB app that I have uploaded the MSI file and its installed on the PC but on Intune the status is saying its not installed. Is this an issue?

These are just the few things I noticed so far, still testing on my end and will get back to you with more questions

Share via

Windows Autopilot on existing devices

1 answer

Your answer