The Windows Autopilot white glove feature has been renamed to Windows Autopilot for pre-provisioned deployment.
Windows Autopilot can provide a pre-provisioning service that helps partners or IT staff pre-provision a fully configured and business-ready Windows PC. From the end user's perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster.
With Windows Autopilot for pre-provisioned deployment, the provisioning process is split. The time-consuming portions are done by IT, partners, or OEMs. The end user simply completes a few necessary settings and policies and then they can begin using their device.
Pre-provisioned deployments use Microsoft Intune in Windows 10, version 1903 and later. Such deployments build on existing Windows Autopilot user-driven scenarios and support user-driven mode scenarios for both Azure Active Directory joined and Hybrid Azure Active Directory joined devices.
- Windows Autopilot Reset:
Existing device can also be quickly prepared for a new user with Windows Autopilot Reset. The Reset capability is also useful in break/fix scenarios to quickly bring a device back to a business-ready state without a traditional process such as disk wipe.
- Windows AutoPilot Zero-day Patch (ZDP) updates are configured during the autopilot OOBE phase
- BitLocker Encryption during Windows AutoPilot:
BitLocker automatically encrypts internal drives during the out of box experience (OOBE) for devices that support Modern Standby or meet the Hardware Security Testability Specification (HSTI). By default, BitLocker uses XTS-AES 128-bit used space only for automatic encryption.
With Windows Autopilot, you can configure BitLocker encryption settings to apply before automatic encryption starts. This configuration makes sure the default encryption algorithm or type isn't applied automatically. A device that receives these settings after encrypting automatically will need to be decrypted before changing the encryption algorithm.
The BitLocker encryption algorithm is used when BitLocker is first enabled. During Autopilot, BitLocker will be enabled after the device setup portion of the enrollment status page. The following encryption algorithms are available:
- AES-CBC 128-bit
- AES-CBC 256-bit
- XTS-AES 128-bit (default)
- XTS-AES 256-bit
There are two types of Encryptions, full disk or used space-only. The type of encryption is automatically determined by configuration of silent enablement and hardware support for modern standby. You can enforce it by configuring the SystemDrivesEncryptionType setting. Like the encryption algorithm, the encryption type is used when BitLocker is first enabled
We understand below points.
What next Requirements for Windows AutoPilot