How to Perform Windows Autopilot Reset from Intune Portal
In this post, I will show you how to perform Windows Autopilot Reset. We will trigger a remote Autopilot Reset from the Microsoft Intune Admin Center which will reset the device.
If you are wondering what an autopilot reset does, the answer is that it resets the device and returns it to a business-ready state. This allows the next user to sign in and start working quickly.
If you are looking to get started with Windows Autopilot, here is the Windows Autopilot Setup guide. This guide covers the steps to set up Windows Autopilot in Microsoft Intune from scratch. Also see how to fix Autopilot Profile Status Shows Not Assigned.
Before you Reset Devices with Autopilot Reset
The steps to perform a remote autopilot reset are simple, but you need to understand what is removed from the device and what is preserved after Autopilot Reset happens. According to Microsoft, a Windows Autopilot Reset does the following.
- Removes personal files, apps, and settings.
- Reapplies a device’s original settings.
- Maintains the device’s identity connection to Azure AD.
- Maintains the device’s management connection to Intune.
The Autopilot Reset process automatically keeps information from the existing device.
- Set the region, language, and keyboard to the original values.
- Wi-Fi connection details.
- Provisioning packages previously applied to the device
- A provisioning package present on a USB drive when the reset proces is started
- Azure Active Directory device membership and MDM enrollment information.
Autopilot Reset for Hybrid Azure AD joined devices
I have been asked by many if Autopilot reset works for Hybrid Azure AD joined devices. The answer is No, the Autopilot Reset does not support Hybrid Azure AD joined devices. A full device wipe is required. When a hybrid device goes through a full device reset, it may take up to 24 hours for it to be ready to be deployed again. You can expedite this request by re-registering the device
During the Autopilot Reset, the user is blocked from accessing the desktop until the information is restored, including reapplying any provisioning packages. For devices enrolled in an MDM service, Autopilot Reset will also block until an MDM sync is completed. After you perform the Autopilot reset on a device, the device’s primary user will be removed. The next user who signs in after the reset will be set as the primary user.
Ways to Perform Windows Autopilot Reset
There are two ways to initiate the Windows Autopilot reset of a device from the Intune console:
- Trigger local Windows Autopilot Reset: Usually performed by IT personnel or other administrators from the organization.
- Trigger Remote Windows Autopilot Reset: Initiated remotely by IT personnel via an MDM service such as Microsoft Intune. To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed and joined to Azure AD.
Perform Windows Autopilot Reset from Intune Portal
To trigger a remote Windows Autopilot Reset from Intune, follow these steps:
- Sign in to the Microsoft Intune admin center.
- In the portal, navigate to the Devices tab.
- In All devices view, select the targeted reset devices and then click More to view device actions.
- Select “Autopilot Reset” to reset selected device with Autopilot reset.
The following message appears on the screen when you attempt to autopilot reset a Windows device.
Autopilot Reset – DEVICE NAME
Windows Autopilot Reset quickly removes personal files, apps, and settings. It resets Windows 10 devices from the lock screen, and applies original management settings from Azure Active Directory and Intune device management. This returns the device to a fully configured or known IT-approved state. (If an enrollment status page wasn’t configured for this device during initial device enrollment, the device will go straight to the desktop after sign-in. It might take up to eight hours to sync and appear compliant in Intune.)
Click Yes to trigger a remote Autopilot Reset of Windows device.
Now you see the status as Autopilot Reset pending. The Date and Time stamp is also logged along with the status.
It took approximately 60 minutes to trigger the autopilot reset. I’m not sure why it took 60 minutes in my case, but the reset should have been initiated within 30–60 seconds. After few minutes, under Device actions status, we see the Autopilot reset is complete.
After the Autopilot reset is complete, you must configure Windows hello and set a PIN. You can also disable windows hello for Intune if you want to avoid entering the PIN. Typically, you see the same screens when you complete Autopilot setup normally.
Trigger local Windows Autopilot Reset
Another way to trigger the autopilot reset on a Windows device is to locally perform this action. A local Windows Autopilot Reset is a two-step process: trigger it and then authenticate. Once you’ve done these two steps, you can let the process execute and once it is done, the device is again ready for use.
Perform the following steps to trigger a local Autopilot Reset:
- From the Windows device lock screen, enter the keystroke: CTRL + Windows key + R.
- The above shortcut keys will open up a custom login screen for the local Autopilot Reset.
- Sign in with the admin account credentials. Once the local Autopilot Reset is triggered, the reset process starts. Once provisioning is complete, the device is again ready for use.
It won’t change the primary user for us. Is that a known issue that you’re aware of? Does the old user need to be remove from AD first before AutoPilot reset changes the primary user?
Any idea when will Autopilot Reset support Hybrid Azure AD joined?
This is an interesting question!? But I find the question even more interesting, why does the reset work in the “Intune for Education” console?