In this article, we will cover two ways to perform a Windows autopilot reset. You can trigger an autopilot reset of Windows devices locally or via the Intune admin center.
One of the remote device actions that Intune offers to its enrolled Windows devices is the Autopilot Reset. If you are wondering what an autopilot reset does, the answer is that it resets the device and returns it to a business-ready state. This allows the next user to sign in and start working quickly.
If you are looking to get started with Windows Autopilot, here is a complete Windows Autopilot Setup guide to help you. The guide covers the steps to set up Windows Autopilot in Microsoft Intune from scratch.
What is a Windows Autopilot Reset?
As per Microsoft, Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and simply. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
When a device goes through Autopilot Reset, the primary user is deleted, and the next person to sign in after the reset becomes the primary user. This prevents the user from accessing the desktop until this data is restored, including reapplying any provisioning packages. Through the Intune admin center, administrators can remotely start a Windows device’s autopilot reset.
What happens during an Autopilot Reset?
An autopilot reset involves wiping the device’s operating system, removing all user-owned files, applications, and settings, and reinstalling the same OS version. You get a fresh start for your existing Windows device enrolled in Intune.
It is important for administrators to understand that when an auopilot reset is initiated for a remote device, it cannot be cancelled. The below information covers what data is removed during autopilot reset and what data is kept on the device that undergoes autopilot reset.
What information is removed during the autopilot reset process?
According to Microsoft, when you initiate an autopilot reset on the Windows device, the following things happen:
- Removes personal files, apps, and settings.
- Reapplies a device’s original settings.
- Sets the region, language, and keyboard to their original values.
- Maintains the device’s identity connection to Microsoft Entra ID.
- Maintains the device’s management connection to Intune.
- The device’s primary user is removed. The next user who signs in after the reset will be set as the primary user.
What information is maintained during the autopilot reset process?
The Windows Autopilot Reset process automatically keeps information from the existing device:
- Wi-Fi connection details are maintained on the device. If you have assigned a Wi-Fi profile via Intune, the assignment happens once the device completes the reset.
- Provisioning packages that were previously applied to the device.
- A provisioning package present on a USB drive when the reset process is started.
- Microsoft Entra device membership and MDM enrollment information.
- SCEP certificates.
- Intune Management Extension
Requirements for performing Autopilot Reset
To use the Windows Autopilot reset feature in Intune, the following conditions must be met:
- The remote Windows should be enrolled in Intune.
- The Intune management extension should be installed, and the device must sync with Intune.
- Intune Service Administrator role is required for remote Windows Autopilot Reset.
- Windows Autopilot Reset requires that the Windows Recovery Environment (WinRE) be correctly configured and enabled on the device.
- A local reset can be started by IT personnel or other administrators from the organization.
- Remote resets can be started remotely by IT personnel with administrator privileges via an MDM service such as Microsoft Intune.
Ways to Perform Windows Autopilot Reset
There are two ways to initiate the Windows Autopilot reset of a device from the Intune console:
- Trigger local Windows Autopilot Reset: Usually performed by IT personnel or other administrators from the organization.
- Trigger Remote Windows Autopilot Reset: Usually performed remotely by IT personnel via an MDM service such as Microsoft Intune. To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed and joined to Microsoft Entra ID. The Intune Service Administrator role is required for a remote Windows Autopilot Reset.
A local reset requires IT personnel to manually initiate the autopilot reset from the Windows device lock screen by pressing CTRL + Windows key + R keys. Whereas a remote autopilot reset can be triggered for a device by an administrator from the Intune admin center.
Method 1: Initiate Windows Autopilot Reset from Intune Admin Center
To trigger a remote Windows Autopilot Reset from the Intune admin center, follow these steps:
- Sign in to the Microsoft Intune admin center.
- In the portal, navigate to the Devices tab.
- In the All Devices view, select the targeted reset devices, and then click More to view device actions.
- Select “Autopilot Reset” to initiate the selected device with Autopilot Reset.
The following message appears on the screen when you initiate autopilot reset for a Windows device.
Autopilot Reset: DEVICE NAME
Windows Autopilot Reset quickly removes personal files, apps, and settings. It resets Windows 10 devices from the lock screen, and applies original management settings from Azure Active Directory and Intune device management. This returns the device to a fully configured or known IT-approved state. (If an enrollment status page wasn’t configured for this device during initial device enrollment, the device will go straight to the desktop after sign-in. It might take up to eight hours to sync and appear compliant in Intune.)
Click Yes to confirm and initiate a remote autopilot reset of your Windows device.
Under the device action status, we see that the status shows “Autopilot Reset pending.” In addition to the status, the date and time are recorded.
During our testing, it took about 60 minutes to initiate the autopilot reset process on the remote Windows device. The reset usually happens 30 to 60 seconds after it is started, though some setups may cause it to take longer. You can trigger an Intune policy sync on the remote device to speed up the reset process.
If you refresh the Intune admin center, the autopilot reset status is now changed to ‘Active.’ This means that the remote Windows device is going through the autopilot reset process. During the autopilot reset, the device cannot be accessed and should remain connected to the internet.
After a few minutes, under Device Actions Status, we see the autopilot reset status is changed to Complete. The screenshot below confirms that the remote reset has been successful on the Windows device. Without requiring any user input, you can successfully reset a remote Windows device to a fully configured or known IT-approved state with Autopilot reset.
After the Autopilot reset is complete, you must configure Windows Hello and set a PIN for login. If you prefer not to enter the PIN, you have the option to disable Windows Hello for Intune.
Upon completion of the Autopilot reset, what will be the Windows device’s computer name? Well, the answer is based on the device name template that you have configured in your autopilot deployment profile.
Deployment profiles determine the deployment mode and customize the OOBE for end users. When you create an autopilot deployment profile, you have the option to configure the device name template for devices that you enroll.
For instance, you can use the %SERIAL% macro to add a hardware-specific serial number as a device name. Or, use the %RAND:x% macro to add a random string of numbers, where x equals the number of digits to add.
If you set the “Apply device name template to Yes,” the Windows device that is reset by autopilot will be configured with a name based on the guidelines of the device name template. If you set the “Apply device name template to No,” the old device name will be used after the reset.
Method 2: Trigger Local Windows Autopilot Reset
Another way to trigger the autopilot reset on a Windows device is to locally perform this action. As previously mentioned, IT staff members or other organization administrators can start a local autopilot reset.
By default, local Windows Autopilot Reset is disabled. This default ensures that a local autopilot reset isn’t triggered accidentally. To enable a local Windows Autopilot Reset, the DisableAutomaticReDeploymentCredentials policy must be configured.
A local Windows Autopilot reset is a two-step process: trigger it and then authenticate. Once you’ve done these two steps, you can let the process execute, and once it is done, the device is again ready for use.
Perform the following steps to start a local autopilot reset on a Windows device:
- On the Windows device lock screen, enter the keystroke: CTRL + Windows key + R.
- The above shortcut keys will open up a custom login screen for the local Autopilot Reset.
- Sign in with the admin account credentials. Once the local autopilot reset is triggered, the reset process starts. Once provisioning is complete, the device is again ready for use.
Autopilot Reset for Microsoft Entra hybrid joined devices
Microsoft’s documentation clearly states that the Autopilot Reset does not support Microsoft Entra hybrid joined devices. That’s the reason why the Autopilot Reset option is not available for Microsoft Entra hybrid joined devices in the Intune admin center.
For entra hybrid joined devices, a full device wipe is required. When a hybrid device goes through a full device reset, it may take up to 24 hours for it to be ready to be deployed again. You can expedite this request by re-registering the device.
Troubleshooting Windows Autopilot Reset Errors
Some of the commonly encountered errors and warnings during the Winows autopilot reset are listed below.