Okta + Windows Autopilot overview
This topic explains how Windows Autopilot works and the advantages of using Okta with it.
Windows Autopilot overview
Windows Autopilot by Microsoft allows you to set up, pre-configure, reset, recover, and repurpose Windows 10 devices to be ready for production use without requiring anyone to touch the device. It involves minimal efforts from IT admins and end users.
Once the end user switches on their new Windows device, connects to the internet, and enters their workplace credentials, Windows Autopilot configures the device from the cloud. Autopilot joins the device through Azure Active Directory (AD) join or Hybrid AD join. This significantly reduces the infrastructure costs and resources required to manage the Windows device life cycle.
How Windows Autopilot works
Windows Autopilot is set up in Microsoft Azure. To set up Windows Autopilot in your environment, see Demonstrate Autopilot deployment (Microsoft docs).
You need the device’s hardware ID (hardware hash), which is registered into the Windows Autopilot service.
You also need to configure Autopilot profiles in Microsoft Intune or MSfB. The profile defines how each device is deployed, how it's joined to Azure AD, and what the user experience is. Autopilot profiles allow you to customize the Windows 10 experience to conform with your organizational policies and branding. Each registered device is assigned an Autopilot profile.
After the end user boots the device for the first time and connects to the internet, it contacts the Windows Autopilot service. It automatically downloads and deploys the assigned profile settings, and joins it to Azure AD or Hybrid Azure AD. When the device is deployed, you can manage it with a mobile device-management tool.
Okta + Windows Autopilot overview
You can use Okta with Windows Autopilot in the following scenarios:
-
Use Okta MFA for Windows Autopilot requests.
You can add a sign-on policy rule in Okta that requires MFA when enrolling a device through Windows Autopilot. This increases security without compromising on the user experience and ensures that the right person gets the access to the device.
-
Use Windows Autopilot with Okta Device Trust and Okta FastPass.
If you're using Okta Device Trust or Okta FastPass and have a sign-on policy that allows only trusted devices to sign in, it prohibits the enrollment of a new device through Windows Autopilot. This is because the device is Not Trusted in Okta Device Trust or Okta FastPass, and Okta Verify is not installed. Using Okta with Windows Autopilot allows you to accommodate Windows Autopilot use cases in your org while continuing to use Okta Device Trust and Okta FastPass.
Advantages of using Okta with Windows Autopilot
Using Okta with Windows Autopilot allows you to secure and streamline the Windows Autopilot flow on end-user devices as follows:
-
Secure Windows Autopilot traffic with MFA: You can contextualize authentication requests from Windows Autopilot to apply MFA.
-
Centralized monitoring of Windows Autopilot requests: Identity-centric logging in Okta allows you to monitor all Windows Autopilot requests in one place.
-
Reduced overall IT admin costs with no-touch Windows 10 roll-out: You can use Windows Autopilot and Okta together to roll out your Windows 10 fleet without IT personnel having to touch the devices.