Enable Autopilot in Intune: Complete Guide with Entra Join, Hybrid Join & CNAME Configuration (Step-by-Step)
Enable Autopilot in Intune is a modern deployment solution that allows organizations to provision Windows devices without traditional imaging. By combining Microsoft Intune and Microsoft Entra ID, organizations can implement zero-touch deployment, enforce security policies, and improve operational efficiency.
This guide goes beyond basics and includes CNAME (ctype) configuration, which is critical for automatic enrollment, along with detailed steps for both Entra Joined and Hybrid Joined devices.
What is Windows Autopilot in Intune?
Windows Autopilot is a cloud-based deployment technology that simplifies device provisioning. Instead of manually configuring devices, IT teams can predefine policies and profiles that automatically apply during device setup.
- Zero-touch provisioning
- Cloud-based deployment
- Integration with Intune and Entra ID
- Reduced IT workload
- Improved user onboarding experience
Read more: Microsoft Autopilot Official Documentation
Why Enable Autopilot in Intune?
- Eliminate manual imaging
- Standardize device configuration
- Enhance security compliance
- Enable remote workforce
- Automate device lifecycle
Explore related guide: Microsoft Intune Complete Guide
Understanding Device Join Types
Entra ID Joined Devices
Cloud-native devices that are directly joined to Microsoft Entra ID.
- No dependency on on-prem AD
- Fully managed via Intune
- Best for modern organizations
Hybrid Azure AD Joined Devices
Devices joined to both on-prem Active Directory and Entra ID.
- Requires AD Connect
- Supports legacy applications
- Uses Group Policy + Intune
Prerequisites to Enable Autopilot in Intune
- Microsoft Intune license
- Microsoft Entra ID tenant
- Windows 10/11 devices
- Admin permissions
- Network connectivity
- DNS configuration (CNAME record)
IMPORTANT: CNAME (ctype) Configuration for Autopilot
The CNAME record is one of the most important configurations when you enable Autopilot in Intune. It allows devices to automatically discover the Intune enrollment service.
What is CNAME in Intune?
A CNAME (Canonical Name) record in DNS redirects a domain to another domain. For Intune, it ensures automatic enrollment without requiring users to manually enter server details.
Required CNAME Record
Host Name: enterpriseregistration.yourdomain.com Points to: enterpriseregistration.windows.net
How to Add CNAME Record (Step-by-Step)
- Login to your DNS provider (GoDaddy, Azure DNS, etc.)
- Navigate to DNS Management
- Click Add Record
- Select Type: CNAME
- Enter:
- Host: enterpriseregistration
- Value: enterpriseregistration.windows.net
- Save changes
Verification of CNAME
nslookup enterpriseregistration.yourdomain.com
If configured correctly, it should resolve to Microsoft endpoint.
Official reference: Intune Enrollment DNS Configuration
Step-by-Step: Enable Autopilot in Intune
- Login to Intune Admin Center
- Go to Devices → Windows
- Select Windows Enrollment
- Click Deployment Profiles
- Create profile
- Select Join Type (Entra or Hybrid)
- Assign profile to group
Register Devices in Autopilot
PowerShell Script to Collect Hardware Hash
Install-Script -Name Get-WindowsAutopilotInfo -Force Get-WindowsAutopilotInfo.ps1 -OutputFile AutoPilotHWID.csv
Upload Device to Intune
- Devices → Windows → Enrollment
- Upload CSV
- Assign profile
Deployment Profiles Configuration
- Skip privacy settings
- Set user account type
- Enable white glove (optional)
- Configure naming template
Entra Joined Autopilot Flow
- User powers on device
- Connects to internet
- Signs in using Entra credentials
- Device joins Entra ID
- Intune policies applied
Related: Conditional Access Deep Dive
Hybrid Joined Autopilot Flow
- Device connects to domain
- Uses Intune Connector
- Joins on-prem AD
- Syncs with Entra ID
Official: Hybrid Autopilot Setup
Graph API for Autopilot
GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities
Check Specific Device
GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id}
Troubleshooting Autopilot Issues
Common Problems
- CNAME not configured
- Device not assigned profile
- Network issues
- License missing
Check Device Status
dsregcmd /status
Check Enrollment Logs
- Event Viewer → Device Management Logs
- MDM Diagnostics
Advanced Troubleshooting with PowerShell
Get-WindowsAutopilotInfo.ps1 -Online
Get-MgDeviceManagementWindowsAutopilotDeviceIdentity
Key Points to Remember
- CNAME configuration is mandatory
- Assign profiles before deployment
- Use dynamic groups
- Validate DNS and network
FAQs – Enable Autopilot in Intune
1. What is the role of CNAME in Autopilot?
CNAME enables automatic discovery of Intune enrollment service.
2. Can Autopilot work without DNS configuration?
No, manual enrollment will be required.
3. Why is my Autopilot failing?
Check CNAME, profile assignment, and licenses.
4. How to verify Autopilot registration?
Use Graph API or Intune portal.
5. Which join type is recommended?
Entra Join for cloud-first environments.
Conclusion
To successfully enable Autopilot in Intune, proper configuration of deployment profiles, device registration, and especially CNAME (ctype) DNS records is essential. With correct implementation, organizations can achieve seamless, secure, and scalable device provisioning.
For more detailed IAM and Intune content, visit Cloud Knowledge
Leave a Reply