How to Perform Windows Autopilot Reset [2-Ways]

In this blog post, I will demonstrate the steps on how to perform Windows Autopilot Reset. We will remotely trigger Windows Autopilot reset using the Intune admin center to reset a Windows 11 device and check the end user experience.

When a user leaves the organization, and you want to repurpose/reassign the device to another user, you can perform an Autopilot Reset on the device. This process will remove the current user’s personal files, apps, and settings and reapplies the device’s original settings, maintaining its connection with Entra ID and Intune.

What is Windows Autopilot Reset?

Windows Autopilot Reset restores the device to a business-ready state, enabling the next user to sign in and become productive quickly. If the device is enrolled and managed through Intune, you can remotely reset it to its original settings.

What happens during Autopilot Reset?

When you initiate the Autopilot reset, a new OS of the same version is applied using the WinSxS store. Certain information is permanently removed during this process, while some information is preserved. Let’s check the details below:

Information Removed during the Autopilot Reset process

• Removes personal files, any third-party apps, and settings.
• Device’s Primary user is removed, and the next user who signs in will become the primary user.
• Reapplies a device’s original settings.
• Sets the region, language, and keyboard to the original values.
• All existing user profiles and associated data are deleted.

Information Kept after Autopilot Reset process

• Maintain Device Identity connection with Entra ID.
• Maintains Device management connection with Intune.
• Wi-Fi connection details.
• Provisioning packages previously applied to the device.
• Microsoft Entra device membership and MDM enrollment information.
• A provisioning package present on a USB drive when the reset process is started.
• SCEP certificates.

A user is blocked from accessing the desktop until the Windows Autopilot reset process is completed, and all information is restored. This includes reapplying any packages assigned to the desktop via Intune. Additionally, the user must wait for the MDM sync to be completed before regaining access.

Please note that Windows Autopilot Reset will also remove the device’s primary user, and the next user who signs in on the device will become the new primary user.

Autopilot Reset for Microsoft Entra hybrid joined devices

Autopilot reset is not supported for Microsoft Entra hybrid joined devices. A complete device wipe is necessary. When a hybrid device undergoes a full reset, it may take up to 24 hours to be ready for redeployment. To expedite this process, you can re-register the device. Only Microsoft Entra Join devices are supported for Windows Autopilot Reset.

Ways to Perform Windows Autopilot Reset

There are two methods for initiating Windows Autopilot Reset. Let’s explore them below:

1. Trigger Windows Autopilot Reset Remotely: Remotely trigger autopilot reset using Intune admin center.
2. Trigger Windows Autopilot Reset Locally: IT admins also have the option to perform Windows Autopilot Reset if they have access to the device.

Windows Autopilot Reset requirements

• Microsoft Entra ID joined Device.
• The device must be Intune Enrolled.
• WinRE must be Enabled on the device.
• For Local Windows Autopilot Reset: A local administrator account is required to perform the local Windows Autopilot Reset.
• For Remote Windows Autopilot Reset: Intune administrator role is required.

Method 1: Initiate Windows Autopilot Reset from Intune Admin Center

• Sign in to the Intune admin center > Devices > Windows > Windows devices.
• Click on the Device from the list on which you want to perform Autopilot Reset.
• Click on the Autopilot Reset option.

• After selecting the Autopilot Reset option, you will encounter a prompt with the following message: Yes or No. Go for Yes to proceed with the Autopilot Reset.

Windows Autopilot Reset quickly removes personal files, apps, and settings. It resets Windows 10 devices from the lock screen, and applies original management settings from Azure Active Directory and Intune device management. This returns the device to a fully configured or known IT-approved state. (If an enrollment status page wasn’t configured for this device during initial device enrollment, the device will go straight to the desktop after sign-in. It might take up to eight hours to sync and appear compliant in Intune.)

About Autopilot Reset option

• After clicking the Yes button, Autopilot Reset process will be initiated, and a status message will be displayed on the Intune portal: Autopilot Reset pending…

• After a few minutes, you will notice that the Autopilot Reset status has changed to Active. Next time a user reboots their device, it will enter the Autopilot reset state and undergo the reset process.

• If Autopilot Reset is not initiated after waiting some time on the desktop, a reboot may kickstart the device reset process. The screenshot below shows that the device reset is in progress.

• After resetting the PC, the reset process will initiate Windows installation on the device. At this stage, your device may reboot several times to complete the installation process.

• The Reset process will check for the latest updates.

• Your device may restart, and you may see the Windows lock screen. If this device is reassigned to a new user, that user can now log in to the device and will become the new primary user.

• Login using the organization-provided username and password.

• Preparing your desktop and setting up your Windows profile may take some time. Please wait.

• Finally, log on to the Windows device successfully; your device is ready.

• As an administrator, you can check the status of Autopilot reset from the Intune admin center. Click on the device on which you performed the Autopilot Reset and check the status. It shows Autopilot Reset: Completed and the date/time stamp.

• If you have noticed that the device name has been changed, the previous device name was Cloudinfra-W-92, and the new device name is Cloudinfra-W-38. This change is due to the Autopilot deployment profile configured in my tenant, which has a device naming template of Cloudinfra-W-%RAND:2%.

• Therefore, every time I perform an Autopilot Reset or use the Autopilot process, the Autopilot deployment profile assigned to the device is utilized, and the device will be renamed according to this template.

• To avoid this issue, select Apply device name template: No. In this case, it will pick up whatever default name has been assigned to the device.
  • Second option is to provide a different device name template, for example, Cl-%serial%. As the device’s serial number will remain the same, the device name will not change.

• The following screenshot shows the device status from Entra admin center. The device name is consistent with Intune, and its status remains Microsoft Entra joined. The new primary user will be displayed under the Owner column.

Method 2: Initiate Local Windows Autopilot Reset

You can also perform a Windows Autopilot Reset locally from the device. Once the process is initiated, it restores the device to its last known good configuration and prepares it for the next user. A local Autopilot Reset is essentially an Autopilot Reset performed offline, without contacting Intune or the cloud, although it comes with a few limitations.

Limitations of Local Windows Autopilot Reset

• Works only on Autopilot-registered, Entra-joined, Intune-managed devices.
• Depends on WinRE being present and enabled.
• Requires Local Autopilot Reset to be explicitly enabled by a device configuration policy (shown below).
• Requires physical access and local administrator credentials.
• Does not automatically change Intune primary user.
• Does not perform a full, secure / forensic disk wipe.
• ESP application installation progress may not fully show after reset.
• Preserves Entra Join and MDM, so not suitable for decommissioning or tenant change.
• Limited central audit trail compared to Intune-initiated remote autopilot reset.

Enable Local Windows Autopilot Reset

You must first enable Local Windows Autopilot Reset via Intune (Device restrictions > General > Autopilot Reset = Allow), which sets the DisableAutomaticReDeploymentCredentials policy. Once you create this policy, assign it to the device on which you will be performing local autopilot reset.

• Sign in to the Intune admin center > Devices > Windows  > Configuration > Create > New Policy.
• Select Platform: Windows 10 and later. Profile type: Templates. Template name: Device restrictions.
• Provide a name and description of the policy in the Basics tab.
• Under Configuration settings, expand the General section and use the set Autopilot Reset toggle to Allow.

Allow users with administrative rights to delete all user data and settings using CTRL + Win + R at the device lock screen so that the device can be automatically reconfigured and re-enrolled into management.

About Device restrictions > General > Autopilot Reset = Allow setting

2. Make sure WinRE is installed and enabled on the device where you will be starting local autopilot reset. If it’s not enabled, you can enable it using reagentc.exe /enable command.

Trigger Local Windows Autopilot Reset

Follow the below steps to trigger a Local Windows Autopilot reset:

• On the Windows lock screen, press Ctrl + Windows + R.
• When prompted, sign in with an account that has local administrator permissions.
• Local Windows Autopilot Reset process will start and return the device to a business-ready state while keeping it enrolled in Intune and joined to Entra ID.

Further Reading

To read more about Microsoft Autopilot Reset, go through this MS Docs link: Windows Autopilot Reset.

Windows Autopilot Setup Guide [Step-by-Step]