Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.

Read through the FAQ archives, or send him your questions via email.

Q. What is AutoPilot?
Q. How do I enable Windows Hello authentication without a PIN?
Q. When deploying a JSON template can I make it use an existing virtual network/subnet instead of creating a new one?

Q. What is AutoPilot?

Dept - Windows 10

A. AutoPilot is a new feature introduced with the Creators release of Windows 10 (1703). It provides a simple way to deploy new devices to the organization.

Traditionally new devices are deployed as follows:

  1. The device arrives
  2. The device is wiped
  3. A corporate image is deployed
  4. Try to reinstall drivers that are not in the corporate image that are needed by the device

This means the device has to be connected to the corporate network to get the new image and go through a long process and be touched by IT to complete configuration.

With Windows AutoPilot a new machine is registered with the organizations Azure AD by using the machines hardware ID via Windows Store for Business or the Partner Center administration portal (in the future hardware partners will be able to upload this information directly for you). Now as soon as the machine is unboxed and connected to the Internet once the user has selected a language the device will automatically be enrolled to Azure AD once the user enters their Azure AD email address and password (they will not be prompted if the account is work or personal etc) the device will also receive any other configurations via Intune (or any other MDM service) which can include changes such as switching to Enterprise SKU.

This means users can now just be directly delivered a device, turn it on and it will receive the corporate configuration without having to be re-imaged or touched by IT.

Q. How do I enable Windows Hello authentication without a PIN?

Dept - Windows

A. This is not possible. The first item to configure is a PIN which is a machine-local code to enable logon to that specific machine and protects the machine-specific private key. Once the PIN is set you can then enable other logon methods such as picture password/facial recognition/biometric. It is important to have the PIN incase the other methods would rendered unusable such as you shave off your beard, scar your finger etc, or a sensor on the machine is broken which would block you logging in unless you used the traditional username and password which is less secure than the PIN. More information on passwords vs PINs can be found at https://aka.ms/whfbpinvpassword.

Q. When deploying a JSON template can I make it use an existing virtual network/subnet instead of creating a new one?

Dept - Azure

A. Absolutely. Typically in a JSON template you define all the details about the network but you can also configure it to use an existing by specifying an existing virtual network name, subnet and the resource group. For example:

"virtualNetworkResourceGroup": {
"value": "savill-vnets_rg"
},
"masterSubnetName": {
"value": "savill-vnet-east-mastersub"
},
}
"virtualNetworkName": {
"value": "savill-vnet-east"
},

These would then be used as part of the definition, for example:

"vnetID": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",