Windows Autopilot
The Windows Autopilot integration connects xAssets with Microsoft's Autopilot deployment service. Autopilot provides zero-touch provisioning of Windows devices, and the xAssets integration synchronises Autopilot enrolment data with the asset register. This means newly enrolled devices appear in xAssets automatically, and asset managers have visibility into the Autopilot deployment pipeline alongside their existing inventory.
Prerequisites
- A Microsoft 365 or Intune subscription with Windows Autopilot enabled.
- Azure Active Directory with the devices registered for Autopilot.
- The Microsoft Intune integration should be configured first, as Autopilot uses the same Azure credentials. See Microsoft Intune.
- Configuration-level access to xAssets.
What Data Syncs
The Autopilot integration brings the following data into xAssets:
| Autopilot Field | xAssets Field | Notes |
|---|---|---|
| Device Serial Number | Serial Number | Used as the primary matching key |
| Model | Model / Description | The hardware model of the device |
| Manufacturer | Manufacturer | The hardware manufacturer |
| Group Tag | Specification data field | Used for deployment profile targeting |
| Enrollment Status | Status or specification data field | Whether the device has completed Autopilot setup |
| Purchase Order ID | Purchase Order reference | If configured in Autopilot |
| Azure AD Device ID | Specification data field | The Azure AD object identifier |
How the Integration Works
The Autopilot integration operates through the xAssets transformation framework:
- Data retrieval — a scheduled transformation calls the Microsoft Graph API to retrieve the list of Autopilot-registered devices.
- Matching — each Autopilot device is matched against existing xAssets records using the serial number. If a match is found, the existing record is updated. If no match is found, a new asset record is created.
- Status synchronisation — the Autopilot enrolment status is written to the asset record, so you can see which devices have completed provisioning and which are still pending.
- Ongoing updates — the transformation runs on a schedule (e.g., daily or hourly), so changes in Autopilot are reflected in xAssets automatically.
Setting Up the Integration
Step 1: Configure Azure Credentials
If you have not already configured the Microsoft Intune integration, create an Azure App Registration with the necessary Graph API permissions:
- In the Azure Portal, create a new App Registration (or use the existing one from the Intune integration).
- Grant the following API permissions:
DeviceManagementServiceConfig.Read.All— for reading Autopilot device informationDeviceManagementManagedDevices.Read.All— for reading device details
- Create a client secret and note the Application (client) ID, Directory (tenant) ID, and the client secret value.
Step 2: Create Credential Pack in xAssets
- Navigate to Discover > Prepare > Credentials.
- Create a credential pack with the following values:
| Field | Value |
|---|---|
| Credential Type | Named Credentials |
| Collection Server | Application Server |
| Pack Name | AUTOPILOT (or use your existing INTUNE pack) |
| Domain Name | Your Azure tenant ID |
| Username | The Application (client) ID |
| Password | The client secret |
Step 3: Enable the Autopilot Transformation
- Navigate to Admin > Transformations > IT Transformations > Cloud Integrations (or the relevant transformation group).
- Locate the Autopilot transformation.
- Configure the transformation settings, including the credential pack name.
- Set the schedule (e.g., daily at midnight).
- Run the transformation manually the first time to verify it retrieves devices correctly.
Step 4: Verify the Data
- After the transformation runs, navigate to the asset list.
- Search for a known Autopilot device by serial number.
- Verify that the Autopilot-specific fields (Group Tag, Enrollment Status, Azure AD Device ID) are populated.
Enrollment Workflow
When a new device is enrolled in Autopilot, the following sequence occurs:
- Device registered in Autopilot — the hardware vendor or IT administrator registers the device serial number and hardware hash in Autopilot.
- xAssets transformation runs — the next scheduled run picks up the new device and creates an asset record (or updates an existing one).
- Device powers on and enrolls — the user or technician powers on the device, which connects to Autopilot and begins provisioning.
- Status updated — subsequent transformation runs update the enrolment status in xAssets to reflect the provisioning progress.
- Device in service — once provisioning is complete, the asset record shows the device as enrolled and active.
This workflow ensures that asset managers have visibility into new devices from the moment they are registered, not just after they are deployed and discovered on the network.
Tips
Tip: Use the Autopilot Group Tag field to identify deployment profiles (e.g., "Standard User", "Developer Workstation", "Kiosk"). This can be mapped to an xAssets specification data field and used for reporting and compliance.
Tip: If you are also using the Intune integration, the same Azure credentials can be shared. You do not need separate app registrations for Autopilot and Intune.
Tip: Create a query that shows all Autopilot devices by enrolment status. This gives you a quick view of devices that are registered but not yet provisioned — useful for tracking deployment progress.
Warning: Autopilot device data includes hardware hashes that are sensitive. Ensure that your xAssets instance is secured with appropriate access controls, especially if Autopilot data is visible to non-administrative users.
Related Articles
- Microsoft Intune — the broader Intune device management integration
- Azure Direct Integration — direct Azure resource integration
- Transformations Overview — how transformation-based integrations work
- Credential Packs — managing stored credentials