Again a small post about Windows Autopilot, like my last post, to share some information we noticed in the field.
This week my colleague André and I set up a Dev tenant which also involved deploying devices into Azure AD and Microsoft Intune. During our testing we applied and changed a lot of settings in the configuration profiles applied to Windows 10 devices. During some device enrollment testing my colleague noticed a message during the enrollment phase (we enabled the Enrollment Status Page in Intune) of one of the Windows 10 machines. After a few minutes he received a pop-up with the message: You`re about to be signed out. Windows will shutdown in 10 minutes.
And indeed, while apps were being installed the device was rebooted and than returned back in the deployment stage.
When this happens during the installation of apps, this could result in app install failures and in the worst case the enrollment got timed out and fails. Or when the enrollment is successful within these 10 minutes, the user is signed out and the device rebooted a few minutes after his first logon.
It took quite some time for my colleague (all credits to him 🙂 ) to notice the setting which caused this behavior. This behavior is caused by enabling Windows Defender Application Control in the endpoint protection policy in Intune. We enabled Application Control in audit mode which caused this behavior.
After setting this setting back to Not configured, the message was not shown anymore during Autopilot enrollment.
The reason for the reboot is that Windows Defender Application Control needs Hyper-V to function and as soon as Hyper-V is enabled, a reboot is scheduled.
This behavior is confirmed by Microsoft as a known issue, the solution (or workaround) is to use a custom policy which is described here.