This guide outlines the process of using Windows Configuration Designer to create a provisioning package that automates device enrollment in Microsoft Entra ID and Intune. This method is particularly effective for bulk deployments and scenarios where direct Azure AD join isn't practical. The guide covers both package creation and deployment methods, suitable for both new device setup (OOBE) and existing Windows installations.
Table of Contents:
Prerequisites
- Administrative access to Microsoft Entra ID (formerly Azure AD)
- Windows Configuration Designer installed from Microsoft Store
- Administrative access to the local Windows device
- Active internet connection
- USB drive (if applying via portable media)
Steps to Create a Provisioning Package
- Install Windows Configuration Designer (WCD) from the Microsoft Store if not already installed
- Open Windows Configuration Designer
- Select "Provision desktop devices"
- Enter name for your project and select save location; choose “Finish”.
- Under "Set up device":
- (Required) Device name: Enter a device name template to be used for devices joining Entra. If you’d like to use the existing name of the device, enter a placeholder here (”placeholder”, etc.), and we will adjust the configuration further.
- (Optional) Enter a product key if you’d like to apply an edition upgrade, etc.
- Choose “Next”
- Under “Set up network”:
- Turn off “Set up network” if you’d like to skip joining a wireless network automatically.
- Choose “Next”
- Under “Account Management”:
-
Choose “Enroll in Azure AD
-
Set “Refresh AAD credentials” to Yes
-
Click “Get Bulk Token”
- You will be prompted for tenant admin credentials
<aside>
NOTE: When you complete this step, a new user account will be created in the Entra ID tenant with a prefix of “package_”. This will be the provisioning package service account bound to the original Entra join. This package will only remain valid for 180 days, but can be disabled prematurely by disabling/deleting the “package_” user in Entra.
</aside>
