Starting with Window 10 build 1709, it is possible for administrators to re-initialize Windows 10 devices to remove personal files and settings and revert the device to an original state, while keeping the device enrollment.

Enable the policy

To make Windows Automatic Deployment available from the logon screen, you must first enable the policy; which can be done either with Intune (or any MDM supporting CSP) or with a Windows Configuration Designer package.

  • Logon to your Azure tenant with an administrator account and access your Intune blade

image

  • Then access the Device Configuration blade to create a new Windows 10 custom profile

imageimage

  • Then name the new profile and set the configuration as below
    • OMA-URI: ./Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials
    • Data type: Integer
    • Value: 0 – (the default value is set to 1 which means disabled)

image

  • Finally assign the new policy to devices or group of devices

image

 

Trigger the redeployment

Once the policy has been created and deployed, wait to ensure the policy is applied to the device(s) you want to reset

  • You can check the registry key

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{01A30791-40AE-4653-AB2E-FD210019AE88} and check the value of the Disabled value which need to be set to 0

image

  • Then at the logon screen use the keys combination Ctrl + Windows + R to open a new custom login page to sign in with an administrator account

image

  • You can also get the Automatic Deployment button available from the locked screen after hitting the Sign In options

image

  • After entering your local administrator account; you can use either a local account or a corporate account defined as local admin (see the

    Additional local administrators on Azure AD joined devices available from the Azure AD\Devices\Devices settings blade), Windows 10 will be redeployed

imageimageimageimage

  • Once completed, Windows is ready to go; already joined to Azure AD (as it was before); if the device needs to be connected to WiFi, you will be requested to select the WiFi network to connect to first

image