How do I diagnose Windows Autopilot deployment using PowerShell?

This guidance outlines a device side approach for troubleshooting Windows Autopilot deployments using locally executed PowerShell tools. Running diagnostics directly on the endpoint provides visibility into enrollment progress, policy processing, application installation, and Enrollment Status Page behavior as seen by the device itself. The steps are intended for scenarios where immediate on device insight is needed and portal side information alone is insufficient.

When to Use

Use this process when

  • Autopilot stalls during ESP
  • Policies do not apply as expected
  • Device enrollment or Entra join appears incomplete

Prerequisites

  • Physical access to the device
  • Ability to open a command prompt during OOBE
  • Internet connectivity

Procedure

  1. Open PowerShell during Autopilot
    At the Autopilot OOBE screen, press Shift + F10 to open a command prompt, then launch PowerShell.

  2. Allow script execution for the current session
    This change applies only to the active PowerShell session.

    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force

  3. Install the Autopilot diagnostics script

    Install-Script -Name Get-AutopilotDiagnostics -Force

    This installs the Microsoft published diagnostic script used to inspect Autopilot, Enrollment Status Page, application, and policy state on the local device.

  4. Run the diagnostics

    Get-AutopilotDiagnostics

    The script analyzes the current device and displays Autopilot profile details, Enrollment Status Page tracking, application installation state, policy processing, and enrollment events.

Review key output sections

Focus on the following areas in the output:

  • Autopilot profile: Confirms which Autopilot profile was detected and applied.

  • Enrollment Status Page: Identifies which phase is blocking and which app or policy is holding ESP open.

  • Applications and policies: Highlights failures, timeouts, or installs stuck in a pending state.

  • Device registration and enrollment: Shows Entra join and MDM enrollment related events.

Save output for escalation to Microsoft, if needed

Get-AutopilotDiagnostics | Out-File C:\Temp\AutopilotDiagnostics.txt

Notes

  • This process consolidates data that would otherwise require manual review of event logs, registry keys, and ESP behavior.
  • The script can be run during OOBE or after deployment completes.
  • Results reflect what Autopilot and Intune believe the device state to be at that moment.
Print Article