I’ve recently been building an SOE for a client using Windows 11 and Microsoft 365 with Autopilot and Intune.

In order to streamline the whole process, I wanted to make a bootable Windows 11 installer that I could use to completely wipe a machine, and then on first boot have the machine automatically enrolled into Intune.

There are many different ways to do this – some involve pressing Shift+F10 during Windows Setup and running a PowerShell script, some involve using a customizations.xml file, but the method I’ve settled on is based on this blog post from a couple of years ago by Simon Eriksen.

Create bootable USB w. Windows 11 incl. Autopilot JSON file

I basically used the entirety of his method, however needed to make a few changes as some of the PowerShell modules have been updated or renamed.

At the start, with the PowerShell modules to install, the Connect-MSGraph command no longer exists, it is instead Connect-MGGraph and you need to install a few more PowerShell modules to get it working as it should.

So, to install everything, open PowerShell as Administrator and run these commands to install the modules required and connect to Entra. It’s worth noting that I did this in PowerShell 7.x, it doesn’t need to be done in the old Windows PowerShell which is a 5.1.x

Install-Module AzureAD -Force
Install-Module WindowsAutopilotIntune -Force
Install-Module Microsoft.Graph -Force
Connect-MgGraph

This will then open a browser window for you to sign in to Microsoft 365.

To prepare for the WIM manipulation ahead, make sure you have already made the following target directories – if you follow the guide exactly as-is, you need to make:

C:\DATA
C:\DATA\WIM
C:\DATA\Mount

The folder C:\DATA\AutopilotProfiles will be created as part of the PowerShell command you run to download them.

Follow the rest of Simon’s instructions down to the point where you split install.wim into two smaller files. We don’t need to do this as our installer will be on an NTFS partition so the file can happily be larger than 4GB.

I’ll reproduce the key steps here just in case Simon’s blog goes offline

Download your Autopilot profile as JSON. Copy and paste this whole snippet into your PowerShell window where you’ve already authenticated to Entra

$AutopilotProfiles = Get-AutopilotProfile
Foreach ($AutopilotProfile in $AutopilotProfiles) {
    $TempPath = "C:\DATA\AutopilotProfiles\"
    if (!(Test-Path $TempPath)) {
        New-Item -Path $TempPath -ItemType Directory -Force
    }
    $name = $AutopilotProfile.displayName
    $ExportPath = $TempPath + $name + "_AutopilotConfigurationFile.json"
    $AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File $ExportPath -Encoding ASCII
}

Mount your ISO file and use DISM to see what editions are included. This assumes you have your ISO mounted at E:\

DISM /Get-ImageInfo /ImageFile:"E:\Sources\Install.WIM"

Pick an edition and export it to a new WIM. I wanted 8, which was Windows 11 Pro Education

DISM /Export-Image /SourceImageFile:’E:\Sources\Install.WIM’ /SourceIndex:8 /DestinationImageFile:C:\DATA\WIM\Install.WIM /Compress:Max /CheckIntegrity

Next, mount the image so we can inject the JSON file into it

DISM /Mount-Image /ImageFile:'C:\DATA\WIM\Install.WIM' /index:1 /MountDir:C:\DATA\Mount

After the WIM is mounted, copy your AutopilotConfigurationFile.json to:
%MountDir%\Windows\Provisioning\Autopilot\

Lastly, commit and unmount the image

DISM /Commit-Image /MountDir:C:\DATA\Mount

DISM /Unmount-Image /MountDir:C:\DATA\Mount /commit

Now you’ve got a custom install.wim with your AutopilotConfigurationFile.json baked into it, so download Rufus to build your Windows installer USB from https://rufus.ie/en and use the Windows 11 ISO that you originally started with. The ISO should be unmounted before you create the USB with Rufus.

Follow the instructions for Rufus – point it to your Windows 11 ISO and then hit the Start button and leave it for 5–10 minutes (or more if you have a slow USB drive).

When Rufus has finished building your USB drive, grab the install.wim from C:\DATA\WIM and copy it to the Sources folder on the USB, overwriting the one that’s already there.

And that’s it, boot up using the USB and away you go.

In doing this with Windows 11 24H2, it’s worth noting that the old method of using EI.cfg no longer seems to work in the new installer. If you need to pick a particular edition of Windows to install, then make sure you extract just that one from install.wim with Simon’s instructions so it’s the only one on your installer USB. Alternatively, when you’re in the new Windows 11 installer, half way through you get given the option to switch to the old installer which works as expected.

Update

regarding EI.cfg – apparently if you have a slightly different EI.cfg file and a second file called PID.txt that both go into the Sources folder, then the new installer will recognise them.

Example EI.cfg

[EditionID]
Pro
[Channel]
_Default
[VL]
0

Example PID.txt

[PID]
Value=VK7JG-NPHTM-C97JM-9MPGT-3V66T

In case you’re wondering, that product key is a generic Windows 10 Pro product key that can be used to install, but not activate Windows 10 Pro and Windows 11 Pro.