> ## Documentation Index > Fetch the complete documentation index at: https://docs.truu.ai/llms.txt > Use this file to discover all available pages before exploring further. # Intune Self-Deployment mode Autopilot Enrollment Workflow ### 1. Turn On the Device * The device is powered on for the first time (or after a reset). * The Out-of-Box Experience (OOBE) begins, presenting a welcome screen. ### 2. Network Connection * **Wi-Fi Connection**: * The device prompts for a Wi-Fi connection if it doesn't automatically connect via Ethernet. * The user (or technician) selects the Wi-Fi network and enters the necessary credentials to connect. * **Ethernet Connection** (if available): * If the device is connected via Ethernet, it automatically connects to the network without user intervention. ### 3. Autopilot Profile Download * **Device Contacts Autopilot Service**: * Once connected to the internet, the device communicates with the Windows Autopilot deployment service using its hardware ID (Hardware Hash). * **Profile Retrieval**: * The device checks if an Autopilot profile is assigned to it. * The appropriate Autopilot profile, configured for Self-Deployment Mode, is downloaded and applied. * The device detects that the downloaded profile is configured for Self-Deployment Mode. ### 4. ESP Phase 1 : Device Preparation * **Azure AD Join**: * The device automatically joins the organization's Azure Active Directory (AAD) without requiring user credentials. * **Intune Enrollment**: * Following the Azure AD join, the device automatically enrolls into Microsoft Intune. * The device starts receiving configuration policies, compliance policies, and any required applications from Intune. ### 5. ESP Phase 2: Device Targeted Policy and Application Deployment * **Device Configuration Policies**: * Configuration policies such as security settings, device restrictions, and network configurations are applied. * **Compliance Policies**: * The device is checked against compliance policies (e.g., encryption, antivirus status) to ensure it meets organizational standards. * **Application Deployment**: * Required applications specified in the Intune profile are automatically installed. **TruU Windows Authenticator Application is installed.** ### 6. TruU enrollment wizard * TruU enrollment wizard starts at the screen * User enters the information (login ID, Corporate email, etc. \**configured by admin*) and starts the enrollment process. * TruU processes the request by validating the user status and presents the enrollment workflow (IVW). * User selects the enrollment option, email/SMS. * TruU sends the enrollment code to email/SMS. * User enters the code in enrollment screen. * TruU processes the request and asks the user to set TruU PIN and/or biometric ( if the device has biometric capabilities). * User sets the PIN and/or biometrics. * TruU Fido2 key gets created in the backend automatically. * "Login using TruU" button is clicked to complete the initial Windows login. * Windows desktop screen shows up. (In the background, all the User assigned policies and apps will be deployed) **Note:** Microsoft’s Autopilot does not support User ESP when login authentication is done via a FIDO2 key in Self-Deployment mode. However, the user targeted policies and apps are still deployed in the background. You can watch the complete TruU-Intune Self-Deployment Autopilot end-user experience in the following video. *** [Intune User-driven Autopilot Enrollment Workflow](/docs/intune-user-driven-autopilot-enrollment-workflow) [Package and Deploy TruU Windows Authenticator in Intune](/docs/package-and-deploy-truu-windows-authenticator-in-intune)