Why SCCM-Imaged Devices Show the Enrollment Status Page (ESP) After Vendor Serial Uploads

By /

Why Some SCCM-Imaged PCs Show the Enrollment Status Page (ESP) Out of the Blue—and How to Stop It

You’ve set up co-management with SCCM for imaging and Intune for Autopilot, and your hardware vendor is uploading device serials on your behalf. Yet some freshly imaged machines—with no Autopilot profile and a fully baked unattended.xml—are still showing a “Setup Complete” ESP prompt at first login. Here’s why it happens and how to keep those devices jumping straight to the desktop.

What’s Going On?

When the vendor uploads serial numbers, Intune flags those hardware IDs as “pending Autopilot.” Even without an assigned profile or any files in C:\Windows\Provisioning\Autopilot, Intune treats first Azure AD sign-in as the start of an Autopilot flow. That kicks off the ESP screen to install required apps, settings, and policies—just like a true Autopilot join.

How to Prevent the Surprise ESP

  1. Tag or Group Uploaded Devices
    Have your vendor apply a temporary tag (for example, “AutopilotPending”) when uploading serials. In the Intune portal under Devices → Enroll devices → Windows enrollment → Autopilot devices, filter assignments so only tagged devices trigger ESP. Untagged SCCM-imaged PCs will skip ESP entirely.

  2. Exclude SCCM Collections from Autopilot
    Create an Azure AD group for your SCCM device collection. In Autopilot deployment profiles, add that group to the Exclude list. Devices in that group won’t launch ESP on first login—even if they appear in Autopilot devices.

  3. Stagger Serial Uploads
    Instead of bulk uploading all serials up front, upload only after imaging and applying your unattended.xml. This way, devices aren’t “pending” in Intune when users first sign in, so they go straight to the Windows desktop.

  4. Turn Off ESP for Non-Autopilot Groups
    If tagging or exclusion isn’t feasible, edit your ESP profile under Enrollment Status Page settings. Disable the Show progress for required apps, settings, and profile items option for an AAD group containing SCCM devices. This stops ESP but preserves it for genuine Autopilot machines in other groups.

Next Steps

  • In Intune, check Devices → Windows Autopilot devices to see all uploaded serials, even those unassigned.

  • Tag or group your SCCM endpoints before first boot.

  • Adjust your vendor’s upload process or your Autopilot filters.

With these tweaks, only true Autopilot-profiled PCs will see the ESP on first login. All your SCCM-imaged devices will bypass setup screens and land directly on the Windows desktop.

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top