During a project with a customer, we noticed that the Windows Autopilot welcome screen took a long time to load but eventually did. Once the welcome screen was present, Autopilot worked without issue. So what was the cause?
Lets start troubleshooting
Of course, you'd immediately think network or DNS related which was my thoughts. We know the Autopilot configuration JSON file is on the device because the welcome screen eventually loads. So the device is getting outbound to pulled down the necessary files.
On a device connected to the internal network, we ran a Autopilot readiness debug toolkit kindly created by the team at MSEndpointMgr: https://msendpointmgr.com/intune-debug-toolkit/
This gave me a couple of things to look at (sorry i don't have a screenshot). So we decided to download Fiddlr and run Fiddlr as System using PSExec during the OOBE.
Rudy the host of call4cloud.nl has a great breakdown showing the benefits of using Fiddlr for Intune related issues: https://call4cloud.nl/2020/11/close-encounters-of-fiddler/
When running Fiddlr as System (Whilst the device was attempting to load the Windows Autopilot welcome screen). We noticed a bunch of failed connection attempts to the Windows Update service.
We connected the device to a separate network and did not see the same connection errors.
Root cause
During the OOBE process and after the Windows OS configuration, the Windows Update service retrieves needed updates. If Windows Update is inaccessible, the Autopilot process will still continue but critical updates won't be available.
The device attempted to reach the Windows Update service using round-robin and eventually failed which presented the Windows Autopilot Welcome Screen.
The solution
Pretty obvious at this point but review the Windows Update network requirements and make exclusions to support Windows Autopilot.