Windows Deployment After MDT

Microsoft retired the Microsoft Deployment Toolkit (MDT) in January 2026 without providing a migration guide or official successor solution. Organizations that depended on MDT for Windows deployment workflows must find alternatives.

The toolkit was discontinued due to security vulnerabilities that allow extraction of privileged Active Directory credentials directly from MDT deployment shares. These flaws remain unpatched, creating ongoing risk exposure for any organization still running MDT.

The Common Misconception About Intune and Autopilot

A widespread assumption exists that Intune and Autopilot fully replace MDT’s functionality. They do not.

Microsoft Intune requires an existing Windows installation. It manages configuration, policy enforcement, application deployment, and patch management — but cannot deploy to bare-metal systems.
Microsoft Autopilot requires a functioning operating system already present on the device. It handles enrollment and user setup, not OS installation.

When a device is new, wiped, or bricked, neither Intune nor Autopilot can help. That is exactly where MDT used to fit — and where the gap now exists.

Four Device Scenarios That Require Bare-Metal Provisioning

The gap becomes operational when you encounter any of the following:

New devices arriving without a Windows installation or with an OEM image that must be replaced
Bricked or unstable endpoints that need a clean OS restore before any management tooling can take over
Compromised devices requiring a verified baseline before reintroduction to the environment
Remote employees whose devices cannot be shipped back to IT for reimaging

In each case, a cloud-native provisioning capability is required — something that works before Autopilot and Intune can operate.

What a Modern MDT Replacement Looks Like

Cloud-based provisioning platforms offer the most comprehensive replacement for MDT. A modern solution handles:

Bare-metal OS provisioning for new or wiped devices
Driver orchestration — automatically matching vendor-certified driver packs to each hardware model
Remote recovery workflows — without requiring physical access or on-premises PXE infrastructure
Integration with Intune and Autopilot — handing off a ready-to-configure device once the OS is in place

The critical difference from MDT: no on-premises servers, no image-building pipeline, no PXE infrastructure to maintain.

How CapaOne Provision Manager Addresses the Gap

CapaOne Provision Manager is built specifically for this layer — the provisioning work that happens before Intune and Autopilot can take over.

Key capabilities:

The first deployment template can be configured in under one hour — no server installation, image building, or PXE infrastructure required
Supports Dell, HP, Lenovo, and Microsoft devices with automatic driver pack application
Functions as a standalone solution while integrating seamlessly with existing Intune environments
Works across office and remote environments — provisioning does not require physical proximity to an IT team

For organizations that have retired MDT or are still running it with known security exposure, Provision Manager is designed to close the gap without rebuilding deployment infrastructure around it.

Frequently Asked Questions

What replaces Microsoft Deployment Toolkit? Cloud-based provisioning platforms offer the most comprehensive replacement, handling bare-metal OS deployment, driver orchestration, and remote recovery without on-premises infrastructure.

Can Intune replace MDT? No. Intune requires an existing Windows installation and manages configuration, policy enforcement, and patch management — but cannot deploy to bare-metal systems.

Does Autopilot deploy Windows? No. Autopilot requires a functioning operating system already present on the device.

Does Provision Manager require Intune? No — it functions as a standalone solution while integrating with Intune environments for organizations that use both.

How long does initial setup take? The first deployment template can be configured in under one hour with no server installation, image building, or PXE infrastructure required.

Which hardware manufacturers are supported? Provision Manager supports Dell, HP, Lenovo, and Microsoft devices with automatic driver pack application.

If MDT migration is on your roadmap, see the full platform in action. Book a demo of CapaOne Endpoint Management Platform and get a walkthrough of Provision Manager alongside the complete endpoint management suite.

Name	Provider	Purpose	Expiry
capaone-consent	capaone.com	Stores your cookie consent choice and category preferences	12 months
theme	capaone.com	Remembers your chosen colour scheme (light/dark)	Persistent

Name	Provider	Purpose	Expiry
Supademo (iframe)	app.supademo.com	Interactive product demo — iframe loaded on click only	Session
Google Maps (iframe)	google.com	Interactive map showing our office location	Session

Name	Provider	Purpose	Expiry
_ga	Google Analytics	Distinguishes users from one another using a unique ID for statistical analysis	2 years
_ga_KX617PNCT5	Google Analytics	Persists session state and aggregates statistics for this property	2 years
capa_insights_did	CapaOne Insights (EU)	Random anonymous identifier used to count returning visitors (first-party, no personal data)	Persistent (localStorage)
capa_insights_sid	CapaOne Insights (EU)	Groups page views into a single visit for journey analysis	Session (sessionStorage)

Name	Provider	Purpose	Expiry
hubspotutk	HubSpot (EU1)	Tracks visitors for lead management and web analytics	13 months
__hs_cookie_cat_pref	HubSpot (EU1)	Stores cookie consent preferences for HubSpot forms	6 months