You can search based on the ApplicationID. Plug in the USB Drive.. Run script in 64-bit PowerShell Host - The default is No which runs in 32-bit PS host. For the demo I choose "Personal Device" and click on "OK". Run PowerShell Script. For my demo I am setting a registry key so I want to run this in 64-bit PS host so I have selected Yes. Start by opening a PowerShell console and run the following command: 1. Please refer to the blog below, you don't have to import anything manually. Notes for this script: Replace the Tenant ID, Application ID, and App Secret hashes with the values of your created Enterprise Application Just a basic factory, workgroup install of Windows 10. The serial number is useful for quickly seeing which device the hardware hash belongs to. Then you can exclude said group from your autopilot-only deployments. Run the following commands for creating a local "scripts" folder and downloading the Get-WindowsAutoPilotInfo script. Click Next when all selections have been made. This will open a command prompt. Connect to your WiFi network (if no LAN cable is connected) and after that press the SHIFT + F10 keyboard combination. Now we need to choose what devices or users we will assign the PowerShell script to. Usage: - The script can work from running Windows 10, but be careful removing native Azure AD joined Intune Devices - Show more Installation Options Install Script Azure Automation Manual Download Copy and Paste the following command to install this package using PowerShellGet More Info Install-Script -Name AutopilotNuke Author (s) Install-Script -Name Upload-WindowsAutopilotDeviceInfo. Reboot the computer into the full OS that we've just installed. Under Windows Policies, select PowerShell Scripts. Note that it is normal for the resulting CSV file to not collect a Windows Product ID (PKID) value since this is not required to register a device. You have to confirm the parameters page to save and activate the Webhook. To rune the script on the computer locally, you can follow the steps below. Go to "API Permissions" and click Add a permission. Using this simplified scripted approach is pretty much straight forward. The Script It is a simple script, it is just a couple of lines. This is the syntax of the script: # Check if AutoPilotScript is installed $InstalledScripts = Get-InstalledScript If ($InstalledScripts.name -notcontains "Upload-WindowsAutopilotDeviceInfo") { Install-Script -Name Upload-WindowsAutopilotDeviceInfo -force } I've made some further enhancements to that process to provide a few additional options. Click on Devices - PowerShell Script to Add or Modify Group Tag of Autopilot Devices in Intune 1 Once you click on the Devices, you will be able to see the list of Windows Autopilot Devices is imported into the Microsoft Endpoint Manager Admin Center portal. Here I run Michael's PowerShell script. The most convenient way is to simply right-click the file and choose Run with PowerShell. I checked also with Get-AutopilotESPStatus.ps1 from https://www.powershellgallery.com/packages/Get-AutopilotESPStatus/4.1 but still not sure. Below is probably the easiest of the lot.. Invoke-Expression "& { $(Invoke . Choose "Microsoft Graph" and "Application permission". I followed the instructions from the . This one performs a simple task: It leverages the PSWindowsUpdate PowerShell module to identify any needed Windows updates that need to be installed, then downloads them and installs them. First things first, we need to make sure the device you are going to use to build the Autopilot device has a few pre-requisites: The module was written primarily for PowerShell 7 - if you don't have it yet, there's a bunch of ways to get it on your machine. You need to install the Get-WindowsAutoPilotInfo.ps1 script from the PowerShell Gallery firstly, and then gather the computer information by using this script. Run PowerShell Script But this method comes with a downside. Hi All, I have a need of running a PowerShell script during Autopilot, just so that once the user gets to the desktop, I can be fairly certain that the script has run. This script uses WMI to retrieve properties needed for a customer to register a device with Windows Autopilot. Deploy PowerShell Script using Intune Copy the URL as we need it in the PowerShell script running on the devices. Click on Azure Active Directory, now click on "App Registrations". . Restart Computer. Hi all, I'm running a PowerShell script to generate hardware hashes in order to enroll devices into Intune Autopilot. For example: After that, this dialog box pops up: Choose a type of device. The steps to add a new PowerShell script are as follows. Turn on a new device. I posted a blog a back in March that talked about a new "-online" option that I added to the Get-WindowsAutopilotInfo script which will grab the hardware hash from a device and add it to Windows Autopilot using the Graph API. To use this script, you can use either of the following methods: during unattended setup of Windows10) in Windows Autopilot. So I added a one liner script to MEM->Devices->Scripts that is targeted to our Autopilot workstation group in Azure AD (dynamic) " Get-LocalUser -Name "Administrator" | Enable-LocalUser". Again, this OS is temporary and is installed only so that we can run the PowerShell script that collects the hardware hash. Upload a device identity in Autopilot. Search for "Reports" and click on "DeviceManagementServiceConfig . To add a new PowerShell script, click Add button and deploy it to Windows 10 devices. My approach might go completely overboard, but you could use a script to check whether or not all applications have been installed and scripts were run, and then join the device to another group. By default, most PowerShell scripts will close the PowerShell window automatically when the script is done. So by the time Autopilot is done with the device setup, the device is fully patched. Then change these values accordingly: After that, run the ".ps1" file. Answer Yes to any questions that might appear as shown in the above screenshot. You can use a PowerShell script ( Get-WindowsAutopilotInfo.ps1) to get a device's hardware hash and serial number. Autopilot ESP steps - powershell script Hello, I am trying to find in which step (during the Enrollment Status Page) powershell scripts are executed. Right Click the file .. GetAutoPilot.cmd and (run as Administrator) (it seems everytime I plug in the USB I get D: Drive but with the updated command below its automatic ) Prepare Files 1) GetAutoPilot.cmd 2) Download a copy of Get-WindowsAutoPilotInfo.ps1 Contents of GetAutoPilot.cmd Here's the PowerShell syntax view: If somebody knows an out-of-the-box method, I'd be interested to know aswell! Sign in to Microsoft Endpoint Manager portal (Intune) Select Devices and then select Windows devices. Have you tried to create new Deployment Profile and hit Yes on Convert all targeted the devices to AutoPilot. 1. So the script gets executed, but you won't be able to read any errors or output. Only the serial number and hardware hash will be populated. This script will install Nuget and the AutoPilotIntune PowerShell module if it isn't installed already. This is the output. Firstly, save the script as a ".ps1" file. From testing with existing devices (and resetting them) anything I stick in scripts will execute fairly soon after the machine is built. Published: 4 May 2020 File under: Azure, Intune, PowerShell The most common complaint that I've received from people over the last few years around Intune / Autopilot / Modern Management is that people find it frustrating how much effort is involved in getting a device prepared to handover to a client for Autopilot enrollment. Click Select groups . 3.5. The script syntax is at the bottom of the page. Find your Secure App Model application. Run Powershell. This works and the account is enabled, however there is a short period of time before the domain bind when the device receives the new default admin password . Client side Script We are now ready to register an existing device (e.g.