This solution is for devices that have already been bought or for lab/test scenarios to simplify the onboarding process. When planning on going into production the devices that are bought should already be enrolled into your tenant by your hardware vendor. A list of vendors that support Autopilot can be found here Link
This solution builds on the Get-WindowsAutoPilotInfo.ps1 script created by Michael Neihaus and can be found here:
https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo/
That script requires that you run it on the device where it will create a csv file. That file must then be moved to a computer where it's imported into Intune, wait for the computer to be assigned and then go back to the computer to reboot and continue installation/onboarding.
In this script all of that will be done directly from the computer being onboarded in an automated way. You still need to log on to your tenant with an account that have the rights to enroll devices as part of the process.
Prerequisites:
- The AzureAD module must be downloaded locally and copied to the same folder as the script files. To download a module run the command:
Save-Module -Name AzureAD -Path C:\Assign-AutoPilotDevice- A dynamic group that automatically assigns a deployment profile base on group tags. (Dynamic groups require at least an Azure AD P1 license for the tenant).
Download all the script files from my Github repo:
https://github.com/matbe/PowerShell/tree/master/Intune/Assign-AutoPilotDevice
Before starting the “GroupTags.txt” file needs to be updated with the group tags the user should be able to choose from. The format of the file must be:
<Friendly Name>=<GroupTag>
Where the friendly name is the name that will be shown in the script menu and the GroupTag is what will be assigned to the device in Intune.
When the script loads the file it will sort the entries based on the friendly name.
Next is to update the “Assign-AutoPilotDevice.ps1” file and change the value "<tenant>.onmicrosoft.com" to match your tenant instead.
Then copy all the files onto the USB-drive that will be used to install Windows on the device and go through with the installation as normal. Once the OOB-page for language selection is reached press Shift+F10 to bring up a command prompt.
Change directory to where you saved the scriptfiles and the AzureAD module and run “Assign-AutoPilotDevice.bat”.
Once started you will be prompted to choose a group tag. (If you do not wish to use group tags you need to change the parameter “$GroupTag = $true” to “$GroupTag = $false” within the script, but then the waiting for auto-assignment later on will fail).
After the group tag is selected you will need to verify that it is connecting to the correct tenant and specify your credentials.
A login prompt will appear, enter your password. (Sorry for the Swedish 😉)
This will start the onboarding process. First the script will import the device into Intune and wait for status to change to “Completed”. This step usually takes 1-5 minutes.
Once this step is finished the device should be visible in the Intune console under “Windows Enrollment\Devices” with the status “Not assigned”
Now the script will wait for the device to get assigned. This is usually slower and needs to wait for the dynamic group to pick up the device and group tag so it can be assigned. Expect at least 5-10 minutes.
There is a hard coded wait in the script that will fail the script after 15 minutes, but even if it quits at this point the device should be imported correctly into Intune.
After a while the status will change to “Updating” in the console.
Once device has been assigned the script will trigger a “sync” and then wait another 5 minutes before restarting the computer automatically to allow Intune do its magic in the background.
In the console the “Last sync request” and “Last successful sync” values should be updated and the device should have the status Assigned.
Once restarted the device should be onboarded into Intune and you can continue your installation! Enjoy!
Hope this helps and please let me know if you have any feedback.
Hey,
I've been using this script the last couple of months or so, but as of today I noticed that Group Tags doesn't get uploaded. The script runs and the Autopilot object gets uploaded, but the Group Tag field is empty. I recall that this happened like a month ago where there was an issue that Microsoft caused and that they had to fix for this to work again. Do you happen to know if this problem has occured again?
Cheers.
Hi Morten, I have just published v1.2 in my Github page which fixes this. It contains more features and bugfixes so will publish a new blogpost soon to reflect the changes. If you just want to fix the grouptag in v1.0 see @James comment below. (edit line 502 in the ps1 file from 'orderIdentifier' to 'groupTag').
Cheers Mattias! I will test that right away 😀
sorted it, edited line 502 in the ps1 file from 'orderIdentifier' to 'groupTag' and its working again in our environment.
Thanks, I will verify that I get the same error and update the source files on Github!
Hi, thanksyou so much for this script! it has been a great addition and makes it so much easier to automate this process!
Of late though it doesn't seem to be adding the GroupTags when registering the device, and i wonder if it has anything to do with this?
https://techcommunity.microsoft.com/t5/intune-customer-success/resolved-unable-to-assign-group-tags-with-the/ba-p/2233247
thanks
Jl
Hello,
This is a great script! I have run into an issue where numbers 2-9 come up with the error, "Not a valid Selection, try again". But 1 and 10-13 work like a charm. All have the same group tag formatting. I am sure I am probably doing something wrong, any help would be appreciated.
Hi Nick,
Could you please create an issue with as much information as possible on the GitHub page and I will see if I can replicate the issue?
Best Regards
Matt
Hey
I did change the .onmicrosoft.com – but I keep getting: "authorization access token is null please re-run authentication"
(Using an global-admin user)
Any ideas?
Do you get the logonscreen or do you get the error directly?
I have gotten that error if I did not have network connection.
Can you ping http://www.microsoft.com from the cmd prompt? Otherwise check that you have a proper network connection and that DNS/DHCP is working for you.