Windows Autopilot for Existing Devices – Downloading the Deployment Profile

When using the Autopilot for Existing Devices scenario, you download one of your existing Autopilot deployment profiles via Microsoft Graph, and then instruct whatever deployment solution you are using to copy the file to the C:\Windows\Provisioning\Autopilot folder. This way you can enroll machines into Intune without having to upload a hardware hash and assign them a deployment profile first.

This method is not as quick as simply having your deployment solution use a bulk enrollment package to enroll the device – Windows Autopilot Plan B as I call it – but it does allow for the full Windows Autopilot experience during OOBE, including the use of enrollment status pages.

Update December 26, 2023: Updated the script to use the latest community version of the WindowsAutopilotIntune module (named WindowsAutopilotIntuneCommunity).

Note: Windows Autopilot for existing devices only supports the User-driven Azure AD and User-driven Hybrid Azure AD Autopilot scenarios, not the Pre-provisioning Autopilot scenario,

The PowerShell Script

Below is a script I've been using to download Autopilot deployment profiles. I recently updated the script to use the Microsoft Graph PowerShell module which has been updated heavily this year. At the time of this writing (October 21, 2023), the latest version is 2.8.0. This script requires that you have installed the following modules:

  • WindowsAutopilotIntuneCommunity
  • Microsoft.Graph.Groups
  • Microsoft.Graph.Authentication
  • Microsoft.Graph.Identity.DirectoryManagement
# Import the PowerShell modules
Import-Module WindowsAutopilotIntuneCommunity -MinimumVersion 2.5
Import-Module Microsoft.Graph.Groups
Import-Module Microsoft.Graph.Authentication
Import-Module Microsoft.Graph.Identity.DirectoryManagement

# Connect to Micosoft Graph
# Note #1: Using the Connect-MgGraph cmdlet instead of older Connect-AutopilotIntune and Connect-MSGraph
# Note #2: Using Scopes limits the permissions available to an application.
$Scopes = @(
    "Device.ReadWrite.All", 
    "DeviceManagementManagedDevices.ReadWrite.All", 
    "DeviceManagementServiceConfig.ReadWrite.All", 
    "Domain.ReadWrite.All", 
    "Group.ReadWrite.All", 
    "GroupMember.ReadWrite.All", 
    "User.Read"
)
Connect-MgGraph -Scopes $Scopes

# List all Windows Autopilot deployment profiles
(Get-AutopilotProfile).displayName

# Select on of the supported Autopilot deployment profiles
# Note: In my lab, the profile I wanted to use is named UserDriven Scenario Standard User
$ProfileName = "UserDriven Scenario Standard User" 
$id = (Get-AutopilotProfile | Where-Object { $_.displayName -eq $ProfileName }).id

# Download the selected profile, convert it to JSON format, and save as ANSI file (By setting encoding to ASCII)
$OutPutFile = "C:\Windows\Temp\AutopilotConfigurationFile.json"
Get-AutopilotProfile -id $id | ConvertTo-AutopilotConfigurationJSON | Out-File $OutPutFile -Encoding ascii 
About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

>