Automatically Creating Autopilot Entra ID Group

After spending far too long working out why my Autopilot Dynamic group was failing to populate (answer: typo), what better way to avoid this in the future than to script it and it’s something that’s needed for every Intune environment anyway.

Along with this individual script, I have added a step into my Intune Build Environment script (now on V1.1) so this can be done automatically on new installs:

Install-Script -Name BuildIntuneEnvironment 

As usual, the code can all be found on my github repo here

This one in particular uses the Microsoft Graph Powershell module:

First, install the module if it’s missing

#Install MS Graph if not available
if (Get-Module -ListAvailable -Name Microsoft.Graph) {
  Write-Host "Microsoft Graph Already Installed"
} 
else {
  try {
      Install-Module -Name Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force 
  }
  catch [Exception] {
      $_.message 
      exit
  }
}

Now import it:

import-module -Name microsoft.graph

And connect to it (this step gives the familiar popup login box)

Select-MgProfile -Name Beta
Connect-MgGraph -Scopes Group.ReadWrite.All, GroupMember.ReadWrite.All, openid, profile, email, offline_access

And finally create the group (in this case called Autopilot-Devices)

New-MgGroup -DisplayName "Autopilot-Devices" -Description "Dynamic group for Autopilot Devices" -MailEnabled:$False -MailNickName "autopilotdevices" -SecurityEnabled -GroupTypes "DynamicMembership" -MembershipRule "$aprule" -MembershipRuleProcessingState "On"

There we go, no input except a quick login and the group is created, so much quicker than manually!

Leave a Comment