Modern Desktop Architect

Intune Environment Build Script v2.0


I have just release Version 2.0 of the Intune build script to PSGallery and Github

Install-Script -Name BuildIntuneEnvironment

This one has a number of new additions:

  • Automatic creation of Autopilot dynamic Azure AD Group
  • Automatic creation of Preview, Pilot and VIP Azure AD Groups
  • Automatic assignment of both Office and Windows update rings to the newly created groups
  • Creation of Autopilot Profile (and assignment to dynamic group)
  • Creation of Enrollment Status Page (and assignment to group)

All are being applied using the Beta Graph API calls to keep the script self-contained

Group details:

$autopilotgrp = New-AzureADMSGroup -DisplayName "Autopilot-Devices" -Description "Dynamic group for Autopilot Devices" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(device.devicePhysicalIDs -any (_ -contains ""[ZTDid]""))" -MembershipRuleProcessingState "On"

#Pilot Group
$pilotgrp = New-AzureADMSGroup -DisplayName "Intune-Pilot-Users" -Description "Assigned group for Pilot Users" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True

#Preview Group
$previewgrp = New-AzureADMSGroup -DisplayName "Intune-Preview-Users" -Description "Assigned group for Preview Users" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True

#VIP Group
$vipgrp = New-AzureADMSGroup -DisplayName "Intune-VIP-Users" -Description "Assigned group for VIP Users" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True

Autopilot Profile details:

$profilename = "Autopilot Profile"
    "displayName": "$profilename",
    "description": "OOBE Autopilot Profile",
    "language": "en-GB",
    "extractHardwareHash": true,
    "deviceNameTemplate": "%SERIAL%",
    "deviceType": "windowsPc",
    "enableWhiteGlove": true,
    "outOfBoxExperienceSettings": {
        "hidePrivacySettings": true,
        "hideEULA": true,
        "userType": "standard",
        "deviceUsageType": "singleUser",
        "skipKeyboardSelectionPage": false,
        "hideEscapeLink": true

Status Page:

        "displayName": "AutoPilot Enrollment",
        "description": "Custom Enrollment Status",
        "showInstallationProgress": true,
        "blockDeviceSetupRetryByUser": false,
        "allowDeviceResetOnInstallFailure": false,
        "allowLogCollectionOnInstallFailure": true,
        "customErrorMessage": "Enter your custom error here",
        "installProgressTimeoutInMinutes": 120,
        "allowDeviceUseOnInstallFailure": true

Another step towards deploying Intune environments quickly, easily and a lot more standardised.

If there is anything you would find useful to be added, leave a comment and I’ll see if it can be done

Add a Comment

Your email address will not be published. Required fields are marked *