Automatically moving group members from Intune Update Rings to AutoPatch

By now I’m sure you’ve heard about the new AutoPatch service from Microsoft (if you haven’t, read this and watch this excellent video explaining how it works).

UPDATED 07/09/2022

During activation, you will be prompted to make sure devices are not currently assigned to a current update ring, easy enough, I’ll just go and unassign any groups assigned, but this seems a bit too manual for my liking so why not automate it?

This is where my new script comes into play. As usual you can grab it from my github here

This script will do all of the work for you, but there is one part you may need to change:

## Your Group Names
$broadname = "Broad"
$pilotname = "Pilot"
$previewname = "Preview"

Discovery of the old groups is based on a wildcard on the names above, if you’ve used anything different, amend as appropriate.

After authenticating against Azure AD, the script will go ahead and:

  1. Grab the Policy IDs of the current non-autopatch policies
  2. Finds the AAD Groups assigned to the policies
  3. Unassigns the groups from the old policies
  4. Loops through the members of each group and adds to the Windows Autopatch Device Registration Azure AD Group
  5. Export a copy of each old group membership to a CSV file in c:\localappdata\UpdateRings for you to reference
  6. Removes the old AAD Group
  7. Removes the old policies

This will leave you with the new groups nicely populated with all of your previous hard work and a nice clean environment to move forward with.

Note: Autopatch will automatically distribute your devices to the new rings so they may end up moving to a different ring. The script will export the contents of your previous rings to CSV files so you can compare and move as appropriate

As always, comments and suggestions more than welcome!

Leave a Comment