Get-WindowsAutopilotInfo and WindowsAutopilotIntune Community Editions!

Whilst Microsoft have fixed the official script and module, unlike a lot of their scripts and documents, it does not seem to live anywhere public so we cannot make changes for review.

Version 2.0 just released with new parameters:
-wipe (Sends an Intune wipe to Intune managed devices, such as if you are shifting from hybrid to AAD)
-sysprep (Sends a sysprep OOBE reboot command)

Version 3.0 now supports both PowerShell Graph SDK v1 and v2

Big news – The scripts are now digitally signed for extra security!

With that in mind, I have renamed and changed the GUID on my versions to create a community script and module with the names:

get-windowsautopilotinfocommunity and WindowsAutopilotIntuneCommunity

The source files can be found here:

https://github.com/andrew-s-taylor/WindowsAutopilotInfo/tree/main/Community%20Version

And on the PowerShell Gallery:

https://www.powershellgallery.com/packages/get-windowsautopilotinfocommunity/1.0.0

Install-Script -Name get-windowsautopilotinfocommunity

https://www.powershellgallery.com/packages/WindowsAutopilotIntuneCommunity/1.0

Install-Module -Name WindowsAutopilotIntuneCommunity

These are community scripts, please send feature requests, bug fixes, anything at all, I will attempt to keep on top of all changes.

24 thoughts on “Get-WindowsAutopilotInfo and WindowsAutopilotIntune Community Editions!”

  1. Just tried to register a fresh W11 VM, and it quickly goes downhill 🙂 Seems to fall over when detecting/installing the modules (microsoft.graph.authentication, MS Graph Identity Management etc)

    Error shows, Install-Module: The value Ignore is not supported for an ActionPreference variable.

    Reply
  2. ok, you mean the profile ID within the Autopilot Environment? I can see the ID when I run your script. But how would be the syntax for the dynamic group?

    Reply
    • Ah, got you. No, that one won’t work with group tags as the devices aren’t visible in Intune and Autopilot until after deployment. You can create a dynamic group based on the profile ID so one option would be to configure multiple profiles

      Reply
  3. Should this be included in your script? How should I add it?
    Or can I start the script with the syntax? I’ve tried with no success.

    BG,
    Dom

    Reply
  4. Hi Andrew,

    the script is great. I`m working with Group Tags to deploy different profiles. Is there a way to that also with your script?

    BG,
    Dom

    Reply
  5. Just to update you this can be replicated, something is messed up in the module versions of the script. If you call a KeyVault to get the appsecret then the community version will break with the errors I pasted before. Replicated entire day.

    The only workaround I have now is to have one session to call for the keyvault, store the secret in a variable and pass it over to a new sessions where i run the community script.

    Something with the module versions is completely broken

    Reply
    • The community script doesn’t use the module to authenticate at all. The issue is between you grabbing the secret and passing it through to the script.
      Have you tried grabbing the secret and just send it to a write-host to check everything looks ok in the command?

      Reply
    • I have just run this in my tenant and it worked without issue:

      # Connect to Azure account
      Connect-AzAccount

      # Get the secret from Azure Key Vault
      $secret = Get-AzKeyVaultSecret -VaultName “homelab” -Name “appreg” -AsPlainText

      $appid = “CLIENTID”

      $tenant = “TENANTID”

      get-windowsautopilotinfocommunity.ps1 -Online -AppId $appid -AppSecret $secret -Tenantid $tenant

      Reply
  6. Scratch last message this is the part that makes it fail.

    # Install only the required Azure modules
    $requiredModules = @(“Az.Accounts”, “Az.KeyVault”)

    foreach ($module in $requiredModules) {
    if (-not (Get-InstalledModule -Name $module -ErrorAction SilentlyContinue)) {
    Write-Host “$module module not found. Installing…”
    Install-Module -Name $module -Repository PSGallery -Confirm:$false -Force:$true
    } else {
    Write-Host “$module module found.”
    }
    }

    # Connect to Azure account
    Connect-AzAccount -Tenant $tenantId -SubscriptionId $subscriptionId

    # Get the secret from Azure Key Vault
    $secret = Get-AzKeyVaultSecret -VaultName “VaultName” -Name “AutopilotRegistration” -AsPlainText

    Reply
  7. Hi Andrew!
    I’m trying to use the get-windowsautopilotcommunity -Online -TenantID xxxxxx -AppID yyyyy -Appsecret wwwww but I’m facing an error like this:
    Connect-ToGraph: cannot find a parameter that matches the name TenantID

    Do you have any clue about this error?

    Reply
  8. Hi, it works now however getting warning as below.
    Installing module microsoft.graph.authentication
    Installing module MS Graph Identity Management
    WARNING: The version ‘1.28.0’ of module ‘Microsoft.Graph.Authentication’ is currently in use. Retry the operation after
    closing the applications.
    Connected to Intune tenant
    Gathered details for device with serial number: 121HT872
    Adding New Device serial 121HT872

    Reply
  9. Hi Andrew, getting this when running the community version online.
    PS D:\Community Editions> .\get-windowsautopilotinfocommunity.ps1 -online
    Connected to Intune tenant
    Gathered details for device with serial number: 111HT872
    Adding New Device serial 111HT872

    cmdlet Set-AutopilotDevice at command pipeline position 1
    Supply values for the following parameters:
    id: 123
    Set-AutopilotDevice : Microsoft.Graph.PowerShell.Authentication.Helpers.HttpResponseException: Response status code
    does not indicate success: NotFound (Not Found).
    at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
    At D:\Community Editions\get-windowsautopilotinfocommunity.ps1:1999 char:30
    + … $imported += Set-AutopilotDevice -groupTag $_.’Group Tag’
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-AutopilotDevice

    Reply
  10. hi Andrew,
    I tried to parse Online with GroupTag
    It works on the logs , parsing json file for existing devices. however, it never gets the GroupTag printed to the device under Windows Autopilot devices
    would that be supported?

    .\get-windowsautopilotinfo.ps1 -Online -TenantId aaaa -AppId bbbb -AppSecret cccc -Assign -GroupTag CANADA -Verbose

    {
    “@odata.type”: “#microsoft.graph.importedWindowsAutopilotDeviceIdentity”,
    “groupTag”: “CANADA”,
    “serialNumber”: “9999-8888-7777-6666-5555-4444-33”,
    “productKey”: “”,
    “hardwareIdentifier”:
    “XXXXXXXXXXX”,
    “assignedUserPrincipalName”: “”,
    “state”: {
    “@odata.type”: “microsoft.graph.importedWindowsAutopilotDeviceIdentityState”,
    “deviceImportStatus”: “pending”,
    “deviceRegistrationId”: “”,
    “deviceErrorCode”: 0,
    “deviceErrorName”: “”
    }
    }

    Reply

Leave a Comment