Whilst Microsoft have fixed the official script and module, unlike a lot of their scripts and documents, it does not seem to live anywhere public so we cannot make changes for review.
Version 2.0 just released with new parameters:
-wipe (Sends an Intune wipe to Intune managed devices, such as if you are shifting from hybrid to AAD)
-sysprep (Sends a sysprep OOBE reboot command)
Version 3.0 now supports both PowerShell Graph SDK v1 and v2
Big news – The scripts are now digitally signed for extra security!
With that in mind, I have renamed and changed the GUID on my versions to create a community script and module with the names:
get-windowsautopilotinfocommunity and WindowsAutopilotIntuneCommunity
The source files can be found here:
https://github.com/andrew-s-taylor/WindowsAutopilotInfo/tree/main/Community%20Version
And on the PowerShell Gallery:
https://www.powershellgallery.com/packages/get-windowsautopilotinfocommunity/1.0.0
Install-Script -Name get-windowsautopilotinfocommunity
https://www.powershellgallery.com/packages/WindowsAutopilotIntuneCommunity/1.0
Install-Module -Name WindowsAutopilotIntuneCommunity
These are community scripts, please send feature requests, bug fixes, anything at all, I will attempt to keep on top of all changes.
Just tried to register a fresh W11 VM, and it quickly goes downhill 🙂 Seems to fall over when detecting/installing the modules (microsoft.graph.authentication, MS Graph Identity Management etc)
Error shows, Install-Module: The value Ignore is not supported for an ActionPreference variable.
ErrorAction Ignore is a fairly standard command.
Are you running in OOBE? I know the modules won’t work in WinRE
ok, you mean the profile ID within the Autopilot Environment? I can see the ID when I run your script. But how would be the syntax for the dynamic group?
(device.enrollmentProfileName -eq “OfflineAutopilotprofile-PROFILEID”)
Replace PROFILEID with your ID
Hi Andrew,
my bad. I’ve answered to the wrong blog post. My questions was about that script here: https://andrewstaylor.com/2023/08/15/creating-windows-iso-with-autopilot-json-injected/
BG,
Dom
Ah, got you. No, that one won’t work with group tags as the devices aren’t visible in Intune and Autopilot until after deployment. You can create a dynamic group based on the profile ID so one option would be to configure multiple profiles
Should this be included in your script? How should I add it?
Or can I start the script with the syntax? I’ve tried with no success.
BG,
Dom
You run with parameters:
get-windowsautopilotinfocommunity.ps1 -GroupTag “tag” -Online -Assign (or whatever parameters you normally use)
Hi Andrew,
thx for your answer 🙂
How is the syntax to use the Group Tag Feature? Can´t figure it out.
Regards,
Dom
It should just be -GroupTag “tagname” and then -online etc. as needed
Hi Andrew,
the script is great. I`m working with Group Tags to deploy different profiles. Is there a way to that also with your script?
BG,
Dom
Hi Dom,
Yes, there is a GroupTag parameter you can use
Just to update you this can be replicated, something is messed up in the module versions of the script. If you call a KeyVault to get the appsecret then the community version will break with the errors I pasted before. Replicated entire day.
The only workaround I have now is to have one session to call for the keyvault, store the secret in a variable and pass it over to a new sessions where i run the community script.
Something with the module versions is completely broken
The community script doesn’t use the module to authenticate at all. The issue is between you grabbing the secret and passing it through to the script.
Have you tried grabbing the secret and just send it to a write-host to check everything looks ok in the command?
I have just run this in my tenant and it worked without issue:
# Connect to Azure account
Connect-AzAccount
# Get the secret from Azure Key Vault
$secret = Get-AzKeyVaultSecret -VaultName “homelab” -Name “appreg” -AsPlainText
$appid = “CLIENTID”
$tenant = “TENANTID”
get-windowsautopilotinfocommunity.ps1 -Online -AppId $appid -AppSecret $secret -Tenantid $tenant
Scratch last message this is the part that makes it fail.
# Install only the required Azure modules
$requiredModules = @(“Az.Accounts”, “Az.KeyVault”)
foreach ($module in $requiredModules) {
if (-not (Get-InstalledModule -Name $module -ErrorAction SilentlyContinue)) {
Write-Host “$module module not found. Installing…”
Install-Module -Name $module -Repository PSGallery -Confirm:$false -Force:$true
} else {
Write-Host “$module module found.”
}
}
# Connect to Azure account
Connect-AzAccount -Tenant $tenantId -SubscriptionId $subscriptionId
# Get the secret from Azure Key Vault
$secret = Get-AzKeyVaultSecret -VaultName “VaultName” -Name “AutopilotRegistration” -AsPlainText
Hi Andrew!
I’m trying to use the get-windowsautopilotcommunity -Online -TenantID xxxxxx -AppID yyyyy -Appsecret wwwww but I’m facing an error like this:
Connect-ToGraph: cannot find a parameter that matches the name TenantID
Do you have any clue about this error?
Hi Paulo,
My fault, I had a typo in there. V3.0.1 should fix it.
Hi, it works now however getting warning as below.
Installing module microsoft.graph.authentication
Installing module MS Graph Identity Management
WARNING: The version ‘1.28.0’ of module ‘Microsoft.Graph.Authentication’ is currently in use. Retry the operation after
closing the applications.
Connected to Intune tenant
Gathered details for device with serial number: 121HT872
Adding New Device serial 121HT872
Hopefully that should be fixed now as well
Hi Andrew, getting this when running the community version online.
PS D:\Community Editions> .\get-windowsautopilotinfocommunity.ps1 -online
Connected to Intune tenant
Gathered details for device with serial number: 111HT872
Adding New Device serial 111HT872
cmdlet Set-AutopilotDevice at command pipeline position 1
Supply values for the following parameters:
id: 123
Set-AutopilotDevice : Microsoft.Graph.PowerShell.Authentication.Helpers.HttpResponseException: Response status code
does not indicate success: NotFound (Not Found).
at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
At D:\Community Editions\get-windowsautopilotinfocommunity.ps1:1999 char:30
+ … $imported += Set-AutopilotDevice -groupTag $_.’Group Tag’
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-AutopilotDevice
Hi,
I’ve just uploaded v1.0.3 which should fix the issue
hi Andrew,
I tried to parse Online with GroupTag
It works on the logs , parsing json file for existing devices. however, it never gets the GroupTag printed to the device under Windows Autopilot devices
would that be supported?
.\get-windowsautopilotinfo.ps1 -Online -TenantId aaaa -AppId bbbb -AppSecret cccc -Assign -GroupTag CANADA -Verbose
{
“@odata.type”: “#microsoft.graph.importedWindowsAutopilotDeviceIdentity”,
“groupTag”: “CANADA”,
“serialNumber”: “9999-8888-7777-6666-5555-4444-33”,
“productKey”: “”,
“hardwareIdentifier”:
“XXXXXXXXXXX”,
“assignedUserPrincipalName”: “”,
“state”: {
“@odata.type”: “microsoft.graph.importedWindowsAutopilotDeviceIdentityState”,
“deviceImportStatus”: “pending”,
“deviceRegistrationId”: “”,
“deviceErrorCode”: 0,
“deviceErrorName”: “”
}
}
Should be sorted on the community version now