I have just published an update to the get-windowsautopilotinfocommunity PowerShell script available here:
Or from the PS Gallery
Install-Script -Name get-windowsautopilotinfocommunityThis new version has options to work with the new Autopilot Device Identifier functionality:
New parameter “-identifier” tells it to use the new functionality and not the hash
Thie can be used with either -online or -outputfile to grab the current device and either add directly to Intune, or export to upload later.
There is also a parameter called “InputFile” to give it an already exported CSV containing one or multiple devices which it will loop through and add.
If the devices exist already, it checks first and tells you.
Of course the script still works with the older functionality as well!
Hi Andrew,
Wow! Am i lucky to have found you and your blog/code! I’m starting out and only want to enroll using Autopilot V2. I’ve created the prep policy and I think it’s good to go for having ing having the service principal as the owner of the target device group. I’m running into different results which I’m guessing is a v1 vs v2 issue.
If i run the script like this:
get-windowsautopilotinfocommunity.ps1 -identifier -Outputfile c:\temp\ap4.csv
I get a populated csv file that has one line it: Dell Inc,Latitude 5520,B9AUGL3
If i run this on a currently intune enrolled device:
get-windowsautopilotinfocommunity.ps1 -identifier -Online
It tells me that B9AUGL3 already exists in AutoPilot. However, it is not listed in Autopilot devices but it is in Intune as well as Entra (by the PC name and not serial #). Is this by design or is the wording a little unclear? If it is by design, is it not possible to prepare an existing non-Autopilot/intune enrolled pc for Autopilot upon wipe?
And finally, I thought I could run the same code and add the -GroupTag parameter which would equate to Scope Tags in the V2 device provisioning policy but it appears by adding that parameter, it returns an empty CSV with all of the V1 column titles on the first line and a few empty comma separated values on the second line:
Device Serial Number,Windows Product ID,Hardware Hash,Group Tag
,,,
Is it fair to assume that once we use a parameter from the V1 days, the output will revert to V1 and not show up online nor output to a csv file? If yes, with V2 we can only get Manufacturer, Model, and Serial #. And we can enroll it into AP interactively using -Online or to a CSV file.
Thoughts about my observations above? I’m sure I’m off on a few things.
Really appreciate you taking the time for the community. Oh yea, I’d be interested in your book too! I’ll poke around on your blog to see if there is a link. Thank you!
Hi David,
Does that device display in Device Identifiers? If it’s already in there, it won’t let you add it again
Group tags aren’t supported on v2 so that parameter switches it to v1 config which is why it is confused because it’s missing some of the values needed for v1
Hi Andrew! I am a big fan of your work and proud owner of your intune cookbook, which has helped tremendously.
I was curious if there was a chance of updating the autopilot nuke script at all. When trying to configure it, I am getting failures on hashes related to outdated versions of azure core when its trying to load the windowsautopilotinfocommunity module.
I have been running into autopilot devices not getting recognized due to bios updates / TPM updates modifying the hardware hash and running this script in OOBE would be a huge time saver.
Thanks again for everything!
Hi,
I hope you are enjoying the book!
Any chance you can send me the error message (email is fine)? I can’t see any old modules in either of the script or the module, but could well be missing something.
Thank you!
It seems I mistakenly switched the value and secret ID, but it’s working now.
https://prnt.sc/N9LF-al46TAD
How long does it typically take for the device to appear on the portal?
Best regards,
Ranko
Maximum of 30 minutes for a large tenant, it’s usually very quick though
It’s odd that it’s still not showing, especially given the size of the tenant. I’ll wait another 30 minutes to see if anything changes.
In the meantime, is there any way to troubleshoot this if it doesn’t appear on the dashboard?
Are you looking in Autopilot devices for it?
Yes,
https://prnt.sc/oFTLgn-3QzFI
I even tested with a device that had never been added to Intune or Autopilot before, but unfortunately, it’s still not showing up on the portal. 🙁
You could have something blocking enrollment, if you add via CSV does that work?
I couldn’t reply directly to your last comment, so I’m using this one instead.
“It’s possible that something might be blocking enrollment. Have you tried adding the device via CSV? If so, does that work?”
I just tested the process on my laptop without any additional parameters (although I’m a domain admin), and it worked successfully. The only command I used was:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass; C:\Tools\get-windowsautopilotinfocommunity.ps1 -online
After running this, the script was completed in 61 seconds, and the device showed up as expected after refresh.
https://prnt.sc/n7fe5LuEHyH8
So, maybe its something with permission of app:
I add just DeviceManagementServiceConfig.ReadWrite.All
and plan is to add also this to it to see will it work:
DeviceManagementManagedDevices.ReadWrite.All
DeviceManagementConfiguration.ReadWrite.All
User.Read.All
These are the permissions it uses interactively:
Group.ReadWrite.All, Device.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, GroupMember.ReadWrite.All
It seems that -identifier is a problem, I’m getting devices if I remove this parameter?
Identifier is for v2 (device prep), without is for v1
I wanted to use V2 … is there any link to find how to troubleshoot this issue?
v2 won’t add devices to Autopilot devices, that’s V1. V2 just adds device identifiers
Hi,
Is it possible to automate this process by running the script from RMM (in my case NinjaOne) on multiple machines without user interaction?
Best regards!
Ranko
Which part in particular? Any of it can be automated
Hi,
First of all, thank you for your quick response!
I am looking to run this script on NinjaOne (NinjaRMM) to enroll all current devices into Autopilot V2 without requiring user interaction. I need the process to be fully automated and not done one by one.
Best regards,
Ranko
Ok, if you create an app reg and secret and then use:
get-windowsautopilotinfocommunity.ps1 -identifier -online -TenantId “TENANT ID HERE” -AppId “CLIENT ID HERE” -AppSecret “CLIENT SECRET HERE”
Thank you so much.
Great, I will try tomorrow morning to test!
Hi Andrew,
Could you please provide me with a “how-to” guide or a link to creating an app? It seems I may not have set the correct permissions for it to work properly.
Best regards,
Ranko
Hi,
Either of these cover it:
https://www.osdeploy.com/guides/autopilot-app-registration
https://scloud.work/autopilot-registration-app/