Today, we're going to explore the wonderful world of Automation. This time for uploading the Windows Autopilot Hardware Hast to Intune - of course using the power of PowerShell. Say goodbye to manual registrations with the need to enter an Administrator and hello to a more straightforward automated registration for Autopilot! 🚀

Table of Contents

Understanding the Script

Here's a breakdown of the steps involved in automating these installations:

Set the Execution Policy

To get started, we need to set the execution policy using the Set-ExecutionPolicy command. Think of it as the bouncer at the PowerShell club, ensuring that our script can run smoothly without any restrictions. We don't want any party crashers, right? 😄

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -ForceCode language: PowerShell (powershell)

Install required components

Now, let's bring in the necessary ingredients for our automation recipe. We'll use the Install-PackageProvider command to install the NuGet package provider. This handy provider helps us easily acquire other packages we need for the Autopilot and Intune magic to happen.

Install-PackageProvider -Name NuGet -Force | Out-NullCode language: PowerShell (powershell)

Install script and module

It's time to bring in the stars of our show! We'll use the Install-Script command to install the awesome script called "Get-WindowsAutoPilotInfo". This script helps us gather all the juicy Autopilot information we need. But wait, there's more! We also need the WindowsAutopilotIntune module, which can be installed with the Install-Module command. It's like having the perfect cast for our tech blockbuster! 🎥🍿

Install-Script -Name Get-WindowsAutoPilotInfo -Force | Out-Null
Install-Module -Name WindowsAutopilotIntune -Force | Out-NullCode language: PHP (php)

Prompt for the Group Tag

Now, let's add a little spice to our automation recipe. We'll prompt you, the wizard behind the screen, to enter a Group Tag for uploading. This Group Tag helps categorize the uploaded data and makes your life a whole lot easier when managing multiple uploads. You can enter a Group Tag to keep things organized, or simply press Enter to continue without one. Your call, maestro! 🎵

$GroupTag = Read-Host "To upload with a Group Tag, enter the Group Tag now. Otherwise, press Enter to continue without a Group Tag."Code language: PHP (php)

Get Windows Autopilot Info

Drumroll, please! It's time to gather all the Autopilot secrets using the script we installed earlier. We'll use the Get-WindowsAutoPilotInfo command with the parameters stored in our hash table called $AutopilotParams. This command will retrieve the Autopilot information from the online service using your specified credentials and group tag (if provided) and handles the registration.
Sit back, relax, and let the magic happen! ✨

$AutopilotParams = @{
Online = $true
TenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
AppId = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
AppSecret = "xxxx~xxxxxxxxxxxxxx~xxxxxxxxxxxxxxxxxxxxx"
GroupTag = "$GroupTag"
Get-WindowsAutoPilotInfo @AutopilotParamsCode language: PowerShell (powershell)

Remember to customize the parameters with your own credentials and group tags to make the magic work seamlessly for your specific setup. Happy automating and may your IT adventures always be filled with joy and triumph! 🎉🔥

The App Registration

The App registration allows us to run the script without an interactive authentication.

Creating the App registration

To create the App registration with the necessary permissions head over to Entra.

Applications > App registrations > + New registration

New registration in Entra

Here you give the App a nice name and click "Register".

Create a app registration

On the Homescreen of the app you can copy/paste the App ID and Tenant ID to your script.

Copy App and Tenant ID

Creating the App secret

In the App navigate to "Certificates & secrets" and click "+ New client secret".
Here you define a Name for teh Secret and a lifetime. The maximum is 2 years.

Add Secret

Copy the created Secret Value into your script. The Value will be shown only once, after that you cannot retrieve is a second time.

Get Secret Value

Assign permissions to our App

In the tab "API permissions" we can remove the already present "User.Read" permission and add "DeviceManagementServiceConfig.ReadWrite.All".
This is the least permission to allow an Autopilot registration.

Add App registration permission for Autopilot

After adding the permission it's very important to approve it:

Grand permission

Create an EXE from the Script

To advise users to run the Script with a right click and "Eun with PowerShell" is not always going to work. For a more convenient user experience you can use the PowerShell Module "ps2exe" to create a EXE.

# Module Installation
Install-Module -Name ps2exe

# Convert to EXE
ps2exe -inputFile "C:\..\Autopilot-Registration.ps1" -outputFile "C:\..\Autopilot-Registration.exe"Code language: PHP (php)