Autopilot-Manager needs the Autopilot-Manager-Client to receive the Autopilot device provisioning information import request and showing the user a processing screen, similar to the Autopilot Pre-Provisioning scenario (former known as WhiteGlove). The app service queues and handles all the processing to import the device provisioning information into the tenant. It has an approval workflow built in via QR code or Approval helpdesk page. It uses the same logic like the Michael Niehaus Autopilot script Get-WindowsAutoPilotInfo. The process of the Get-WindowsAutoPilotInfo script is described in a blog post from Michael here: Importing a device hash directly into Intune
Read more about the solution and detailed installation instructions on my blog post here: Introducing Autopilot Manager
The following prerequisites are necessary to get Autopilot-Manager to work:
- Azure AD Application Registration Client-ID
- Azure AD Application Registration Client-Secret
- Azure AD group for Autopilot direct profile assignment
- Azure AD group for general Autopilot-Manager access
- Azure AD group for 'View-Imports' access (Job Histroy Viewer)
- Azure AD group for 'Approve-Requests' access (Approver)
The app service can be deployed via the Azure Resource Manager (ARM) template by using the following link:
Note: after deployment the app service needs to be stopped and started again (not using the restart button) via the Azure portal. Otherwise the ASP.NET Core Extensions are not recognized and a depenency error will occur.