This is a proactive remediation that checks the serial number of a device enrolled in Intune to see if it's been onboarded into Autopilot. If it has not, it generates the hardware hash and collects the other relevant data to automatically upload to the Autopilot servers. We use an app registration to add the hardware information to Autopilot automatically so that no administrator credentials are needed.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Table of Contents
- Start at https://portal.azure.com
- Open Azure Active Directory
- Create a new App Registation
- Define a name
- Select Accounts in this organizational directory only
- Leave the Redirect URI Blank
- Hit Register
- Take note of the Application and Tenant IDs on the overview page, we will need these later
- Go to "API permissions" on the navigation blade
- Add a permission
- Select Microsoft Graph
- Select Application permissions
- Search for and select DeviceManagementServiceConfig.ReadWrite.All
- Click on the button to grant admin consent
- Go to "Certificates and Secrets" on the navigation blade
- Create a Client secret set for 1 year, 2 years, or does not expire Take not of the value of the secret. Ignore the Secret ID. Once we leave this page we can no longer view the secret value. Update both scripts with the Application ID, Secret, and Tenant ID from the application registration
Adam Clifford - adam@cliffords.net
Project Link: https://github.com/aclifford81/PRAutopilotEnroll