Microsoft Intune, Endpoint Manager and beyond: 2020

Microsoft Autopilot Step by Step

What is Autopilot: - Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. ... Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, Microsoft Endpoint Configuration Manager, and other similar tools.

Requirements

· Windows 10, version 1703 or later

· New devices that have not been through Windows out-of-box experience

Microsoft Azure Configurations...

1. Go to Azure portal https://portal.azure.com

2. Navigate to Azure Active Directoryà DevicesàDevice Settings

3. Select Users may join devices to Azure AD for all and click Save

1. Go to https://endpoint.microsoft.com/#home

2. On the left navigation pane, choose Devicesà Windowsà Windows EnrolmentàDeployment Profiles

Microsoft Intune Configuration…

Setup Intune as the MDM authority

Azure portal, go to Microsoft Intune/Device Enrollment/Choose MDM Authority.

Select Intune MDM authority

Verify if it's set it up already… IntuneàDevice EnrolmentàOverview

Set Automatic Enrolment

Go to Microsoft IntuneàDevice Enrollment àWindows Enrollment select Automatic Enrollment

Select a group or if All MDM USERS can enroll devices. This can be restricted latter using enrolment restriction policies….

CREATING AUTOPILOT DEPLOYMENT PROFILE

Benefits:

· Automatically setup for work or school

· Customized Azure AD sign-in page

· Skip privacy settings and EULA

Open https://portal.azure.com

Navigate Microsoft IntuneàDevice EnrolmentàWindows EnrolmentàDeployment Profiles

Click Deployment Profiles

Create Profile

You can select Administrator if you want the user to have administrator access….

Click NEXT

Configure ENROLLMENT STATUS PAGE(ESP)

Create an ESP Profile

Click NEXT

Select All Users if possible or create a custom user group

Add Dynamic Query

(device.devicePhysicalIds -any _ -contains "[ZTDId]")

Import Hardware ID to Microsoft INTUNE

Copy below in a notepad and save as GetAutoPilotD.cmd

PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command C:\Temp\Autopilot\Get-WindowsAutoPilotInfo.ps1 -ComputerName $env:computername -OutputFile
C:\Temp\Autopilot\$env:computername.csv

Copy below in a notepad and save as Get-WindowsAutoPilotInfo.ps1

<#PSScriptInfo

.VERSION 1.3

.GUID ebf446a3-3362-4774-83c0-b7299410b63f

.AUTHOR Michael Niehaus

.COMPANYNAME Microsoft

.COPYRIGHT

.TAGS Windows AutoPilot

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

Version 1.0: Original published version.

Version 1.1: Added -Append switch.

Version 1.2: Added -Credential switch.

Version 1.3: Added -Partner switch.

.SYNOPSIS

Retrieves the Windows AutoPilot deployment details from one or more computers

.DESCRIPTION

This script uses WMI to retrieve properties needed by the Microsoft Store for Business to support Windows AutoPilot deployment.

.PARAMETER Name

The names of the computers. These can be provided via the pipeline (property name Name or one of the available aliases, DNSHostName, ComputerName, and Computer).

.PARAMETER OutputFile

The name of the CSV file to be created with the details for the computers. If not specified, the details will be returned to the PowerShell

pipeline.

.PARAMETER Append

Switch to specify that new computer details should be appended to the specified output file, instead of overwriting the existing file.

.PARAMETER Credential

Credentials that should be used when connecting to a remote computer (not supported when gathering details from the local computer).

.PARAMETER Partner

Switch to specify that the created CSV file should use the schema for Partner Center (using serial number, make, and model).

.EXAMPLE

.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv

.EXAMPLE

.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv -Append

.EXAMPLE

.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER1,MYCOMPUTER2 -OutputFile .\MyComputers.csv

.EXAMPLE

Get-ADComputer -Filter * | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv

.EXAMPLE

Get-CMCollectionMember -CollectionName "All Systems" | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv

.EXAMPLE

.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER1,MYCOMPUTER2 -OutputFile .\MyComputers.csv -Partner

[CmdletBinding()]

param(

[Parameter(Mandatory=$False,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True,Position=0)][alias("DNSHostName","ComputerName","Computer")] [String[]] $Name = @($env:ComputerName),

[Parameter(Mandatory=$False)] [String] $OutputFile = "",

[Parameter(Mandatory=$False)] [Switch] $Append = $false,

[Parameter(Mandatory=$False)] [System.Management.Automation.PSCredential] $Credential = $null,

[Parameter(Mandatory=$False)] [Switch] $Partner = $false,

[Parameter(Mandatory=$False)] [Switch] $Force = $false

)

Begin

{

# Initialize empty list

$computers = @()

}

Process

{

foreach ($comp in $Name)

{

$bad = $false

# Get the common properties.

Write-Verbose "Checking $comp"

$serial = (Get-WmiObject -ComputerName $comp -Credential $Credential -Class Win32_BIOS).SerialNumber

# Get the hash (if available)

$devDetail = (Get-WMIObject -ComputerName $comp -Credential $Credential -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'")

if ($devDetail -and (-not $Force))

{

$hash = $devDetail.DeviceHardwareData

}

else

{

$bad = $true

$hash = ""

}

# If the hash isn't available, get the make and model

if ($bad -or $Force)

{

$cs = Get-WmiObject -ComputerName $comp -Credential $Credential -Class Win32_ComputerSystem

$make = $cs.Manufacturer.Trim()

$model = $cs.Model.Trim()

if ($Partner)

{

$bad = $false

}

else

{

$make = ""

$model = ""

}

# Getting the PKID is generally problematic for anyone other than OEMs, so let's skip it here

$product = ""

# Depending on the format requested, create the necessary object

if ($Partner)

{

# Create a pipeline object

$c = New-Object psobject -Property @{

"Device Serial Number" = $serial

"Windows Product ID" = $product

"Hardware Hash" = $hash

"Manufacturer name" = $make

"Device model" = $model

}

# From spec:

# "Manufacturer Name" = $make

# "Device Name" = $model

}

else

{

# Create a pipeline object

$c = New-Object psobject -Property @{

"Device Serial Number" = $serial

"Windows Product ID" = $product

"Hardware Hash" = $hash

}

# Write the object to the pipeline or array

if ($bad)

{

# Report an error when the hash isn't available

Write-Error -Message "Unable to retrieve device hardware data (hash) from computer $comp" -Category DeviceError

}

elseif ($OutputFile -eq "")

{

}

else

{

$computers += $c

}

End

{

if ($OutputFile -ne "")

{

if ($Append)

{

if (Test-Path $OutputFile)

{

$computers += Import-CSV -Path $OutputFile

}

if ($Partner)

{

$computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash", "Manufacturer name", "Device model" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile

# From spec:

# $computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash", "Manufacturer Name", "Device Name" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile

}

else

{

$computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile

}

Create Folder C:\Temp\Autopilot

Copy Files C:\Temp\Autopilot\Get-WindowsAutoPilotInfo.ps1 & C:\Temp\Autopilot\GetAutoPilotD.cmd

Run GetAutoPilotD.cmd using command as ADMIN and .csv will be created in the same folder with the computer name.