Manage Windows Autopilot with PowerShell
https://www.systanddeploy.com/2019/04/manage-windows-autopilot-with-powershell.html
In this post I will show you how to manage Windows Autopilot with PowerShell using the module WindowsAutopilotIntune from Michael Niehaus.
Module installation
1 / Intall the module WindowsAutoPilotIntune with WindowsAutoPilotIntune
2 / The WindowsAutopilotIntune module contains the cmdlets below:
Connect to Intune
Now the first step is to connect to your Tenant in order to list your Autopilot configuration.
1 / For that use the cmdlet Connect-AutopilotIntune2 / Type the cmdlet with the account that has access to your organization
3 / The login screen will be displayed, type your Azure AD password, then click on Connect
4 / On the next window click on Accept
5 / Now we are connected, let’s test the modue cmdlets.
List enrolled devices
Which cmdlet ?
Get-AutoPilotDevice
What it does exactly?
According to the module help, this cmdlet will do the below action:
The Get-AutoPilotDevice cmdlet retrieves either the full list of devices registered with Windows Autopilot for the current Azure AD tenant, or a specific device if the ID of the device is specified.The appropriate part in Intune would be this one below located in Intune > Device enrollment > Windows enrollment > Windows enrollment > Devices
Cmdlet in action
See below what return the cmdlet:
List imported devices
Which cmdlet ?
Get-AutoPilotImportedDevice
What it does exactly?
According to the module help, this cmdlet will do the below action:
The Get-AutoPilotImportedDevice cmdlet retrieves either the full list of devices being imported into Windows Autopilot for the current Azure AD tenant, or information for a specific device if the ID of the device is specified.Once the import is complete, the information instance is expected to be deleted.Cmdlet in action
See below what return the cmdlet:
Get tenant informations
Which cmdlet ?
Get-AutoPilotOrganization
What it does exactly?
According to the module help, this cmdlet will do the below action:
The Get-AutoPilotOrganization cmdlet retrieves the organization object for the current Azure AD tenant. This contains the tenant ID, as well as the list of domain names defined to the tenant.See below informations I get:
List Deployment Profile
Which cmdlet ?
Get-AutoPilotProfile
What it does exactly?
According to the module help, this cmdlet will do the below action:
The Get-AutoPilotProfile cmdlet returns either a list of all Windows Autopilot profiles for the current Azure AD tenant, or information for the specific profile specified by its ID.
You can also retrieve informations about Out-Of-Box-Experience
The appropriate part in Intune would be this one below located in Intune > Device enrollment > Windows enrollment > Windows enrollment > Deployment Profiles
And for the OOBE part
Click on your profile, then Properties and OOBE
Set Deployment Profile
Which cmdlet ?
Set-AutoPilotProfile
What it does exactly?
According to the module help, this cmdlet will do the below action: Set-AutoPilotProfile
What it does exactly?
The Set-AutoPilotProfile cmdlet sets properties on an existing Autopilot profile.By default an for now there is only one existing parameter.
This one called language allows you to set the language of the device.
I’m currently updating the module for my use in order to allow you to change the below profile part:
- Hide EULA
- Hide privacy settings
- Skip the keyboard selection page
- Change display name
- Change description
- Add device template name
- Change option to hide or not the change account options
- Configure the value "Convert all targeted devices to Autopilot"
I’m also working on a new cmdlet to change the Enrollment Status page options.
I will publish changes next week and hope they will be integrated in the official module 😊
Sync Autopilot
Which cmdlet ?
Invoke-AutopilotSync
What it does exactly?
According to the module help, this cmdlet will do the below action:
The Invoke-AutopilotSync cmdlet initiates a synchronization between the Autopilot deployment service and Intune.This can be done after importing new devices, to ensure that they appear in Intune in the list of registered
Import CSV profile
Which cmdlet ?
Import-AutoPilotCSV
What it does exactly?
According to the module help, this cmdlet will do the below action:
The Import-AutoPilotCSV cmdlet processes a list of new devices (contained in a CSV file) using a several of the other cmdlets included in this module. It is a convenient wrapper to handle the details. After the devices have beenadded, the cmdlet will continue to check the status of the import process. Once all devices have been processed (successfully or not) the cmdlet will complete. This can take several minutes, as the devices are processed by Intuneas a background batch process.First, you will need the CSV from the device you want to manage with Autopilot and Intune.
To get the CSV use the below command lines
The exported CSV will be this one to import with the cmdlet.
See below the imported CSV part from Intune before:
Cmdlet in action
See below the import cmdlet in action:
See below the imported CSV part from Intune now:
Assign user to a device
Which cmdlet?
Set-AutoPilotDeviceAssignedUser
What it does exactly?
According to the module help, this cmdlet will do the below action:The Set-AutoPilotDeviceAssignedUser cmdlet assign the specified user and sets a display name to show on the Windows Autopilot device.Cmdlet in action
See below, from the Intune portal, the device on which I want to assign a user.
First, to use it you will need the id of the device on which you want to assign a user.
For that use the cmdlet Get-AutoPilotDevice.
In the list below we find the device mentioned previously from the Intune portal.
To assign a user we will need to add a parameter for the principal name and display name.
See below the cmdlet I used:
Now go back to the Intune portal and check the device properties, tadaaaa.
What's next ?
In my next post I show update I have integrated in the module for my lab, hoping it will be integrated in the official module.
I’m currently updating the module for my use in order to allow the below actions:
--> Set-AutopilotProfile: Change deployment profile options
--> Remove-AutoPilotProfile: Remove a Deployment Profile
--> Add-AutoPilotProfile: Create a Deployment Profile
--> Set-AutoPilotProfileAssignedGroup: Assign a group to a Deployment Profile
--> Remove-AutoPilotProfileAssignedGroup: Remove a group from a Deployment profile
--> Get-AutoPilotProfileAssignedDevice: List assigned devices for a Deployment Profile
--> Get-AutoPilotProfileAssignments: List assigned groups for a Deployment Profile
--> Add-EnrollmentStatusPage: Create an Enrollment Status Page
--> Get-EnrollmentStatusPage: List Enrollment Status Page
--> Set-EnrollmentStatusPage: Change Enrollment Status Page option
--> Remove-EnrollmentStatusPage: Remove an Enrollment Status Page
Enregistrer un commentaire