Automatically sending a Teams notification when Autopilot completes with PowerShell and Azure Automation

In this post we will see how to use PowerShell and Azure Automation to automatically send a new message on a Teams channel when a Windows Autopilot device is completely installed.

The solution

The solution can be achived in few steps:

1. Create a SharePoint app

2. Give this app write access

3. Create an Azure automation runbook

4. A script to detect new installed devices

5. A script to send message on Teams

What does the script ?

The automation script will proceed as below:

1. Get all devices from autopilot devices installed last x hours/days

2. Get the approriate serial number

3. Get the appropriate ID using the serial number

4. Send a new message on Teams

See below an overview of the Teams message:

Get the script

Click on the below GitHub picture to get the script

How to use the script ?

SharePoint information

Add link on your webhook in the $Webhook_URL variable.

Managed identity

The Azure Automation script works with a managed identity.

To make it simple a Managed identity is an Azure AD account that will be used to

We will see later how to use it.

Choose how to add devices

As mentioned previously, youcan choose to add devices as below:

- All devices from the Monitor part

- Only devices installed during last x hours

- Only devices installed during last x days

In the script you will have to comment/uncomment only the part you want.

See them below:

Creating Teams webhook

Purpose: In this part, we will create a connector on a Teams channel allowing us to automate ability to send Teams notif.

For that, we will proceed as below:

1. Go to your channel

2. Click on the ...

3. Click on Connectors

4. Go to Incoming Webhook

5. Type a name

6. Click on Create

7. Copy the Webhook path

Azure Automation account

Creating the account

1. Go to Azure

2. In the search bar type: Automation accounts

3. Go to Automation accounts

4. Click on Create

5. Type a name

6. Choose a Subscription

7. Choose the Resource group

8. Here: intune_reporting

9. Choose your region

10. Here: (Europe)France Central

11. In Create Azure Run As Account, select No

12. Click on Create

13. Wait a bit

14. Click on Go to resource

Adding modules

1. Go to your automaton account

2. Click on Modules gallery

3. Search: az.Accounts

4. Click on az.Accounts

5. Click on Import

6. Click on OK

Set Managed Identity

1. Go to your automation account

2. Go to Identity (Preview)

3. Go to System assigned

4. Select On

5. Click on Save

6. Click on Yes

Adding permissions

Once the Managed Identity has been configured a new Enterprise application will be created.

Then you need to add permissions to do some actions, there permission to get info from the Autopilot events part.

The required permission is the following: DeviceManagementManagedDevices.Read.All

To add this permission you will need to use PowerShell, it can't be done through the portal.

For that use the script Assign_permission on my GitHub repo.

You just need to fill below variables:

- $TenantID: your tenant ID

- $DisplayNameOfMSI: name of your automation account

Azure Automation Runbook

Creating a Runbook

1. Go to Azure

2. In the search bar type: Automation accounts

3. Go to your Automation accounts

4. Go to Runbooks

5. Click on + Create a runbook

6. Type a name

7. In Runbook type, select PowerShell

8. Click on Create

Add script in Runbook

The runbook script is located downloaded sources

Its name is: Purge_AAD_group.ps1

Add the group ID in the variable $GroupID.

Test the Runbook

1. Click on Test pane

2. Click on Start

3. Once finished, you should see Completed

Publish the Runbook

1. Go to your Runbook

2. Click on Edit

3. Click on Publish

4. Click on Yes

Schedule the Runbook

1. Go to your Runbook

2. Click on Schedules

3. Click on + Add a schedule

4. Click on Link a schedule to your runbook

5. Click on + Add a schedule

6. Type a schedule name

7. In Recurrence, select Recuring

8. Click on Create