Automatically import Windows Autopilot devices using a remediation script and Azure Automation
In this post I will show you a solution allowing you to automatically register devices with Autopilot using a remediation script and Azure Automation.
How does it work ?
For this solution we will use:
- A Remediation script
- An Azure Automation runbook
Remediation script
Purpose: This script is used to get the Harware hash from devices and upload it to a SharePoint.
The remediation script will:
1. Get the hardware hash of devices
2. Save hash in a txt file
3. Upload txt in a SharePoint
4. TXT file name: DeviceName_SerialNumber.txt
In this method I don't use the Get-WindowsAutopilotInfo but get the hash manually.
Azure Automation runbook
Purpose: The runbook script is used to check hardware hash files and upload them on the Autopilot devices part.
The Automation runbook will:
1. Get all txt files from SharePoint
2. Get SN from the file name
3. Check in Autopilot if SN exists
4. If yes:
- Remove file from SharePoint
- Add device in exclusion group of Remediation script
5. If not
- Import device to Autopilot
- Remove file from SharePoint
- Add device in exclusion group of Remediation script
Get the script
Click on the below GitHub picture to get the script
Creating the SharePoint application
We will create a SharePoint application to upload devices list.
For that check my post here.
Remediation script part
The first step is to create an Exclusion group.
This group will be used to excluded devices that are already in Autopilot devices.
Then we will proceed as below:
1. Go to the Microsoft Endpoint Manager admin center
2. Go to Devices
3. Go to Remediations
5. Click on Create script package
6. Type a name
7. Click on Next
8. Click on Detection script file
9. Select the detection script
13. Click on Next
14. In Included groups, select a group
15. In Excluded groups, select a group
15. Schedule the script
16. Click on Apply
17. Click on Next
18. Click on Create
Azure Automation part
Creating the account
1. Go to Azure
2. In the search bar type: Automation accounts
3. Go to Automation accounts
4. Click on Create
5. Type a name
6. Choose a Subscription
7. Choose the Resource group
8. Choose your region
9. Click on Create
10. Wait a bit
11. Click on Go to resource
Adding permissions
Once the Managed Identity has been configured a new Enterprise application will be created.
Then you need to add permissions to do some actions, there permission to get info from the Autopilot events part.
The required permission is the following: DeviceManagementManagedDevices.Read.All
To add this permission you will need to use PowerShell, it can't be done through the portal.
For that use the script Assign_permission on my GitHub repo.
You just need to fill below variables:
- $TenantID: your tenant ID
- $DisplayNameOfMSI: name of your automation account
Adding modules
1. Go to your automaton acount
2. Click on Modules gallery
3. Search: pnp.powershell
4. Click on pnp.powershell
5. Click on Import
6. Click on OK
Creating a Runbook
1. Go to Azure
2. Go to Automation accounts
3. Go to Runbooks
4. Click on + Create a runbook
5. Type a name
6. In Runbook type, select PowerShell
7. Click on Create
How to use the script ?
Download the runbook script from my GitHub.
In this script set below variables
Adding script in Runbook
The runbook script is located downloaded sources
Its name is: Runbook_script.ps1
Testing the Runbook
1. Click on Test pane
2. Click on Start
3. Once finished, you should see Completed
Publishing the Runbook
1. Go to your Runbook
2. Click on Edit
3. Click on Publish
4. Click on Yes
Scheduling the Runbook
1. Go to your Runbook
2. Click on Schedules
3. Click on + Add a schedule
4. Click on Link a schedule to your runbook
5. Click on + Add a schedule
6. Type a schedule name
7. In Recurrence, select Recuring
8. Click on Create
Enregistrer un commentaire