In this post I will be showing you how to import Windows AutoPilot devices into Intune using PowerShell command. There is a script available on PowerShell gallery which can be downloaded to execute the import of hardware hash of device into Intune directly.
Why we need to import the hardware hash into Intune
Let’s first discuss on why we need to import the hardware hash into Intune. If you are coming from Configuration Manager / SCCM background it will be easy to understand. You need to target a task sequence to “All Unknown Computers” collections so as operating system build can be performed. But in Intune, we can’t let allow everyone to join company resources hence “All Unknown Computers” collection / group sort of thing is not there.
To make sure that only Company / organization related devices are the one who should be able to complete the build using AutoPilot by joining it to Azure AD or Hybrid Azure AD, we need to import the hardware hash of the device into Intune Portal.
Based upon hardware hash imported, we can create Deployment Profiles under Windows Autopilot Deployment program from Microsoft Endpoint Manager admin center.
Note: Usually this is not required on daily basis for your new devices as the vendor such as Dell / Lenovo etc will be responsible for uploading the hardware has on your behalf when you procure the devices from them and have appropriate tie up with them.
Import Hardware hash – Multiple ways
There are multiple ways to import the hardware hash. The module Get-WindowsAutpilotInfo can create csv file and “Online” switch which automatically uploads the hardware hash to Intune.
Import Hardware Hash – online
Hardware hash info is available for device under WMI (Windows Management Instrumentation), hence you can generate it either in full OS or during OOBE when Operating system installation is happening.
Using this method, we are not going to generate any csv but directly uploading the hardware hash to Intune by connecting to Azure AD tenant online, hence making the process very simple.
Below mentioned PowerShell commands will be same when used in full OS.
Once we are on OOBE page, press Shift + F10 to open cmd prompt and type PowerShell to open PS console.
During first OOBE screen, press Shift + F10 to open command prompt. Type PowerShell to open powershell within command prompt console. Lets try to find the script online:
Find-Script -Name Get-WindowsAutoPilotInfo
NuGet provider is required to continue, type “Y” to continue.
We can see that Get-WindowsautoAutoPilotInfo is available in PSGallery Repository. Lets download and install the script:
Install-Script -Name Get-WindowsAutoPilotInfo
Press Y twice, one for adding the Path variable to existing one where script is getting installed ie. ‘c:\Program Files\WindowsPowerShell\Scripts” and another to install it through “Untrusted repository”
Set-ExecutionPolicy -ExecutionPolicy bypass -Force
Get-WindowsAutoPilotInfo.ps1 -Online or Get-WindowsAutoPilotInfo -Online
Using “Online” parameter will require credentials so that you can connect to your Azure Tenant and will automatically uploads the hardware hash. This will also install WindowsAutopilotIntune module.
You will get Permissions Requested message as Microsoft Intune PowerShell will perform the activity of uploading the hardware hash, check the box “Consent on behalf of your organization” and click Accept.
Here we can see that device info imported successfully to Intune tenant by looking for serial number.
We can check and confirm the status on MEM portal as well by navigating to Home > Devices > Enroll devices > Devices.
Import Hardware Hash using csv
We will use another way to import the hardware hash, this time generating the csv file and then importing it using MEM Admin Center manually.
If you have Configuration Manager installed, you can import all devices using SCCM report, you may also have option to just import few hardware hash into Intune portal, you may check the link Import autopilot devices using sccm.
Once again to clarify, this set of commands can be run either on full OS or during OOBE phase.
Run following commands which includes creating a specific folder, downloading the script and running the script to save the file:
New-Item -Type Directory -Path “c:\HardwareHash”
Set-Location -Path “c:\HardwareHash”
$env:Path +=”;c:\Program Files\WindowsPowerShell\Scripts”
Set-ExecutionPolicy -ExecutionPolicy Bypass -Force
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo -OutputFile HardwareHashDevice.csv
This will generate the csv file under c:\Hardwarehash.
When trying opening the csv file ie. HardwareHashDevice, it might not look readable but important key takeaways are column required for Autopilot which consists of:
Device Serial Number,Windows Product ID,Hardware Hash
We are ready to import the hardware hash into the portal. Go to MEM portal and navigate to Home > Devices > Enroll devices > Devices. Click on Import to Add Autopilot devices. Specify the path for csv file we recently created.
If csv format is correct, you will see “Rows formatted correctly” message, click on Import.
Importing Devices sometimes takes time, as this is single device it should be fast enough but if you have multiple devices, it can take a while to successfully import the device.
Under Windows Autopilot devices, we can see the device got added successfully.
Alternatively, importing process can also be done through Microsoft 365 admin center by navigating to Devices > AutoPilot > Add devices.
Note: if you don’t have internet connectivity on a device, you can download the Get-WindowsAutoPilotInfo from Powershell gallery using the link and can run offline to generate csv.