Post

Automating Intune Device Registration with PowerShell and Microsoft Graph

Posted
Preview Image
By Klaas Mondria
3 min read

This tutorial explains how to automate Intune device registration using a PowerShell script integrated with Microsoft Graph. The script simplifies collecting hardware hashes, registering devices in Autopilot, and assigning group tags.

Prerequisites

Before running the script, ensure you have:

  • An Azure tenant with Microsoft Intune.
  • Admin permissions to register an application in Azure AD.
  • PowerShell 5.1 or later installed.

Step 1: Prepare Your Environment

Before running the script, you need an Azure app registration configured to securely interact with Microsoft Graph API.

App Registration

To avoid entering credentials during the process, you must register an app in Azure. Follow these steps:

  1. Go to Azure App Registrations.
  2. Click New Registration.
  3. Enter “Autopilot Registration” as the name and select Register.
  4. In the left menu, select API Permissions and click Add a permission.
  5. Choose Microsoft Graph, then select Application permissions.
  6. Search for and select the following permissions:
    • DeviceManagementServiceConfig.ReadWrite.All
    • Directory.ReadWrite.All
    • GroupMember.ReadWrite.All (optional, if adding devices to a group)
  7. Click Add Permissions.
  8. Select Grant admin consent for [your-tenant].onmicrosoft.com, then click Yes.
  9. In the left menu, go to Certificates & Secrets, then click New client secret.
  10. Enter “Autopilot Registration Secret” as the description.
  11. Choose an expiration period (e.g., 24 months) and click Add.
  12. Copy the Value of the client secret and store it securely (e.g., in a password manager).
  13. In the left menu, go to Overview and copy the Application (client) ID and Directory (tenant) ID. Store them together with the client secret.

Step 2: Install the PowerShell Script

Run the following command in PowerShell:

1

Install-Script Get-WindowsAutoPilotInfo

This downloads the script to:

1

C:\Program Files\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1

Alternatively, download the script from this repository.

Step 3: Create a CMD File

Create a new file named Autopilot.cmd and add the following line:

1

powershell.exe -ExecutionPolicy Bypass -File .\Get-WindowsAutoPilotInfo.ps1

Step 4: Script Parameters

The script supports several parameters to customize its behavior:

ParameterDescription
-OnlineEnables online operation with Microsoft Graph and Intune.
-TenantIdAzure tenant ID.
-AppIdAzure App Registration Client ID.
-AppSecretClient Secret for authentication.
-AddToGroupAdds devices to an Azure AD group.
-AssignedComputerNameAssigns a custom device name.

Customize Parameters in the PowerShell Script

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

[CmdletBinding(DefaultParameterSetName = 'Default')]
param(
	[Parameter(Mandatory=$False,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True,Position=0)][alias("DNSHostName","ComputerName","Computer")] [String[]] $Name = @("localhost"),
	[Parameter(Mandatory=$False)] [String] $OutputFile = "", 
	[Parameter(Mandatory=$False)] [String] $GroupTag = "",
	[Parameter(Mandatory=$False)] [String] $AssignedUser = "",
	[Parameter(Mandatory=$False)] [Switch] $Append = $false,
	[Parameter(Mandatory=$False)] [System.Management.Automation.PSCredential] $Credential = $null,
	[Parameter(Mandatory=$False)] [Switch] $Partner = $false,
	[Parameter(Mandatory=$False)] [Switch] $Force = $false,
	[Parameter(Mandatory=$True,ParameterSetName = 'Online')] [Switch] $Online = $false,
	[Parameter(Mandatory=$False,ParameterSetName = 'Online')] [String] $TenantId = "",
	[Parameter(Mandatory=$False,ParameterSetName = 'Online')] [String] $AppId = "",
	[Parameter(Mandatory=$False,ParameterSetName = 'Online')] [String] $AppSecret = "",
	[Parameter(Mandatory=$False,ParameterSetName = 'Online')] [String] $AddToGroup = "",
	[Parameter(Mandatory=$False,ParameterSetName = 'Online')] [String] $AssignedComputerName = (Read-Host -Prompt "Enter device name"),
	[Parameter(Mandatory=$False,ParameterSetName = 'Online')] [Switch] $Assign = $false, 
	[Parameter(Mandatory=$False,ParameterSetName = 'Online')] [Switch] $Reboot = $false
)

Prompting for Parameters

If needed, you can prompt for a parameter within the script:

1

[String] $AssignedComputerName = (Read-Host -Prompt "Enter device name")

Step 5: Copy Files to USB Stick

Place both the Autopilot.cmd and PowerShell script on a USB stick for deployment.

Step 6: Run the Script with Microsoft Graph

  1. On the OOBE screen, press F10 to open the Command Prompt.
  2. Navigate to the USB stick containing the scripts:
1

D:
  1. Run the CMD file:
1

Autopilot.cmd

Conclusion

Using this script, you can automate device registration in Microsoft Intune via Microsoft Graph, making deployment seamless and efficient.

Microsoft
Entra Intune
This post is licensed under CC BY 4.0 by the author.