See Delegating Access with a Shared Access Signature. My normal use case for this scenario is to support people who are preparing older devices when they are getting reinstalled from Windows 7 to Windows 10. Stay current with Windows Autopilot innovations and updates. Therefore we create an Azure Automation variable IntuneClientId and we need the tenant ID as a variable, we use Tenant as identifier: Additional variables needed for Azure Blob Storage access: Additional variables needed for Microsoft Teams Channel notification: These are the added variables to the Automation Account, remember to add the StorageKey and TeamsWebhookUrl as encrypted variables for further protection: The subscription URL can be found as shown below: We took care of the right drivers and in the end we let the device start the OOBE again (sysprep.exe /oobe /reboot|shutdown). To fix this issue, please see Windows Autopilot - known issues. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format: See the following sample output: (use the horizontal scroll bar at the bottom to view long lines). On the Add Distribution Points or Add Distribution Point Groups wizard, specify content destinations that let the task sequence retrieve the JSON file. MVP Award – Congratulations 2018-2019 Microsoft MVP! I’m trying to use the solution, but it seems the Start-command function executes multiple times on my test device. Enter the following lines and provide Intune administrative credentials: Be sure that the user account you specify has sufficient administrative rights. This version can also be used to be executed via Microsoft Intune Management Extension to run it on existing Windows 10 devices. Exception calling “GetDirectoryName” with “1” argument(s): “The path is not of a legal form.” In this case using a bootable USB with a customized TS. Now this device was ready for OOBE and was delivered to the user. My example uses MDT. Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. It was great to have feedback from fellow IT Pros on modern management and Windows AutoPilot topics. I would recommend reading that to get more details. The Azure Active Directory tenant name that should be used, for example: tenant.onmicrosoft.com. It provides the capability to join Azure AD and the usage of a Windows as a Service model. Both dependencies can be in the same execution directory or if not available they are downloaded from an additional Blob Storage container named resources. I am wondering if you have a solution to test this first before deploying via intune management extension. The script is provided "AS IS" with no warranties. This key is stored in Key Vault. After updating to Windows 10, make sure to register the device so it has the Autopilot experience when the PC resets. In the meantime the import was done in the backend and everything is registered. I have an enhanced version of the gather script now which can be found on my GitHub account and is also shown below. Following are the technical components of Windows Autopilot process or service. The file also must be encoded as ANSI. ( Log Out /  The URL should end with the subscription GUID only (like highlighted): The Teams Webook URL can be found as shown below: Applies to. See the following example: If this is the first time you’ve used the Intune Graph APIs, you’ll be prompted to enable Microsoft Intune PowerShell read and write permissions. When you purchase from them, your employees receive devices ready to go, just by signing in, with no help from IT. Greate guide! How to make all Windows devices in your organization to OOBE screen? I will do my best to fix them as it should be a reliable part during preparing old devices with Windows 10. Requires Azure Active Directory Premium for automatic MDM enrollment and custom company branding. I observed that it took several hours sometimes. is one of the important entity of Autopilot service. Enrollment status page policy is a global policy and once enabled it’s applicable for all the users. Copyright © 2020. With Windows Autopilot for existing devices, you create a configuration file and deploy it with a Configuration Manager task sequence. ( Log Out /  As I mentioned in the above section of this post, I would recommend reading my previous post about Windows Enrollment Status Screen Troubleshooting. The URL should end with the subscription GUID only (like highlighted): TeamsWebHookUrl: . With restrictions my solution makes sure your device gets registered during the reinstall and can fulfill the AP register requirement to go through the enrollment restriction for personal Windows 10 devices. best, IT Admin – Navigate to Azure Portal -> Microsoft Intune -> Device Enrollment – Windows Enrollment-> Windows AutoPilot Devices -> Click on IMPORT button -> select the CSV file and upload. Windows Autopilot offers a simple approach to help your users get set up quickly with a few simple clicks and their Azure AD credentials. When someone finds bugs or problems with the solution let me know and leave a comment. Posts on Microsoft Azure, IoT, Security & Automation. When you're finished specifying content distribution, click, In the Deploy Software Wizard enter the following. Use existing AzCopy.exe and. Select the Autopilot for existing devices config package created earlier and click OK. An example is displayed at the end of this section. How to make all Windows devices in your organization to OOBE screen? Finally we grant the selected permissions to the newly registered application. So again without restriction you could go this way now. This section is to give you an understanding of the elements involved in the service. In the Task Sequence Editor under the Install Operating System group, click the Apply Windows Settings action. Here's how using co-management and Autopilot together can help you right now: Windows Autopilot uses the OEM-optimized version of Windows 10 that's preinstalled on the device.