Skip to content

Autopilot Device Preparation: How to Collect Windows Corporate Device Identifier

On May 22nd, Microsoft announced a new profile type for Windows Autopilot called “Windows Autopilot Device Preparation.” This profile aims to simplify device deployment, increase speed, and improve troubleshooting capabilities. Microsoft’s documentation is already available, and several blog posts cover the overall routines and potential pitfalls related to device preparation. This post will complement this information by providing a small script that collects the new corporate device identifier data in the correct CSV format.

Table Of Contents

The Windows Corporate Device Identifier

You should read the blog post “Windows deployment with Autopilot Device Preparation” from MVP Joey Verlinden to get an overview of the new feature and the blog post “Autopilot Device Preparation” from MVP Rudy Ooms to get the details. MVP Michael Niehaus has also released a great post digging into the new Autopilot feature: Digging into Windows Autopilot v2 – Out of Office Hours (oofhours.com)

After finishing these posts, you will know about the new Corporate Identifier needed to enroll devices in tenants where personally owned enrollment of Windows is restricted.

Instead of uploading hardware hashes for the devices, we will now utilize Intune’s corporate identifier enrollment feature. This enables pre-uploading of device identifiers like serial numbers, manufacturers, and models, ensuring only verified devices complete the Autopilot enrollment in your tenant. Unlike the hardware hash solution known from Autopilot v1, this will not lock the device to the tenant.

Export The Corporate Device Identifier

As for hardware hashes, there are several ways of getting the corporate identifiers. If you have a device available at your desk, the easiest way might be to run a script to create the CSV output – just like the well-known Get-WindowsAutopilotInfo script.

I haven’t found any scripts to export the corporate identifier needed for Autopilot device preparation. Here is my first take on how to make this export as simple as possible:

Community-By-SSkotheimsvik/Microsoft/Intune/Get-WindowsCorporateIdentifer.ps1 at main · SimonSkotheimsvik/Community-By-SSkotheimsvik (github.com)

<#
  .NOTES
  ===========================================================================
   Created on:   	04.06.2024
   Created by:   	Simon Skotheimsvik
   Filename:     	Get-WindowsCorporateIdentifier.ps1
   Info:            https://skotheimsvik.no
  ===========================================================================
  
  .DESCRIPTION
    This script gets a CSV with corporate identifier data from Windows10 and Windows 11
    to be used in Microsoft Intune for Autopilot Device Preparation.
#>

# Capture the output from WMI objects
$computerSystem = Get-WmiObject -Class Win32_ComputerSystem
$bios = Get-WmiObject -Class Win32_BIOS

# Combine the results into a single string
$data = "$($computerSystem.Manufacturer),$($computerSystem.Model),$($bios.SerialNumber)"

# Write the data to a CSV file without headers
Set-Content -Path "system_info.csv" -Value $data
PowerShell

A shorter one-liner, if you fancy, can be like this:

(Get-CimInstance Win32_ComputerSystem).Manufacturer+','+(Get-CimInstance Win32_ComputerSystem).Model+','+(Get-CimInstance Win32_BIOS).SerialNumber
PowerShell

The output of this first script will be a CSV like this:

Please note that the file does not have the headers a well-formatted CSV file would have. If there are headers in the file, the header will actually be imported as a device identifier in Intune.

The picture above shows why you shouldn’t include headers in the CSV file.

Import The Corporate Device Identifier

The import of the CSV is performed in Intune – Devices – Enrollment – Corporate Identifiers blade. Pay attention to the new Windows Autopilot device preparation in the following screenshot.

In the Corporate device identifiers blade, I now have the option to upload a CSV file and select the new “Manufacturer, model and serial number (Windows only)” option.

The file will upload, and the device will now be listed:

corporate device identifier

If you want to dive into uploading the device identifiers using Graph API and PowerShell, you should take a look at MVP Damien Van Robaeys post where he dives into these possibilities: Autopilot Device Preparation: Import Corporate Device Identifier using Graph API and PowerShell | Syst & Deploy (systanddeploy.com).

MVP Andrew Taylor has now also released an updated version of the “get-windowsautopilotinfocommunity” PowerShell script with support for Autopilot Device Identifier. You can export device details to CSV, or upload them directly to Intune Graph. Read more of this announcement here: Autopilot Device Identifier with Graph – Now in Get-windowsautopilotinfocommunity – Andrew Taylor (andrewstaylor.com)

This device is now given a corporate identifier in this tenant, allowing it to onboard even though I have configured a block for personally owned Windows devices. Also, note that the device is not locked to a tenant like when using the hardware hash. This will help against challenges described in the following blog post: Simon does Autopilot Nightmare: How a Simple Mistake Turned My PC into a Digital Captive! Thanks to MVP Jose Schenardie for sharing that knowledge on X.

Please refer to these external resources to learn more about the new and upcoming Windows Autopilot Device Preparation.

External Resources

Published inAutopilotIntunePowershellWindows

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.