In this blog post we will cover the options of Windows 10 Device Hash Capture using the Get-WindowsAutoPilotInfo Script created by Michael Niehaus.
Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this registration is performed by the OEM, reseller, or distributor from which the devices were purchased. However, the registration can also be done within your organization by collecting the hardware identity and uploading it manually. – You can find more on Adding Devices and Autopilot Here.
The Powershell Script can only be run from inside of Windows 10. There is currently no WinPE Support! Sad I Know.
When adding the devices into Intune, There are two known options, either use the provided script or ask your OEM/Reseller/Distributor to upload the data on purchase of the devices.
For this blog post we will focus on the Manual Method of Obtaining the Device Hash and the two options provided with the script – Exported to a Csv and Online Direct Upload.
Option 1 : Device Hash Capture to Csv File
For this example, We will be using a Windows 10 2020 Virtual Machine, Which has a clean install and has not been set up the Virtual Machine is still on the OOBE Stage as to save time on having to reset the machine. The USB Device will be simulated by mounting a vhdx file to the virtual machine which will have the Get-WindowsAutoPilotInfo downloaded onto. to start from the OOBE Screen we need to open a CMD Prompt using SHIFT + F10.
By default the ability to execute Powershell Scripts in blocked for security. We need to change this to be able to run the script using the following command:
Powershell.exe Set-ExecutionPolicy RemoteSigned -Force
Powershell.exe .\Get-WindowsAutoPilotInfo.ps1 -OutputFile DeviceCapture.Csv
The Csv File is generated and contains the serial number and the Device Hash.
Uploading your Device Hash to Microsoft Intune.
So we have out Device has file, Yes if you have multiple devices you can stack the results into a single Csv.
However we have our single windows 10 VM.
I Should note that for the Lab to work you will need an Office 365 Tennant and an Enterprise and Mobility E3 License.
From the Microsoft EndPoint Portal : Microsoft Endpoint Manager admin center
Select Devices.
Select “Device Enrolment”
From the “Windows Autopilot Deployment Program” – Select “Devices”
From the menu options select “Import”
Locate the Device Capture Csv File and Upload
The Device import can take up to 15 Minutes
Once the device import has completed the computer will show up as shown below.
Option 2 : Device Hash Capture and Online Upload
In this example we will use Online Upload Functionality in the Get-WindowsAutopilotInfo Script.
NOTE: For this example the Powershell Execution has all ready been configured to “RemoteSigned”
Powershell.exe Set-ExecutionPolicy RemoteSigned -Force
This time instead of using the -Output File Parameter we change it to -Online
Powershell.exe .\Get-WindowsAutoPilotInfo.ps1 -Online
Using this method will install the WindowsAutoPilotIntune Module
Once the module install has completed you will get an Microsoft Login Prompt
The First time you sign in you will get a prompt to allow access to PowerShell
Device Import Starts
This completes the device pre-staging into AutoPilot. You can then send the computer direct to the customer/end user for a Zero Touch Sign On and Setup – Which will be covered in a later blog post.