Intune Onboarding: The Power of the Hardware Hash Script

Seamless Intune Onboarding: The Power of the Hardware Hash Script 🚀

Migrating existing Windows PCs to Microsoft Intune using Windows Autopilot can be a critical step in modern device management. While the ideal scenario is purchasing devices from an OEM or reseller who automatically uploads the device hashes, you often need a solution for your current inventory. This is where the hardware hash script—specifically the powerful Get-WindowsAutopilotInfo.ps1 PowerShell script—becomes your best friend.

This blog post will guide you through using the script to gather and import the necessary hardware hashes, streamlining your Autopilot registration process.

What is a Hardware Hash (and Why Do You Need It)?

A hardware hash (also known as a Hardware ID) is a unique, non-user-specific identifier for a Windows device. It's essentially a fingerprint of the device's hardware components.

You need this hash to register a device with the Windows Autopilot Deployment Service in your Microsoft Intune (Endpoint Manager) tenant. Once registered, the device is recognized by Microsoft's services during the Out-of-Box Experience (OOBE) and receives its assigned Autopilot profile, enabling zero-touch provisioning and simplified enrollment.

The Essential Tool: Get-WindowsAutopilotInfo.ps1

Microsoft provides a versatile PowerShell script in the PowerShell Gallery to extract the required hardware information: Get-WindowsAutopilotInfo.ps1. This script can be used in two primary ways:

1. Export to CSV: Gathers the hash and outputs it to a CSV file for manual upload to the Intune admin center.

2. Direct Online Upload: Gathers the hash and securely uploads it directly to your Intune tenant, eliminating the need for a CSV file and manual steps.

The direct online upload is generally the faster and less error-prone method.

Method 1: Direct Online Upload (Recommended) 🌐

This method is quick, requires fewer steps post-hash collection, and is excellent for enrolling a single device or a small batch with an administrative presence.

Prerequisites

• The Windows PC must be powered on and connected to the internet (wired or Wi-Fi).

• The user performing the script execution must have an Azure AD account with Intune Administrator or Global Administrator permissions.

• The PC should ideally be at the Out-of-Box Experience (OOBE) screen (the initial setup prompts) or running a supported version of Windows.

The Steps

1. Open PowerShell in OOBE: When the device is at the network selection screen (or any OOBE screen before the first user login), press Shift + F10 to open a Command Prompt.

2. Start PowerShell: Type powershell and press Enter.

3. Set Security Protocol (Optional but Recommended):

   PowerShell

   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

4. Install the Script: The script is downloaded from the PowerShell Gallery.

   PowerShell

   Install-Script -Name Get-WindowsAutopilotInfo -Force

   You may be prompted to install the NuGet provider and confirm an untrusted repository. Select 'Y' or 'A' (Yes to All) as appropriate.

5. Run the Script for Online Upload: Use the -Online switch to upload the hash directly.

   PowerShell

   Get-WindowsAutopilotInfo -Online

6. Authenticate: A Microsoft Azure AD login prompt will appear. Sign in with your Intune Administrator credentials. The script will securely gather the hash and upload it to your tenant.

7. Verify and Assign Profile:

   • Once the script reports success, go to the Microsoft Intune admin center > Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program).

   • Select Sync and then Refresh to see your newly registered device.

   • Assign an Autopilot Deployment Profile to the device or the security group it belongs to.

8. Restart/Continue OOBE: After the sync and profile assignment (which can take a few minutes), restart the device (if at OOBE) or proceed with the setup. It should now recognize the Autopilot profile!

Method 2: Export to CSV for Bulk Upload 💾

This method is better for bulk registration (up to 500 devices per CSV file) or if you want to perform the export and upload at separate times.

The Steps

1. Install the Script: Follow steps 1-4 from Method 1 to open PowerShell and install the Get-WindowsAutopilotInfo script.

2. Run the Script to Create a CSV: Use the -OutputFile parameter to save the hash to a file.

   PowerShell

   Get-WindowsAutopilotInfo -OutputFile C:\AutoPilotHWID.csv

   If collecting hashes from multiple devices onto a single USB drive, use the -Append switch to add subsequent device hashes to the existing CSV file.

3. Transfer and Upload the CSV:

   • Transfer the generated AutoPilotHWID.csv file from the PC (e.g., to a USB drive or network share).

   • Go to the Microsoft Intune admin center > Devices > Windows > Windows enrollment > Devices (under Windows Autopilot Deployment Program).

   • Click Import, select your CSV file, and click Import again.

4. Wait and Assign: Wait for the import to complete, Sync, and then assign an Autopilot Deployment Profile before running the Autopilot process on the device(s).

Troubleshooting Tips

By mastering the use of the Get-WindowsAutopilotInfo.ps1 script, you can efficiently enroll your in-stock or existing Windows PCs, making the leap to a modern, zero-touch deployment strategy with Intune and Autopilot. Happy enrolling!

Script to import Windows laptop/desktop into Intune