Some of you have noticed that the WindowsAutopilotIntune module is working differently than it did before, mainly due to the Connect-AutopilotIntune cmdlet disappearing from the module. There’s a good reason for that: The module had previously used its own authentication logic, which then meant that you needed to authenticate twice if you wanted to do some stuff with Windows Autopilot and other stuff with the broader Intune Graph API classes. So, with this new release, the WindowsAutopilotIntune module is now built on top of the Microsoft.Graph.Intune module. That means you now need to authenticate using the Connect-MSGraph cmdlet. If you execute that without any command line parameters, this is what you’ll see:
So you can choose the account you want, authenticate, and then use that to interact as required:
You’ll also notice that there are some additional cmdlets now, integrating the additional cmdlets that Damien Van Robaeys authored and published to GitHub (also modifying those to use the Microsoft.Graph.Intune module at the same time). I haven’t done any extensive testing of those, so try them out and let me know if you see any issues.
So with these cmdlets and the use of Microsoft.Graph.Intune, you can now do things like this, while authenticating only once:
While the Microsoft.Graph.Intune module does have some Azure AD cmdlets related to group management, you might still need to use the AzureAD module to get additional information from Azure AD, and that will still require authenticating again. But I suspect that’s a little more rare.
Note that the Microsoft.Graph.Intune module supports app-based authentication too, so now the Autopilot cmdlets do as well.
Categories: Microsoft Intune, Windows Autopilot
Hi Michael, when i run the ConvertTo-AutoPilotConfigurationJSON it throws a error that Get-Organization is not recognized.
Do you have a recent version of the Microsoft.Graph.Intune module installed? That Get-Organization cmdlet is part of it, at least in the 6.1907.1.0 version that I am using. (You can check the version with Get-Module.)
Thankd Michael, that worked!
If I’m a guest on one AAD with Intune enabled and have Intune on my actual domain and the guest domain gave me Intune admin, how do I connect to their tenant and not my own? I try using Connect-MSGraph -ForceInteractive and I login with my domain username (guest account) and I only connect to my tenant. I can’t switch tenants like i can when I connect using Connect-AzAccount -Tenantid “”
See the blog immediately after that one: https://oofhours.com/2019/11/08/multi-tenant-intune-graph-api-usage-via-powershell/
Is there a way to create a self-deploy autopilot profile that skips the privacy experience? I have my self deploy profile running perfectly from Intune except there’s no option to hide the privacy settings page like there is for user-driven deployment.
That’s supposed to happen automatically. If you are seeing that, open a support case via the Intune “Help and support” node.