Quite some time ago, ConfigMgr added an inventory class that gathers the hardware hashes needed to register devices with Windows Autopilot from every Windows 10 device that it is managing. Those are stored as part of the standard ConfigMgr inventory, in the SMS_G_System_MDM_DEVDETAIL_EXT01 WMI class. Combine that with the serial number from SMS_G_SYSTEM_PC_BIOS and you have all the information that you need to add those devices to Windows Autopilot.
To help with that process, I uploaded a new sample script to the PowerShell Gallery. It’s not a particularly sophisticated script, but it gets the job done: It grabs a list of all the hashes from WMI, a list of all the serial numbers from WMI, merges them together, and creates a CSV file with the result. You can find that script at https://www.powershellgallery.com/packages/Get-CMAutopilotHashes.
To use that script, it’s easiest to log onto your ConfigMgr server (although you can run it remotely by adding a computer name parameter and credentials if you want to). From there, you can install the script (using “Install-Script Get-CMAutopilotHashes”) or download it manually, and run it like so:
Notice the warnings? Those are from hashes that are present in ConfigMgr without corresponding serial numbers – don’t ask me why that is happening, seems like my site server has a little garbage floating around in it. But for the one active Windows 10 device that I do have, the hash was written to the specified CSV file, which you can then upload to Intune, either manually or using the WindowsAutopilotIntune module’s Import-AutopilotCSV file. (Note that Intune has maximum row counts when uploading, so if you have lots of devices you might need to break the CSV file into pieces and upload them separately. If you use Import-AutopilotCSV, it might let you do larger batches, but it will eventually generate a Graph throttling error, so it would be best to break it up for that too if you have thousands of devices.)
If you want to add a group tag, you can specify that at the command line too by adding a “-GroupTag Blah” parameter.
Of course your other (easier, automatic) alternative to doing all of this is to get the devices Hybrid Azure AD Joined (registered in Azure AD) and co-managed. If you do that, you can take advantage of the Intune “Convert all targeted devices to Autopilot” setting:
As long as the co-managed devices are in a group that is targeted by an Autopilot profile that has the “Convert all targeted devices to Autopilot” setting enabled, Intune will automatically reach out to each device, grab the hardware hash via MDM, and then register the device via Autopilot and assign the profile to it.
Categories: Windows Autopilot