Updated 2023-06-12 16:32 PST. Version 3.8 of Get-WindowsAutopilotInfo has been posted, fixing the -AddToGroup dependencies. So everything should be working as expected now, and using the new Microsoft.Graph modules.
Updated 2023-06-12 14:07 PST. Now version 3.7 of Get-WindowsAutopilotInfo has been posted, changing the Write-Information lines back to Write-Host. But there’s another problem with -AddToGroup, updated the text below to reflect. Also, version 5.3 of WindowsAutopilotIntune was posted to revert the Write-Host changes and to fix the bug mentioned below.
Following up on my previous post, a new version 3.6 of Get-WindowsAutopilotInfo.ps1 has been published to the PowerShell Gallery, with changes to use the new Microsoft.Graph modules.
A comparison of the new version to the previous 3.5 version shows that there were also some other changes made: all the Write-Host commands have been changed to Write-Information. The result of that is a very quiet script:
It did what it was supposed to, but you get no useful output. If you want it to be chatty like it was before, you need to add “-InformationAction Continue” to the command line:
Note that the -AddToGroup switch is still broken:
You can work around this by manually installing Microsoft.Graph.Groups via “Install-Module Microsoft.Graph.Groups” and Microsoft.Graph.Identity.DirectoryManagement via “Install-Module Microsoft.Graph.Identity.DirectoryManagement” before running Get-WindowsAutopilotInfo.ps1 with the -AddToGroup switch.
There were also related changes made to the WindowsAutopilotIntune module, mostly to support the Microsoft.Graph modules, but also the same Write-Information changes and a few other tweaks:
- They fixed a bug in the previous version with “hybridAzureADJoinSkipConnectivityCheck” (I had a typo, specified “checks” instead of “check”).
- They introduced a new bug in the Add-EnrollmentStatusPage function. If someone who can fix this is reading this blog, line 1314 is missing a $ on the variable name. (Most people won’t notice this bug.)
In theory, the WindowsAutopilotIntune module could go away as soon as the related Intune graph objects switch from “beta” to “v1”, at which point the automatically-generated Intune modules would likely suffice, but since that hasn’t happened yet, the module is still needed.
Share this:
Categories: Windows Autopilot
Out of Office Hours 
Hey Mike I’ll let the devs know about the bug.
LikeLike
Thanks. I also updated the blog to reflect another problem: the -AddToGroup switch doesn’t work unless you manually install two other modules first.
LikeLike
Thanks Mike. I let the devs know.
LikeLike
There’s one other issue: This line in WindowsAutopilotIntune.psd1 should list all the external modules that are required, so that they are installed automatically when the module is installed:
RequiredModules = @(‘Microsoft.Graph.Intune’)
It works fine when used with Get-WindowsAutopilotInfo.ps1 since those modules are explicitly installed and loaded by that script, but it fails when using WindowsAutopilotIntune without manually installing those modules first.
LikeLike
Thanks again Mike. I gave the devs the further feedback. I think they have already fixed some of the items that you have reported.
LikeLike
Hi Michael, thanks for the very useful blog post (both this one and the previous one on June 9th). Until I ran into your blog, I couldn’t find any proper information on this. One question I have, and don’t know if you can point me in the right direction, we used to be able run Get-WindowsAutoPilotinfo.ps1 -Online with a user account granted the Intune Device Manager role (and no higher admin access). However this permission is now not enough (presumably because the script now requires some permissions in MS Graph. Do you know (or can you point me in the right direction) which MS Graph permissions we should grant to our dedicated AP profile assignment account for this following principle of least privileges?
Thanks, Giovanni
LikeLike
When you run the script for the first time, you should see a prompt for the permissions that it needs. It’s a little tricky as the script is reusing the Graph Explorer app ID.
LikeLike
Did you ever figure out what permissions are needed? I am having a hard time with it constantly prompting me for “permissions requested” and some vague list of permissions I can’t seem to correlate.
LikeLike
Check out Andrew’s post: https://andrewstaylor.com/2023/06/13/authenticating-to-new-get-windowsautopilotinfo/
LikeLike
Hi Michael
When checking from PSGallery Version 3.5 up to 3.8, i always get an identical Get-WindowsAutoPilotInfo.ps1 File. Is there something wrong in the PS Gallery?
LikeLike
Yes, the PSGallery web view is broken, it seems to show the same version of the script all the time. You can get the “right” version with “Save-Script Get-WindowsAutopilotInfo -RequiredVersion 3.5 -Path c:\” or something similar.
LikeLike
There is at least 1 additional bug: a typo in the Get-AutopilotDevice commandlet
One of the commands invokes “Invoke-MgGraphRequest” which doesn’t exist. It’s supposed to be “Invoke-MsGraphRequest”
LikeLike
No, Invoke-MgGraphRequest is right, but there is still an issue with the module dependencies — it’s not loading the right Microsoft.Graph modules. They can be loaded manually.
LikeLike
This is great news and completed much faster than I expected. Thanks for staying on top of this and updating us as it developed.
LikeLike
Hey Mike. Just for your information. I had no problems with the Microsoft.Graph.Groups Module and had not to manually install it before. Maybe this was also fixed because of your hint? 🙂
LikeLike
Yes, they fixed the problem if you run Get-WindowsAutopilotInfo. The only remaining issue is that installing WindowsAutopilotIntune doesn’t also install the dependencies there, but that only matters if you are using WindowsAutopilotIntune stand-alone.
LikeLike
Hi Michael
Unrelated to this post (as I can’t comment on your old posts) do you know if there’s anyway to fully skip the Windows 11 OOBE? The “Checking for Updates” step seems to still run with all the relevant SkipOOBE / HideEULA type settings that worked for W10 in my Unattend.xml file
LikeLike
Hey Michael, do we know who at Microsoft is updating the WindowsAutoPilotIntune module now? A lot of the commands (Get-IntuneMobileApp is the one I first noticed) aren’t working anymore when using Connect-MsGraphApp for authentication but Connect-MsGraph doesn’t have the options needed to connect that way.
LikeLike
Well, Get-IntuneMobileApp isn’t part of WindowsAutopilotIntune 🙂 I haven’t looked at the other Intune modules, but I suspect there are updated versions that use new authentication methods.
LikeLike
Dear Michael, with the new Version we are running into an error. “The Parameter “Access Token” can not …..The Value XYZ Type System.String can not be converted into Type System.Security.Secure.String. The Error is in Line 171, $graph = connect-MSGraphApp -Tenant……. seems to be a problem with the $AppSecret.
You may have any ideas?
Best, Patrik
LikeLike