As I mentioned in my previous post, there is a new community version of the WindowsAutopilotIntune PowerShell module that I created a few years ago (needed because the “official” Intune modules don’t include any beta Graph objects, and the Autopilot objects seem to be permanently stuck in beta). But there are actually three different ones available. Each of those, and the current differences with the previous “official” versions, are described below.

You can install and use these scripts and modules as simple drop-in replacements for the “official” versions, and since these community versions address issues that you’re likely going to run into, I’d suggest doing just that. Interestingly, these community versions are also signed, unlike the versions from Microsoft. (There is at least a reason why Microsoft’s aren’t signed: they are published as samples, which avoids a bunch of extra work; signing them would indicate that they are no longer samples.)

Since these are hosted on GitHub, you can always fork the repo, make changes as you see fit, and then submit a pull request back to the original repo to contribute to the community.

Get-WindowsAutopilotInfoCommunity

The Get-WindowsAutopilotInfoCommunity script has several changes over the latest Get-WindowsAutopilotInfo script:

• New -Wipe switch (requires -Online as well) will tell Intune to initiate a wipe of the OS after an Autopilot profile has been assigned.
• New -Sysprep switch initiates a “sysprep.exe /oobe /reboot /quiet” command to sysprep the machine. After the machine reboots, it will go through OOBE again, so if you registered the device and applied a profile, it will then go through the Autopilot process.
• New -Delete switch (requires -Online as well) will remove the device from Autopilot/Intune/AAD before reimporting it. This is useful if you want this to behave as a brand new device (since this would remove the device from groups).
• New -UpdateTag switch (requires -Online as well) can be used to set the group tag on an existing Autopilot-registered device.
• New -NewDevice switch (requires -Online as well) to bypass checks to see if the device already exists in AAD.
• New -Preprov switch was added that presses the escape key five time to initiate the pre-provisioning (white glove) process.
• New logic was added to support Graph v2 to automatically load the Graph v2 modules needed for the script so that you don’t need to manually install these first. Interestingly, the dependency on WindowsAutopilotIntune was removed with most (all?) of the cmdlets from that module added directly into this new script.
• Logic was added to clean up the temporary Autopilot imported device objects once the import is complete. (This was an oversight in the original script, based on incomplete documentation on how the imported device objects in Intune worked.)

Looking at the code, I would suggest being careful with the -Delete and -UpdateTag switches as they will retrieve complete lists of Autopilot and Intune devices and then filter those lists locally to find the right device to process. That likely won’t work well on large tenants.

Get-AutopilotDiagnostics.ps1

The Get-AutopilotDiagnosticsCommunity script has fewer changes from the latest Get-AutopilotDiagnostics script:

• Fixed an error handling the LastLoggedState for Win32 apps. (It was relatively harmless, but did display an error to the console before this was fixed.)
• Added support for Graph v2 authentication for the -Online switch, and also added support for app-based authentication using new -Tenant, -AppId, and -AppSecret switches (all of which are used with -Online). As with the Get-WindowsAutopilotInfoCommunity script, it removed the dependency on the WindowsAutopilotIntune script by copying the logic into this script.

WindowsAutopilotIntuneCommunity module

The WindowsAutopilotIntuneCommunity module has a few updates too:

• Added support for Graph v2 modules. To help with this, the Connect-MSGraphApp cmdlet has been replaced with Connect-ToGraph; that cmdlet has an additonal -scopes parameter that may need to be specified if you call it directly.
• Modified most of the cmdlets so that they call Connect-ToGraph with the right scope details automatically. If you need to do app-based authentication, you can specify the needed parameters (-Tenant, -AppId, -AppSecret) directly on this cmdlet. (This is a little weird because it will potentially call these authentication methods repeatedly. But at least they recognize that you are already authenticated and won’t prompt again once you’ve authenticated.)
• Some logic was added to handle serial numbers that contain spaces. (This seems like a bad thing overall. When a space is found, it will search for devices with the serial number starting with the value up to the first space, which might cause duplicates to be selected.)
• Logic was added to handle the CloudAssignedRegion property in a generated AutopilotConfigurationFile.json file (as described in my previous blog).