forked from andrew-s-taylor/WindowsAutopilotInfo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadd-check-PE.ps1
163 lines (129 loc) · 5.7 KB
/
add-check-PE.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
$ClientID = ""
$TenantID=""
$ClientSecret=""
$token_Body = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $clientId
Client_Secret = $clientSecret
}
$token_Response = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $token_Body
$token_Header = @{
"Authorization" = "Bearer $($token_Response.access_token)"
"Content-type" = "application/json"
}
<#
.SYNOPSIS
Adds a new device to Windows Autopilot.
.DESCRIPTION
The Add-AutopilotImportedDevice cmdlet adds the specified device to Windows Autopilot for the current Azure AD tenant. Note that a status object is returned when this cmdlet completes; the actual import process is performed as a background batch process by the Microsoft Intune service.
.PARAMETER serialNumber
The hardware serial number of the device being added (mandatory).
.PARAMETER hardwareIdentifier
The hardware hash (4K string) that uniquely identifies the device.
.PARAMETER groupTag
An optional identifier or tag that can be associated with this device, useful for grouping devices using Azure AD dynamic groups.
.PARAMETER displayName
The optional name (computer name) to be assigned to the device when it is deployed via Windows Autopilot. This is presently only supported with Azure AD Join scenarios. Note that names should not exceed 15 characters. After setting the name, you need to initiate a sync (Invoke-AutopilotSync) in order to see the name in the Intune object.
.PARAMETER assignedUser
The optional user UPN to be assigned to the device. Note that no validation is done on the UPN specified.
.EXAMPLE
Add a new device to Windows Autopilot for the current Azure AD tenant.
Add-AutopilotImportedDevice -serialNumber $serial -hardwareIdentifier $hash -groupTag "Kiosk" -assignedUser "anna@contoso.com"
#>
Function Add-AutopilotImportedDevice() {
[cmdletbinding()]
param
(
[Parameter(Mandatory = $true)] $serialNumber,
[Parameter(Mandatory = $true)] $hardwareIdentifier
)
# Defining Variables
$graphApiVersion = "beta"
$Resource = "deviceManagement/importedWindowsAutopilotDeviceIdentities"
$uri = "https://graph.microsoft.com/$graphApiVersion/$Resource"
$json = @"
{
"@odata.type": "#microsoft.graph.importedWindowsAutopilotDeviceIdentity",
"groupTag": "$groupTag",
"serialNumber": "$serialNumber",
"productKey": "",
"hardwareIdentifier": "$hardwareIdentifier",
"assignedUserPrincipalName": "$assignedUser",
"state": {
"@odata.type": "microsoft.graph.importedWindowsAutopilotDeviceIdentityState",
"deviceImportStatus": "pending",
"deviceRegistrationId": "",
"deviceErrorCode": 0,
"deviceErrorName": ""
}
}
"@
Write-Verbose "POST $uri`n$json"
try {
Invoke-RestMethod -Method Post -Uri $uri -Headers $token_Header -Body $json -ContentType "application/json"
}
catch {
Write-Error $_.Exception
break
}
}
Function Get-AutopilotImportedDevice() {
<#
.SYNOPSIS
Gets information about devices being imported into Windows Autopilot.
.DESCRIPTION
The Get-AutopilotImportedDevice cmdlet retrieves either the full list of devices being imported into Windows Autopilot for the current Azure AD tenant, or information for a specific device if the ID of the device is specified. Once the import is complete, the information instance is expected to be deleted.
.PARAMETER id
Optionally specifies the ID (GUID) for a specific Windows Autopilot device being imported.
.EXAMPLE
Get a list of all devices being imported into Windows Autopilot for the current Azure AD tenant.
Get-AutopilotImportedDevice
#>
[cmdletbinding()]
param
(
[Parameter(Mandatory = $false)] $id = $null,
[Parameter(Mandatory = $false)] $serial
)
# Defining Variables
$graphApiVersion = "beta"
if ($id) {
$uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities/$id"
}
elseif ($serial) {
# handles also serial numbers with spaces
$uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities/?`$filter=contains(serialNumber,'$serial')"
}
else {
$uri = "https://graph.microsoft.com/$graphApiVersion/deviceManagement/importedWindowsAutopilotDeviceIdentities"
}
Write-Verbose "GET $uri"
try {
$response = Invoke-restmethod -Uri $uri -Method Get -Headers $token_Header
if ($id) {
$response
}
else {
$devices = $response.value
$devicesNextLink = $response."@odata.nextLink"
while ($null -ne $devicesNextLink) {
$devicesResponse = (Invoke-restmethod -Uri $devicesNextLink -Method Get -Headers $token_Header)
$devicesNextLink = $devicesResponse."@odata.nextLink"
$devices += $devicesResponse.value
}
$devices
}
}
catch {
Write-Error $_.Exception
break
}
}
$session = New-CimSession
$serial = (Get-CimInstance -CimSession $session -Class Win32_BIOS).SerialNumber
$devDetail = (Get-CimInstance -CimSession $session -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'")
$hash = $devDetail.DeviceHardwareData
$ap = Add-AutopilotImportedDevice -serialNumber $serial -hardwareIdentifier $hash
$device = Get-AutopilotImportedDevice | Where-Object {$_.serialNumber -eq "$($serial)"}
Write-Host "$($device.serialNumber): $($device.state.deviceImportStatus) $($device.state.deviceErrorCode) $($device.state.deviceErrorName)"