Importing the hardware hash of each individual device to your Intune tenant can be a slightly tricky thing, especially for those who are new to Intune/Autopilot. Currently we have two common cloud-based options for doing this:
- Use the Powershell script Get-WindowsAutopilotInfo by Michael Niehaus to register hashes manually
- Your hardware supplier/OEM has the least-specific permission to upload hashes directly into your tenant (this is usually the case if you only have a special agreement or high demand of hardware)
So, during while my work with Intune I had to upload a lot of hashes with the script and always found the workflow a little unsatisfying/improvable. This is the reason why I have created uploadhardwarehashtotenant.
This script was made as an addition to "Get-WindowsAutoPilotInfo" for registering the individual hardware hash id from a device into a Microsoft 365 Intune tenant, for device enrollment to be super simple & reusable. It is not made to replace or have the same features as Get-WindowsAutoPilotInfo, instead just simplifying the workflow.
You can find the page with all already uploaded hashes under: https://endpoint.microsoft.com/ Devices > Enroll devices > Devices. Please make sure you have sufficient permissions to do this action.
How does the script work?
Well, intentionally it should relieve from some work and be optimized for mass-deployment. It uses a config file for better reuse and if none is found, you are automatically guided through to create one. (usually the first time) Everything is designed to be as simple as possible, so the workflow looks like this:
What does the script do?
So, the script has two main functions; uploadHardwareHashtoTenant which obviously uses Get-WindowsAutoPilotInfo with custom variables from what you have in your config file or enter manually. This will then start the script, which follows the usual flow with authorizing you in your tenant and uploading the hash.
querryUserforInformation is the second function that will querry you for information, concerning GroupTag, assignedUser and add(AAD)ToGroup, (these can be optionally left empty, if not needed) to be written into the config.txt file, which is stored in the same directory. In addition you will also have the possibility to use the latest Powershell Gallery scripts or going for a lightweight way by having the script available in the same directory, with no need for downloading it again every time.
Please feel free to leave me some feedback, or improvements you want to have. Everything is greatly appreciated. This is my first "real" script so I'm excited to hear what you think.
Special thanks to Joshua, for helping me out with scripting ;)