Autopilot App Registration
David Segura and Mike Marable
This process will create an Azure Active Directory App Registration which you can then use with Get-WindowsAutopilotInfo to Autopilot register a device
Quickstart: Register an app in the Microsoft identity platform
docsmsft
I originally discovered this solution from MSP Automator
Automated AutoPilot Enrollment Using Powershell and NinjaRMM
Automating Chaos

Get-WindowsAutoPilotInfo Snippet

Use the following snippets as an example of how to PowerShell register a device using Get-WindowsAutoPilotInfo and an App Registration
1
$TenantId = ''
2
$AppId = ''
3
$AppSecret = ''
4
$GroupTag = ''
5
Get-WindowsAutoPilotInfo -Online -TenantId $TenantId -AppId $AppId -AppSecret $AppSecret -GroupTag $GroupTag
Copied!

Splatting

1
$AutopilotParams = @{
2
Online = $true
3
TenantId = ''
4
AppId = ''
5
AppSecret = ''
6
GroupTag = 'YourGroupTag'
7
}
8
Get-WindowsAutoPilotInfo @AutopilotParams
Copied!

Create an App Registration

Start by creating an App Registration in Azure Active Directory for Single Tenant. The name really doesn't matter, but be descriptive

API Permissions

The following API permission need to be set to allow Autopilot Registration with Get-WindowsAutopilotInfo. You will need to Grant admin consent for your App Registration

Manifest

It's much easier to edit the requiredResourceAccess configuration in the App Registration Manifest by copying what I have here
1
"requiredResourceAccess": [
2
{
3
"resourceAppId": "00000003-0000-0000-c000-000000000000",
4
"resourceAccess": [
5
{
6
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
7
"type": "Scope"
8
},
9
{
10
"id": "243333ab-4d21-40cb-a475-36241daa0842",
11
"type": "Role"
12
},
13
{
14
"id": "5ac13192-7ace-4fcf-b828-1a26f28068ee",
15
"type": "Role"
16
}
17
]
18
}
19
],
Copied!

Certificates & secrets

Create a new Client secret and copy the Value

PowerShell Script

Gather your Application ID, and Tenant ID. Those will be used as values to pass to Get-WindowsAutopilotInfo

Get-WindowsAutoPilotInfo

With all the proper values in place, you can compose a PowerShell script to register an Autopilot Device. This example has a GroupTag of Enterprise
1
$AutopilotParams = @{
2
Online = $true
3
TenantId = 'xxxxxxxx-f4bd-4048-b6cd-42db00a0bf3a'
4
AppId = 'xxxxxxxx-fb7f-4470-a55e-ef1e7a0fa7ea'
5
AppSecret = 'xxxxx~JQRdzKEM3_KP.ooFnk5pkeBcLDj2m..'
6
GroupTag = 'Enterprise'
7
Assign = $true
8
}
9
Get-WindowsAutoPilotInfo @AutopilotParams
Copied!

Key Vault

You can convert the PowerShell script to an Azure Key Vault Secret by copying the script to the Clipboard (yes, I know the screenshot needs to be updated), and yes you will have to create the KeyVault separately.
1
Set-CloudSecret -VaultName mmsmoa -Name AutopilotJoinApp -Clipboard
Copied!

OOBE

You can now register a device in Autopilot with the following command if you have a KeyVault set
1
#OSD Module using Device Code Flow
2
Invoke-CloudSecret mmsmoa AutopilotJoinApp
3
4
#No OSD Module
5
Install-Module Az.KeyVault -Force
6
Connect-AzAccount
7
Invoke-Expression (Get-AzKeyVaultSecret -VaultName mmsmoa -Name AutopilotJoinApp -AsPlainText)
Copied!

Sponsor

OSDeploy is sponsored by Recast Software and their Systems Management Tools
Home
Recast Software
Sponsored by Recast Software