Register and Assign a Profile in Autopilot using Microsoft Intune
Manually setting up devices is the past thing now. With Microsoft Autopilot Register and Assign a Profile in Autopilot using Microsoft Intune, you can pre-configure and deploy devices right out of the box and saves time and effort. In this blog, I’ll walk you through how to register a device and assign an Autopilot profile using Microsoft Intune.
Key Terminologies
Microsoft Intune
Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) tool. With Intune you control how your organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. It is part of Microsoft's Enterprise Mobility + Security (EMS) suite. Intune integrates with Azure Active Directory (Azure AD) to control accessibility.
Autopilot
Windows Autopilot enables faster and easier Windows devices deployments. No need for IT department to re-install image and drivers to new device. Autopilot simplifies device life-cycle management from the IT-department and end-user point-of-view. It simplifies the out-of-box experience (OOBE) so that users can unbox and log in — and everything else is set up automatically via Intune. It contains benefits like zero-touch provisioning, automatic MDM enrolment.
Microsoft Entra ID (Formerly Azure Active Directory)
Microsoft Entra ID is an identity and access management service which allows organizations to control how users sign in, access apps, and interact with corporate resources. Devices get joined or hybrid joined to Entra ID in Autopilot context and sign in using Entra ID credentials.
Prerequisites
Before you hop in, ensure you have:
Intune license assigned
Global Admin or Intune Admin permissions
Devices are not already enrolled
.csv hardware hash for each device (for manual registration)
Windows 10/11 Pro, Enterprise, or Education versions are installed
Dynamic Group by Order ID
This walkthrough focuses on creating a dynamic device group using Order ID. When deploying Windows devices using Autopilot, organizing devices into dynamic groups can greatly streamline the assignment of deployment profiles, apps, and policies.
Step 1: Create a group and add dynamic membership rule.
Go to Intune Admin and create a group.
Navigate to: All services > Groups > + New group
Add dynamic membership rule.
Rule sample: dynamic membership rule is (device.devicePhysicalIds -any (_ -startswith "[OrderID]:DEMO2025"))
It makes sure that the device who has OrderID as DEMO2025 will register as Autopilot device and the profile will be automatically assigned.
See your group.
Note: If the windows system is in booting mode press Shift + F10. The command line will appear, open powershell from there.
Copy the following command.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
New-Item -Type Directory -Path "C:\HWID"
Set-Location -Path "C:\HWID"
$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutopilotInfo
Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv -GroupTag DEMO2025
Note our dynamic membership rule is (device.devicePhysicalIds -any (_ -startswith "[OrderID]:DEMO2025"))
So we need to make sure that we give GroupTag as DEMO2025.
We will get hardware hash after this. A hardware hash is a unique identifier that represents the physical hardware configuration of a Windows device.
Directly upload the hardware hash to an MDM service
On a device that is:
Currently undergoing Windows Setup and OOBE:
At the sign-in prompt after OOBE starts, open a command prompt window with the keystroke Shift+F10.
In the command prompt window that opens, start PowerShell by running the following command:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo -Force Get-WindowsAutopilotInfo -OnlineIf prompted to do so, agree to install NuGet from the PSGallery.
When the last command of
Get-WindowsAutopilotInfo -Onlineruns, a Microsoft Entra ID sign-on prompt is displayed. Sign in with an account that is at least an Intune Administrator.
This is without hardware hash.
This is from the hardware hash.
Next Step is to register a device to autopilot to make it autopilot device.
Registration of Device
Visit Intune Admin panel. Then,
/Device > Device onboarding > Enrollment > Windows Autopilot > Devices
Import the hardware hash.
Then press import. It will take some time to finish the import. After finishing the import, we can see our device in device list with our GroupID.
Registration process would complete after these steps. Now, it shows that the device is autopilot device.
Assigning Profile
Go to:
Device > Device onboarding > Enrollment > Windows Autopilot > Deployment Profiles
Then create profile > Windows PC
Write description and name
Add group which we have created dynamically with membership rule.
Since our group membership rule is
(device.devicePhysicalIds -any (_ -startswith "[OrderID]:DEMO2025"))
The profile will automatically assign because it matches with the Group tag. It will take some time to assign profile and it might give you pending status.
Profile assignment completes after this.
Assigning User
Create a user if you haven’t created yet. Then choose a device on which you want to assign user.
Save and user will be assigned to selected device.
Conclusion
In this guide, we have navigated the steps involved in registering a device as an Autopilot device and assigning it a profile through dynamic membership rules. This is an effective approach not only streamlines device provisioning but also ensures that each user receives the appropriate configuration effortlessly, eliminating the need for manual intervention. You can optimize the entire deployment process by utilizing dynamic membership rules. Whether you are deploying devices for an expanding team or overseeing a large organization, employing Autopilot with dynamic membership offers a more automated and scalable solution. With the right configuration, your devices will be prepared for use, minimizing administrative burdens and boosting user productivity from the outset.