Hi again

If you are following some posts here. You probably need to understand the process behind uploading/importing device hash into Windows Autopilot Devices

  1. Brand New Device or existing device being added to your tenant (autopilot)
  2. IT personnel import device hash to Windows Autopilot devices and Autopilot the device
  3. IT OPS gets notifications on a Teams Channel and also in SharePoint List
  4. The device is ready for the end user

In order to do this we had to do the following:

  1. Register an Azure AD application => this post check this PDF 📝
  2. Define the authentication method for the PowerShell script to run silently
    1. secret – 📢 Post is coming
    2. certificate – 📢 Post is coming
  3. Create the PPKG using Windows Configuration Designer and a great thanks to Justin Trantham for the amazing video about it https://youtu.be/9stSXeKMyyU
  4. Standardize PPKG based on Device Location (LocationID)
  5. Ask IT personnel to initiate OOBE with Shift + F10, Launch MS Edge and download from our repository and run the PPKG file

Never forget to configure API permissions properly always using the least privilege concept.

To add the permission

  1. click + Add permission name
  2. select Microsoft Graph
  3. select Application permissions
  4. Search for device
  5. expand “DeviceManagementServiceConfig (1)”
  6. select “DeviceManagementServiceConfig.ReadWrite.All”
  7. click “add permissions” and follow the wizard
  8. close all screens when finished

  1. when you’re finished (back to the main Api permission screen)
  2. click on “yes, add other granted permissions to configured permissions” if that shows up – in general when you already have other permissions assigned.
  3. click save and continue to finish

Cheers,

Thiago Beier
Toronto.