How to upload Windows 10 Hardware Hash in Microsoft Endpoint Manager (Intune) without setting up device – OOBE

I have recently been working on a Project where we couldn’t get Autopilot Device Hardware Hash CSV file from supplier on time. This post is useful if you are using a VM and Testing your MEM/Intune Configuration or just uploading Hardware Hash of few devices. This is a manual process. My Advice to you is, speak to your client at initial stages and ask them to speak to their suppliers to supply Autopilot Information for all Windows 10 Devices they will be ordering. For a few Test device, wasting time to get Hardware Hash and upload them to Microsoft Endpoint Manager is boring but doable. For devices in Lot, this will become a painful experience for your IT Team.

To execute this steps you must have Intune Administrator or Policy and Profile Manager rights or create a Custom Autopilot Manager role by using RBAC (Role based Access Control) in Azure AD. Autopilot device management only requires that you enable all permissions under Enrollment programs, with the exception of the four token management options. I will cover RBAC in a later post.

During the OOBE you also can initiate the hardware hash upload by launching a command prompt (Shift+F10 at the sign in prompt), and using the following commands;

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
PowerShell.exe -ExecutionPolicy Bypass
Install-Script -name Get-WindowsAutopilotInfo -Force
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Get-WindowsAutopilotInfo -Online

At this point you will be prompted to sign in, an account with the Intune Administrator role is sufficient, and the device hash will then be uploaded automatically. Upon confirmation of the uploaded device hash details, run a sync in the Microsoft Endpoint Manager Admin Center and wait for your new device to appear. Once the device is shown in your device list, and an autopilot profile is assigned, restarting the device will result in OOBE running through Windows Autopilot provisioning process.

Note: On first run you will be prompted to approve the required app registration permissions.

Happy Autopiloting….

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.