Enroll Windows Device using PPKG

Hi everyone.

This post (PDF document) will cover all steps to create a provisioning package (PPKG) where a PowerShell is executed as part of its deployment and enroll a windows device into Intune Windows Autopilot device under Order Tag (empty) = Default.

In this scenario, all devices that are procured by Lenovo, Dell, HP, or Microsoft (Surfaces) get enrolled into your M365 tenant right away and receive their default assigned profile (empty).

In order to automate this full script I have in production the following:

  1. Azure AD Application using a secret or self-signed certificate (post coming soon)
  2. Powershell Script used to enroll the device
    1. This same script can be improved by adding the following functions:
      1. SendNotificationToTeams
      2. SendNotificaitonToSptList
  3. Additional files such as cmtrace.exe, a .ico file, PnPPowerShell.cer and PnPPowerShell.pfx are used as dependencies in a PPKG file ( another post coming soon )

This PPKG file is great to be used in the following scenarios:

  1. you have different Locations where its identification allows device management and user management through Security Groups where you import device autopilot hash by these Location codes that become their GroupTag in Windows Autopilot device and OrderID as device dynamic rule syntax also part of the post.
  2. you can also add several commands in the sequence where:
    1. command #1 would run powershell1.ps1 import device hash, this post, to WAD (windows autopilot devices) and create a registry key or control file
    2. command #2 would check either the registry key or control file to invoke powershell2.ps1 to send a notification to Teams Channel and also powershell3.ps1 to upload the hardware information from command #1 / powershell1.ps1 into a SharePoint List (post coming soon)
    3. command #3 would run powershell4.ps1 to upload logs to Azure Blob Storage per Device name or serial facilitating troubleshooting (no having to access the device remotely requiring Service Desk access to the Azube blog content where the logs sit. (post coming soon)


Thiago Beier
Toronto, ON