If you played with the new Autopilot V2 Autopilot device preparation profiles in Intune, you pretty fast noticed there is no “registration” with a hardware hash or similar is needed, and it just works with all devices. If you want to limit it, to only allow corporate owned devices using enrollment restrictions, you can now create corporate identifiers for windows devices just like you could do for iOS or Android in the past.
The official way to create these corporate identifiers is to create a csv file containing the Manufacturer, Model and Serial Number (reminds of the tuple partners could use for Autopilot registration). While I would recommend “outsource” the creation of these identifiers to the OEMs / your partners, I know this is not possible in every situation. So I decided to create a small Power App, similar to the one I made for Autopilot registration a while ago: Autopilot Companion, that makes the creation of the corporate identifiers easy.
Power App
For your technicians, the App looks like this. It allows you to search if a corporate identifier is available:
To create a new Identifier, you can switch to “Add new Device”, select the Manufacturer and Model for a predefined list and type in (or scan) the Serial Number:
Click on “Save Changes” and you will see the new identifier available:
Intune
In Intune, you will see the newly created identifiers as well:
Once the device has enrolled with the Autopilot device preparation profile:
You will also see that the corporate identifier was detected and used:
Power App
To create the Power App, we need to Import it in “make.powerapps.com”:
Select the exported zip file from my GitHub: Autopilot-Companion/PowerApp/AutopilotCompanionv2_20240728112155.zip at main · mmeierm/Autopilot-Companion (github.com)
And import it:
Once successfully imported you can open the app:
Add Manufacturers or Models to the App.
In the opened App, we can go to Data and select the “Inventories” Dataverse tables:
Add your model / manufacturer:
And publish the App:
Entra App registration
To actually create the identifiers, we need an Entra App registration to allow access to Graph API. Let’s start in Entra ID to create a new App registration:
Give it a name:
From the overview page, we will need the Tenant and client id:
Next, we need to assign it the needed API permissions: (DeviceManagementServiceConfig.ReadWrite.All)
And Grant Admin consent:
Now we can finally create the app secret, that we will need for our Power Automate Flow:
Copy the Value, as you can’t view it later.
Power Automate
In “https://make.powerautomate.com” we can now edit our two new flows, that were imported together with the Power App.
Select the first Flow and edit the HTTP step to match our newly created Entra App registration
Once you saved the flow, make sure to turn it on:
Next, do the same with the “Upload new Identifier” step in the “Set-CorporateIdentifiers-Windows” Flow:
And again, make sure to turn it on:
Power App
Now we can test the Power App:
Allow the connection to “Office 365 Users” to allow the App to show your profile.
If everything worked well, you should be able to search for existing identifiers and create new ones from within the Power App.
Conclusion
While I would always recommend to hand over tasks like this to your OEMs / partners, I know this can be challenging. With this Power App we at least have a nearly zero touch experience, since we can find the Serial Number of most systems on the box, so no need to unpack it for the user 🙂
Leave a Reply