Adding devices to an Azure AD group after Windows Autopilot is complete – part 2

Posted on December 19, 2020 by ncbrady

Introduction

In part 1 you learned how to use Azure functions and a http trigger to add a device to an Azure Ad security group. In this part you’ll see how it all fits together on the client side after Autopilot is complete.

Step 1. Get the scripts

Download the client side scripts here. Please read the note before trying.

Note: To download the files here, please make sure you are logged on to this site otherwise you’ll get an error.

  • Download the following zip file at windows-noob.com: temp.zip

Step 2. Extract the files

Extract the files to C:\temp

Step 3. Edit AddDeviceToAzureAdGroup.ps1

Using Windows PowerShell ISE or notepad, open AddDeviceToAzureAdGroup.ps1, you need to edit the following two lines.

Replace $company with your own company name, and for $URL you will need to login to your Azure resource group created in part 1 and copy the HttpTrigger1 url by clicking on Get Function URL and copying the url as shown below.

 

Note: If you don’t do this properly then it won’t work !

Paste in the URL you copied from your HttpTrigger and append &deviceID= on the end as shown here.

Step 4. Encode the scripts

Open the EncodeScripts.ps1 script and run it. It will generate new encoded copies of the two scripts that will become embedded in the

Step 5. Edit AddDeviceToAzureAdGroup_CreateScheduledTask.ps1

Open AddDeviceToAzureAdGroup_CreateScheduledTask.ps1 and scroll down to the $Base64_1 line.

In notepad, open C:\temp\encoded1.txt, press CTRL+A and CTRL+C to copy everything in that file. Back in the PowerShell script, paste the copied content into the $Base64_1variable in between the “” as shown below.

repeat this exercise for the $Base64_2 variable but use the C:\temp\encoded2.txt file contents for that variable.

Note: You have to repeat this process any time you edit either of the following two scripts.

  • AddDeviceToAzureAdGroup.ps1
  • AddDeviceToAzureAdGroup.vbs

After my edits it looks like this, your encoded variables will most likely have different values.

Save the file.

Step 6. Add the PowerShell script to Intune

Create a new deployment to your Autopilot Users group using the  AddDeviceToAzureAdGroup_CreateScheduledTask.ps1 PowerShell script.

use the following settings

Deploy it to your Autopilot Users group

You can read the rest of this post at windows-noob.com here.

This entry was posted in AzureAD, httptrigger, Intune, Windows 10 AutoPilot. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.