Autopilot-Manager icon indicating copy to clipboard operation
Autopilot-Manager copied to clipboard

Published 20 hours ago verified publisher icon okieselbach

Metadata

Autopilot Manager simplifies Windows Autopilot imports by using a small client program and an Azure app service.

Autopilot Manager (APM)

Autopilot Manager (APM) needs the Autopilot-Manager-Client to receive the Autopilot device provisioning information import request and showing the user a processing screen, similar to the Autopilot Pre-Provisioning scenario (former known as WhiteGlove). The app service queues and handles all the processing to import the device provisioning information into the tenant. It has an approval workflow built in via QR code or Approval helpdesk page. It uses the same logic like the Michael Niehaus Autopilot script Get-WindowsAutoPilotInfo. The process of the Get-WindowsAutoPilotInfo script is described in a blog post from Michael here: Importing a device hash directly into Intune

Read more about the solution and detailed installation instructions on my blog post here:

Prerequisites

The following prerequisites are necessary to get Autopilot-Manager to work:

  • Azure AD Application Registration Client-ID
  • Azure AD Application Registration Client-Secret
  • Azure AD group for Autopilot direct profile assignment
  • Azure AD group for general Autopilot-Manager access
  • Azure AD group for 'View-Imports' access (Job Histroy Viewer)
  • Azure AD group for 'Approve-Requests' access (Approver)

Deployment

The app service can be deployed via the Azure Resource Manager (ARM) template by using the following link:


Changelog

v1.7

  • fixed a logging bug (user identity was not always correctly logged)
  • added support for transparent headers to support Azure Front Door scenarios

v1.6

  • added support for Azure Functions, which gives extended functionality developed at business side. AppConfig:AutopilotManagerConfig:AzureFunctionsUrl set to your Azure Function URL (e.g. https://apm-functions-xxx.azurewebsites.net/api/)
    • A validation function (function name: 'validate') to be called for extended validation of the import request. Validation result will allow or block import AppConfig:AutopilotManagerConfig:UseValidationFunction set to true AppConfig:AutopilotManagerConfig:ValidationFunctionKey set to "your azure function key"
    • A GroupTag function (function name: 'grouptag') to receive a GroupTag for the given device AppConfig:AutopilotManagerConfig:UseGroupTagFunction set to true AppConfig:AutopilotManagerConfig:GroupTagFunctionKey set to "your azure function key"
    • An AutoApproval function (function name: 'autoapproval') to automatically approve requests after extended validation AppConfig:AutopilotManagerConfig:UseAutoApprovalFunction set to true AppConfig:AutopilotManagerConfig:AutoApprovalFunctionKey set to "your azure function key"

v1.5

  • added support for re-register of Autopilot devices. Existing Autopilot devices will be deleted upfront before upload of new Autopilot device information. Tun on ReRegister mode with AppConfig:AutopilotManagerConfig:UseReRegisterMode set to true Additional App registration permissions "DeviceManagementManagedDevices.ReadWrite.All" must be granted, same as for delete requests To preservce the purchase order identifier in case of re-register use AppConfig:AutopilotManagerConfig:PreservePurchaseOrderIdOnReRegister set to true
  • added support for writing Audit data to Log Analytics via data collector API use the following configurations to configure this AppConfig:AutopilotManagerConfig:UseLogAnalytics set to true AppConfig:AutopilotManagerConfig:LogAnalyticsWorkspaceId set to "your workspace GUID" AppConfig:AutopilotManagerConfig:LogAnalyticsSharedKey set to "your shared workspace key" AppConfig:AutopilotManagerConfig:LogAnalyticsReportHardwareHash set to true or false
  • added Homepage customization options AppConfig:AutopilotManagerConfig:HomepageHeadlineSentenceApprovalMode to e.g. "Please call the helpdesk (+49 180-12345678) for approval of device import." AppConfig:AutopilotManagerConfig:HomepageHeadlineSentenceNonApprovalMode to e.g. "Please scan the QR code to import the device." AppConfig:AutopilotManagerConfig:HomepageCompanyLogoImageUrl to an image url "https://company.com/image/comapnylogo.png"

v1.4

  • added deletion support in Approval Mode for Intune devices due to this latest change: https://docs.microsoft.com/en-us/mem/autopilot/troubleshoot-device-enrollment new client parameter -e can be used to invoke the delete request AppConfig:AutopilotManagerConfig:AllowDeletionInApprovalMode must be set to true Additional App registration permissions "DeviceManagementManagedDevices.ReadWrite.All" must be granted
  • Optionally you can display the Approval and History link now on the footer area of the main page AppConfig:AutopilotManagerConfig:ShowHomepageApprovalLink set to true AppConfig:AutopilotManagerConfig:ShowHomepageHistoryLink set to true

v1.3

  • added timeout configuration option AppConfig:AutopilotManagerConfig:Timeout must be set to integer in minute e.g. 120 minutes

v1.2

  • improved model/manufacturer parsing
  • improved AAD group membership addition

Metadata

46
Stars
4
Forks
Watchers

Owner

verified publisher icon okieselbach

Metadata

Autopilot Manager simplifies Windows Autopilot imports by using a small client program and an Azure app service.

Back