Skip to main content

Import enrollment devices via Graph API

Prerequisites: Graph API authorization header and the serial number & hardware identifier from the device. To read out the information such as serial number and hardware identifier from the device you can use the Get-WindowsAutopilotInfo tool provided by Microsoft.

To import devices directly via Graph API you can send a body to an API endpoint that contains the serial number and the hardware identifier.

Use case

To make an automation which imports devices automatically into Intune enrollment devices you can create an Azure Function that will then import the device id automatically to Intune without any user interaction or permission management. This action will be performed in the context of an app registration.

PowerShell script

This PowerShell script needs the GroupTag which should be set on the device. This value must be provided in clear text. In addition, the serial number must also be passed to the API as a string and the hardware ID as a binary.

$GroupTag = "<yourgrouptag>"
$SerialNumber = "<yourserialnumber>"
$HardwareIdentifier = "<yourcomputershashid>"

$Body = @"
{
  "groupTag": "$GroupTag",
  "serialNumber": "$SerialNumber",
  "hardwareIdentifier": "$HardwareIdentifier",
}
"@

$Response = Invoke-Restmethod -uri "https://graph.microsoft.com/v1.0/deviceManagement/importedWindowsAutopilotDeviceIdentities" -Method POST -Header $Header -Body $Body

Response: 201 Created

Corresponding Microsoft documentation

This documentation contains further information and optional values that can be transmitted to the following address so that the object can be enriched with more information.

Create importedWindowsAutopilotDeviceIdentity - Microsoft Graph v1.0 | Microsoft Learn

No Comments
Back to top