Contents
Introduction
In large enterprises with a global presence, IT administrators often face the challenge of managing Windows Autopilot deployment profiles across different regions. These deployment profiles often have different device naming convention, Language or target Organizational Unit (Hybrid Join Deployements) requiring separate Autopilot profiles with unique configuration settings.
This usually requires a lot of manual work when setting up a new Windows Autopilot profiles and configurations
To solve this problem, I developed a set of PowerShell functions that:
β
Create new Autopilot profiles via Graph API
β
Assign them to region-specific dynamic groups
By leveraging these functions, IT admins can easily generate multiple Autopilot profiles and assign them to the appropriate groups on the fly. Additionally, this process can be fully automated by reading configurations from a CSV file, enabling mass profile creation with minimal effort.
The Challenge: Managing Autopilot Profiles in a Global Organization
In a global enterprise, different regions may follow unique device naming conventions and deployment settings. For example:
| Region | Device Naming Convention | Deployment Mode | Language (Locale) | Join Type |
|---|---|---|---|---|
| North America | NA-XXXXX | User-driven | en-US | Hybrid |
| Germany | GR-XXXXX | Self-deploying | de-DE | AzureAD |
| Japan | APAC-XXXXX | User-driven | ja-JP | AzureAD |
| Brazil | LATAM-XXXXX | Self-deploying | pt-BR | AzureAD |
Since Autopilot profiles cannot be dynamically assigned to devices based on naming patterns within Intune, IT admins must create multiple deployment profiles and assign them to separate dynamic groups based on device attributes.
Doing this manually is time-consuming and error-proneβthis is where automation comes in.
Automating Autopilot Profiles with PowerShell Graph API
Manually configuring Autopilot deployment profiles via Microsoft Intune can be time-consuming, especially when managing multiple profiles for different device types (Windows, HoloLens, etc.), deployment modes (Hybrid, Azure AD Join, Self-deploying, etc.), and language settings.
To automate this process, I created the New-AutopilotDeploymentProfile function, which allows admins to define all necessary parameters within PowerShell.
Creating an Autopilot Profile Using PowerShell
The New-AutopilotDeploymentProfile function enables the creation of customized Autopilot deployment profiles by specifying parameters such as:
- Display name β Profile name for identification
- Deployment mode β User-driven, self-deploying
- Join type β Hybrid Azure AD Join or Azure AD Join
- Language locale β Default language setting or a specific Locale
- Device type β Windows PC or HoloLens
Example 1: Create a Hybrid Joined Deployment Profile for Windows PC
|
1 2 3 4 5 6 7 8 9 |
New-AutopilotDeploymentProfile -DisplayName "Test from Code2" ` -Description "This is a test profile from code" ` -JoinToEntraIDAs "Hybrid" ` -DeploymentMode "UserDriven" ` -LanguageLocale "en-US" ` -ProfileType windowsPc ` -AllowPreprovisionedDeployment $true |
π‘ What This Does:
- Creates a Hybrid Azure AD joined Autopilot deployment profile for Windows PCs
- Configures the language locale as English (US)
- Enables pre-provisioning (formerly known as white-glove) for faster deployment
Example 2: Create an Azure AD Joined Deployment Profile for HoloLens
|
1 2 3 4 5 6 7 8 9 10 11 |
New-AutopilotDeploymentProfile -DisplayName "Test from Code" ` -Description "This is a test profile from code" ` -LanguageLocale "en-US" ` -ProfileType Hololens ` -DeploymentMode SelfDeploying ` -JoinToEntraIDAs azureAD ` -HideLicenseTerms $false ` -HidePrivacySettings $false ` -ApplyDeviceNameTemplate "HOLO%SERIAL%" |
π‘ What This Does:
- Creates a Self-Deploying Autopilot profile for HoloLens devices
- Ensures devices automatically join Azure AD
- Uses a device naming convention (HOLO%SERIAL%) to match organizational standards
- Keeps the license terms and privacy settings visible in the Out-of-Box Experience (OOBE)
Example 3: Create an Azure AD Joined Deployment Profile for Windows PCs
|
1 2 3 4 5 6 7 8 9 10 |
New-AutopilotDeploymentProfile -DisplayName "AzureAD joined profile" ` -Description "This is a test profile from code" ` -LanguageLocale "de-CH" ` -ProfileType windowsPc ` -ConvertAllTargetedDevicesToAutopilot $false ` -DeploymentMode UserDriven ` -AllowPreprovisionedDeployment $true ` -JoinToEntraIDAs azureAD |
π‘ What This Does:
- Creates a User-driven Autopilot profile for Windows PCs
- Configures devices to join Azure AD
- Sets the default language locale to Swiss German (de-CH)
- Pre-provisioning is enabled to allow IT teams to pre-configure devices before user assignment
Assigning Autopilot Profiles to Dynamic Groups
Once an Autopilot deployment profile is created, it must be assigned to a device group to ensure the correct devices receive the right profile.
To automate this process, I created the Set-AutopilotDeploymentProfileAssignment function, which allows admins to:
β
Assign an Autopilot profile to multiple groups
β
Exclude specific groups from receiving the profile
β
Automate assignments across regions and deployment types
Example: Assigning an Autopilot Profile to Multiple Groups
|
1 2 3 4 5 |
Set-AutopilotDeploymentProfileAssignment -ProfileName "MyProfile" ` -IncludedGroupNames "Group1", "Group2" ` -ExcludedGroupNames "Group3" |
π‘ What This Does:
- Assigns the Autopilot profile “MyProfile” to Group1 and Group2
- Excludes Group3 from receiving this profile
This approach ensures that only the correct regional or department-based groups get the right deployment profile.
Scaling Automation: Creating Multiple Profiles from a CSV
For organizations that manage multiple Autopilot profiles, manually running these commands for each profile is inefficient. Instead, you can read all profile configurations from a CSV file and automate bulk creation.
CSV Example: Profiles.csv
| DisplayName | DeploymentMode | JoinToEntraIDAs | LanguageLocale | ProfileType | ApplyDeviceNameTemplate | AllowPreprovisionedDeployment | IncludedGroups | ExcludedGroups |
| North America Profile | UserDriven | azureAD | en-US | windowsPc | NA-%SERIAL% | TRUE | Autopilot-NA | None |
| Europe Profile | SelfDeploying | azureAD | en-GB | windowsPc | EU-%SERIAL% | FALSE | Autopilot-EU | TestGroup |
| APAC Profile | UserDriven | Hybrid | en-US | windowsPc | APAC-%SERIAL% | TRUE | Autopilot-APAC | None |
PowerShell Script to Automate Everything
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# Import AutopilotProfileFunctions.ps1 . "\AutopilotProfileFunctions.ps1" #check if the relevant modules are installed and if not install them $modules = @("Microsoft.Graph.authentication","Microsoft.Graph.Beta.DeviceManagement.Enrollment") foreach ($module in $modules) { if (-not(Get-Module -Name $module -ListAvailable)) { Install-Module -Name $module -Force -AllowClobber } import-module $module -Force } # Connect to MgGraph Connect-MgGraph -Scopes "DeviceManagementServiceConfig.ReadWrite.All" # Import the CSV file $profiles = Import-Csv "Profiles.csv" foreach ($profile in $profiles) { # Create Autopilot profile New-AutopilotDeploymentProfile -DisplayName $profile.DisplayName ` -DeploymentMode $profile.DeploymentMode ` -JoinToEntraIDAs $profile.JoinToEntraIDAs ` -LanguageLocale $profile.LanguageLocale ` -ProfileType $profile.ProfileType ` -ApplyDeviceNameTemplate $profile.ApplyDeviceNameTemplate ` -AllowPreprovisionedDeployment ([bool]::Parse($profile.AllowPreprovisionedDeployment)) # Assign profile to groups Set-AutopilotDeploymentProfileAssignment -ProfileName $profile.DisplayName ` -IncludedGroupNames $profile.IncludedGroups ` -ExcludedGroupNames $profile.ExcludedGroups } Write-Host "All Autopilot profiles and assignments have been successfully created!" |
π‘ What This Does:
- Reads all profile settings from a CSV file
- Loops through each row and creates the corresponding Autopilot profile
- Automatically assigns the profile to the correct dynamic group
Why Automate Autopilot Profiles Using PowerShell?
π Save Time β Create and assign dozens of profiles in minutes instead of manually configuring each one in Intune.
π Ensure Consistency β Prevent misconfigurations by applying standardized settings across all profiles.
π Enable Scalability β Easily support regional device naming conventions without manual intervention.
π Improve Efficiency β Integrate with DevOps pipelines for a seamless Infrastructure as Code (IaC) approach.
Final Thoughts
By automating Autopilot profile creation and assignments using PowerShell and the Graph API, IT administrators can simplify deployment management at scale. Whether deploying Windows PCs, HoloLens devices, or managing hybrid join scenarios, this approach ensures faster, error-free deployments.
π₯ Get started today! Download the script from GitHub and start automating your Autopilot management!
π¬ Have questions or feedback? Letβs discuss in the comments! π
Thank you very much for creating this π