Recently I needed to change a couple of groupTags on existing Windows Autopilot devices. Because Windows Autopilot profiles have been assigned based on the groupTag. Of course I could have done this with the portal (check out the devicemanagement.microsoft.com portal if not done yet!) but I am definitely an automation fan when I need to do repetitive work.
Portal view and property mapping
In the Intune portal the Group Tag field on an Autopilot device maps to the Azure AD device property “OrderID”.
Dynamic Azure AD Groups to assign Autopilot profiles to devices can be built with the following membership rule:
(device.devicePhysicalIds -any _ -eq "[OrderID]:mOSD")
The “Order Identifier” field on an Autopilot device maps to the Azure AD device property “PurchaseOrderId”.
Dynamic Azure AD Groups to assign Autopilot profiles to devices can be built with the following membership rule:
(device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:1234")
PowerShell script to update groupTags
The following script updates the groupTag of one or multiple selected Autopilot devices. Selection is done with a PowerShell GridView.
Please note:
- the Intune-PowerShell-SDK module is required
- Order identifiers currently cannot be modified with Microsoft Graph
The script could be extended to update additional properties of existing autopilot devices. Simply declare the required property and their values in the ForEach-Object loop.
Happy Windows Autopilot-ing 🐱💻.