Windows Autopilot transforms device provisioning from a multi-hour imaging process into a zero-touch deployment experience. When you combine it with PowerShell automation, you can register hardware hashes, assign profiles, and track enrollment status entirely from the command line — ideal for bulk deployments or vendor-shipped devices.
Prerequisites
Install the WindowsAutopilotIntune and Microsoft.Graph.Intune modules. You will also need an Entra ID app registration with DeviceManagementServiceConfig.ReadWrite.All permissions.
Install-Module WindowsAutopilotIntune -Scope CurrentUser
Install-Module Microsoft.Graph.Intune -Scope CurrentUser
Connect-MSGraphCapturing the Hardware Hash
On each device you want to enroll, run the following script to extract the hardware hash and export it as a CSV that you can import into Intune.
$serial = (Get-WmiObject -Class Win32_BIOS).SerialNumber
$hash = (Get-WmiObject -Namespace root/cimv2/mdm/dmmap `
-Class MDM_DevDetail_Ext01 -Filter "InstanceID=Ext").DeviceHardwareData
[PSCustomObject]@{
"Device Serial Number" = $serial
"Windows Product ID" = ""
"Hardware Hash" = $hash
} | Export-Csv "AutopilotHash-$serial.csv" -NoTypeInformationImporting Devices into Intune
Once you have collected hashes from all devices, import them in bulk using the Autopilot module.
$csvPath = "C:\Autopilot\devices.csv"
$devices = Import-AutopilotCSV -csvFile $csvPath
Write-Host "Imported $($devices.Count) devices"Assigning an Autopilot Profile
Assign a deployment profile to the imported devices so they receive the correct Out-of-Box-Experience settings on first boot.
$profileId = Get-AutopilotProfile | Where-Object {$_.displayName -eq "Corporate Standard"} | Select-Object -ExpandProperty id
$deviceIds = Get-AutopilotDevice | Select-Object -ExpandProperty id
Set-AutopilotProfileAssignment -profileId $profileId -deviceIds $deviceIdsMonitoring Enrollment Status
Check enrollment progress with a simple polling loop so you know exactly when devices are ready for end users.
do {
$pending = Get-AutopilotDevice | Where-Object {$_.enrollmentState -ne "enrolled"}
Write-Host "$(Get-Date -Format HH:mm) - Pending: $($pending.Count)"
Start-Sleep -Seconds 60
} while ($pending.Count -gt 0)
Write-Host "All devices enrolled!"Summary
Scripting Windows Autopilot with PowerShell eliminates the manual steps of hash collection, CSV import, and profile assignment. For large-scale rollouts, wrap this into a GitHub Actions workflow triggered when new hardware serial numbers are added to a repository — giving you a fully auditable, zero-touch provisioning pipeline.
