Azure Logic App – Import device to Autopilot
Windows Autopilot is a great service for setting up factory-new devices or resetting existing devices into either cloud-only device management with Intune or co-management with SCCM and Intune. There are several options for importing devices into Autopilot, depending on how the device is currently managed and how it’s meant to be managed after reset.
For example, a factory-new device can be imported by the vendor before it arrives at the customer, even including a “white glove” setup which pre-installs apps and pre-configures the device. If you want to autopilot an existing device in a co-managed setup, there are features in SCCM which can import the device automatically to Autopilot. However, if you want to go from onprem-only or co-managed to cloud-only, the most viable migration path is to setup the existing device so that it’s identical to a factory new device.
Setting up an existing device to appear factory-new is achieved by importing the device in Autopilot and installing stock Windows 10 on it. Importing can be done manually by collecting information with script or SCCM. Or it can be done automatically in a task sequence per device which also downloads stock Windows 10 and boots into OOBE.
Using aforementioned script in a task sequence is a viable option, but the script requires permissions to the Autopilot and Intune service, and those credentials would have to be included in the script somehow, and you wouldn’t want those credentials potentially leaked. An alternative is to create a Logic App; the Logic App could then be invoked from a script in the task sequence.
The Logic App expects to receive hash, serialnumber etc. from the consumer, and uses that information in an API call towards the importedWindowsAutopilotDeviceIdentity endpoint. You can optionally write information to an Azure Table, preferably with more information collected from the Task Sequence (computername, username etc.).
Writing information to an Azure Table provides statistics on number of devices imported, extended information on who ran the Task Sequence, old computer name etc. More importantly, it enables further automation. You can create additional Logic Apps querying the table for new Autopilot imports, and automate things like assigning appropriate license to the user, automatically add the new device to AAD groups based on previous device’s membership to AD groups etc.