Giters

okieselbach / Autopilot-Manager

Autopilot Manager simplifies Windows Autopilot imports by using a small client program and an Azure app service.

Home Page:https://oliverkieselbach.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

autopilot-managerautopilotwindows-desktopazure

Autopilot Manager (APM)

Autopilot Manager (APM) needs the Autopilot-Manager-Client to receive the Autopilot device provisioning information import request and showing the user a processing screen, similar to the Autopilot Pre-Provisioning scenario (former known as WhiteGlove). The app service queues and handles all the processing to import the device provisioning information into the tenant. It has an approval workflow built in via QR code or Approval helpdesk page. It uses the same logic like the Michael Niehaus Autopilot script Get-WindowsAutoPilotInfo. The process of the Get-WindowsAutoPilotInfo script is described in a blog post from Michael here: Importing a device hash directly into Intune

Read more about the solution and detailed installation instructions on my blog post here:

Prerequisites

The following prerequisites are necessary to get Autopilot-Manager to work:

  • Azure AD Application Registration Client-ID
  • Azure AD Application Registration Client-Secret
  • Azure AD group for Autopilot direct profile assignment
  • Azure AD group for general Autopilot-Manager access
  • Azure AD group for 'View-Imports' access (Job Histroy Viewer)
  • Azure AD group for 'Approve-Requests' access (Approver)

Deployment

The app service can be deployed via the Azure Resource Manager (ARM) template by using the following link:


Changelog

v1.7

  • fixed a logging bug (user identity was not always correctly logged)
  • added support for transparent headers to support Azure Front Door scenarios

v1.6

  • added support for Azure Functions, which gives extended functionality developed at business side.
    AppConfig:AutopilotManagerConfig:AzureFunctionsUrl set to your Azure Function URL (e.g. https://apm-functions-xxx.azurewebsites.net/api/)
    • A validation function (function name: 'validate') to be called for extended validation of the import request. Validation result will allow or block import
      AppConfig:AutopilotManagerConfig:UseValidationFunction set to true
      AppConfig:AutopilotManagerConfig:ValidationFunctionKey set to "your azure function key"
    • A GroupTag function (function name: 'grouptag') to receive a GroupTag for the given device
      AppConfig:AutopilotManagerConfig:UseGroupTagFunction set to true
      AppConfig:AutopilotManagerConfig:GroupTagFunctionKey set to "your azure function key"
    • An AutoApproval function (function name: 'autoapproval') to automatically approve requests after extended validation
      AppConfig:AutopilotManagerConfig:UseAutoApprovalFunction set to true
      AppConfig:AutopilotManagerConfig:AutoApprovalFunctionKey set to "your azure function key"

v1.5

  • added support for re-register of Autopilot devices. Existing Autopilot devices will be deleted upfront before upload of new Autopilot device information.
    Tun on ReRegister mode with
    AppConfig:AutopilotManagerConfig:UseReRegisterMode set to true
    Additional App registration permissions "DeviceManagementManagedDevices.ReadWrite.All" must be granted, same as for delete requests
    To preservce the purchase order identifier in case of re-register use
    AppConfig:AutopilotManagerConfig:PreservePurchaseOrderIdOnReRegister set to true
  • added support for writing Audit data to Log Analytics via data collector API
    use the following configurations to configure this
    AppConfig:AutopilotManagerConfig:UseLogAnalytics set to true
    AppConfig:AutopilotManagerConfig:LogAnalyticsWorkspaceId set to "your workspace GUID"
    AppConfig:AutopilotManagerConfig:LogAnalyticsSharedKey set to "your shared workspace key"
    AppConfig:AutopilotManagerConfig:LogAnalyticsReportHardwareHash set to true or false
  • added Homepage customization options
    AppConfig:AutopilotManagerConfig:HomepageHeadlineSentenceApprovalMode to e.g. "Please call the helpdesk (+49 180-12345678) for approval of device import."
    AppConfig:AutopilotManagerConfig:HomepageHeadlineSentenceNonApprovalMode to e.g. "Please scan the QR code to import the device."
    AppConfig:AutopilotManagerConfig:HomepageCompanyLogoImageUrl to an image url "https://company.com/image/comapnylogo.png"

v1.4

  • added deletion support in Approval Mode for Intune devices due to this latest change:
    https://docs.microsoft.com/en-us/mem/autopilot/troubleshoot-device-enrollment
    new client parameter -e can be used to invoke the delete request
    AppConfig:AutopilotManagerConfig:AllowDeletionInApprovalMode must be set to true
    Additional App registration permissions "DeviceManagementManagedDevices.ReadWrite.All" must be granted
  • Optionally you can display the Approval and History link now on the footer area of the main page
    AppConfig:AutopilotManagerConfig:ShowHomepageApprovalLink set to true
    AppConfig:AutopilotManagerConfig:ShowHomepageHistoryLink set to true

v1.3

  • added timeout configuration option
    AppConfig:AutopilotManagerConfig:Timeout must be set to integer in minute e.g. 120 minutes

v1.2

  • improved model/manufacturer parsing
  • improved AAD group membership addition

About

Autopilot Manager simplifies Windows Autopilot imports by using a small client program and an Azure app service.

https://oliverkieselbach.com

autopilot-managerautopilotwindows-desktopazure