Forum Discussion
PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement
Hello! Quick info: Authenticating with a security Key in PowerShell keeps failing and I've been browsing the web for a way to upload AutoPilot HWID with Get-AutopilotInfo -Online with a FIDO2 key ...
What is the end objective here? Using FIDO for uploading of hashid or uploading hash no matter what? Can only suggest the next steps after you confirm.
The objective is to use FIDO as authentication for everything, EXCEPT for uploading hashid.
Then consider using a dedicated account not setup for FIDO for the purpose of uploading the hashids when using -online parameter. I am not sure of how your CA policies are setup, but excluding the Intune enrolment apps is not recommended from a security standpoint.
- That's the thought I have as well.
you can use a PowerShell script to call a webhook with the various details and have a PowerShell runbook in a automation account in Azure run as a service principal with the relevant permission to add the autopilot device.
The user running the PowerShell on the device does not need any admin roles in entra
see here:
https://www.smthwentright.com/2022/04/25/uploading-autopilot-hardware-hashes-using-azure-automation/
this is the solution we implemented.
