Forum Discussion

Jragnmark's avatar
Jragnmark
Copper Contributor
Jan 04, 2023

PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Hello! Quick info: Authenticating with a security Key in PowerShell keeps failing and I've been browsing the web for a way to upload AutoPilot HWID with Get-AutopilotInfo -Online with a FIDO2 key ...
Conditional Access
Intune
mobile device management (mdm)
Jragnmark's avatar
Jragnmark
Copper Contributor
Jan 05, 2023
The objective is to use FIDO as authentication for everything, EXCEPT for uploading hashid.

rahuljindal's avatar
rahuljindal
Bronze Contributor
Jan 05, 2023

Then consider using a dedicated account not setup for FIDO for the purpose of uploading the hashids when using -online parameter. I am not sure of how your CA policies are setup, but excluding the Intune enrolment apps is not recommended from a security standpoint.

  • Jragnmark's avatar
    Jragnmark
    Copper Contributor
    Jan 09, 2023
    That's the thought I have as well.
    • Saqib-s's avatar
      Saqib-s
      Copper Contributor
      Aug 15, 2024

      Jragnmark 

       

      you can use a PowerShell script to call a webhook with the various details and have a PowerShell runbook in a automation account in Azure run as a service principal with the relevant permission to add the autopilot device. 

       

      The user running the PowerShell on the device does not need any admin roles in entra 

       

      see here: 

      https://www.smthwentright.com/2022/04/25/uploading-autopilot-hardware-hashes-using-azure-automation/

       

      this is the solution we implemented. 

Resources