cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Jragnmark
Copper Contributor

‎Jan 04 2023 12:12 AM - edited ‎Jan 04 2023 04:16 AM

‎Jan 04 2023 12:12 AM - edited ‎Jan 04 2023 04:16 AM

PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Hello!

Quick info: Authenticating with a security Key in PowerShell keeps failing and I've been browsing the web for a way to upload AutoPilot HWID with Get-AutopilotInfo -Online with a FIDO2 key requirement without results.

 

Therefore I tried to exclude "Microsoft Intune Enrollment" in the FIDO2 conditional access policy but I was unable to get it to work. Is "Microsoft Intune Enrollment" the correct App to exclude or should I look into excluding something else to bypass Security Key requirement?


2,276 Views
0 Likes
9 Replies
Reply
9 Replies
Krishnakumar_M

‎Jan 04 2023 01:49 AM

‎Jan 04 2023 01:49 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Hi,
Are you sure that you are using correct parameter switches.
Kindly refer this article:
https://learn.microsoft.com/en-us/managed-desktop/prepare/windows-autopilot-registration
0 Likes
Reply
Jragnmark

‎Jan 04 2023 02:57 AM

‎Jan 04 2023 02:57 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Hi,

Apologies for the bad description.
I use the -Online parameter to push it to Endpoint Manager, which propmts a sign in with credentials.
PowerShell does not handle Security Key as authentication method so well, therefore I want to exclude Endpoint Enrollment from the Conditional Access Policy so I can authenticate with text-message for this action.

0 Likes
Reply
Rudy_Ooms_MVP

‎Jan 04 2023 03:20 AM - edited ‎Jan 04 2023 03:20 AM

‎Jan 04 2023 03:20 AM - edited ‎Jan 04 2023 03:20 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Huh.. okay... so you are trying to upload the hwid to the autopilot service and you want to require a fido key to do so?
The Microsoft Intune Enrollment is used to enroll a device into intune... But as you are trying to exclude them from the ca policy, I assume uploading the hwid istn working....?

0 Likes
Reply
Jragnmark

‎Jan 04 2023 06:26 AM - edited ‎Jan 04 2023 06:27 AM

‎Jan 04 2023 06:26 AM - edited ‎Jan 04 2023 06:27 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

I cannot get past the authentication as it keeps prompting to authenticate with Security Key..
In powershell Security key as authentication method gets stuck and doesnt go through, hence the situation i would like to bypass the conditional access policy that's requiring the security key during device enrollments.

0 Likes
Reply
Rudy_Ooms_MVP

‎Jan 04 2023 06:29 AM

‎Jan 04 2023 06:29 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Did you try to create another global admin and log in with that user? Did you also tried uploading the hash from a different device (as example new installed VM) to find out if you get the same prompt
0 Likes
Reply
rahuljindal-MVP

‎Jan 04 2023 09:20 AM

‎Jan 04 2023 09:20 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

What is the end objective here? Using FIDO for uploading of hashid or uploading hash no matter what? Can only suggest the next steps after you confirm.
0 Likes
Reply
Jragnmark

‎Jan 05 2023 01:37 AM

‎Jan 05 2023 01:37 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

The objective is to use FIDO as authentication for everything, EXCEPT for uploading hashid.

0 Likes
Reply
rahuljindal-MVP

‎Jan 05 2023 01:55 PM - edited ‎Jan 09 2023 09:38 AM

‎Jan 05 2023 01:55 PM - edited ‎Jan 09 2023 09:38 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

Then consider using a dedicated account not setup for FIDO for the purpose of uploading the hashids when using -online parameter. I am not sure of how your CA policies are setup, but excluding the Intune enrolment apps is not recommended from a security standpoint.

1 Like
Reply
Jragnmark

‎Jan 09 2023 06:16 AM

‎Jan 09 2023 06:16 AM

Re: PowerShell Get-AutopilotInfo -Online with FIDO2 key requirement

That's the thought I have as well.
0 Likes
Reply