Automating Autopilot Deployments via Dynamic Device Groups

This covers automating the process of assigning Autopilot deployment profiles, apps and policies to Intune devices.

SETTING UP YOUR ENDPOINT GROUPS

When importing devices into Endpoint Manager, you need to place the device in a group within Azure AD for it to pick up an Autopilot deployment profile then pick up any apps and policies you targeted towards that group after enrollment. 

If it's one or two devices, it's not much work importing the devices then manually adding them to the group but it isn't going to be fun adding 50+ devices to a group. Here's were dynamic device groups come in handy. You can build dynamic groups based on the Group Tag field of Autopilot Devices. 

When generating the hardware ID of a device, you can set the Group Tag at the same time. You can use this tag to automate which group it joins in Azure AD once you've imported them. The rule below is used to match devices with specific Group Tags. The property is "devicePhysicalIds" with the value being "[OrderID]:TAG" replacing TAG with your group tag.

In my example I have used "Marketing" as my Group Tag. This particular group may be for Marketing devices that gets Marketing specific policies and apps. I could have a second dynamic device group for a different department that has different software and policy requirements, using a different Group Tag for them.

This can simplify the build process of devices to just, gather the hardware IDs whilst setting a Group Tag at the same time, importing your CSV file and then going through the OOBE once they have all been imported and have an Autopilot deployment profile assigned.

ASSIGNING A GROUP TAG WHEN GATHERING THE HARDWARE ID

The PowerShell cmdlet to generate the hardware ID has a parameter of -GroupTag followed by a value for your Group Tag such as "Marketing". If you're doing multiple then also use the -Append parameter to append each individual device to the next row of the CSV.