AutoPilotGroupTagger is a PowerShell based utility that allows for bulk update and management of Windows Autopilot Device Group Tags, or unblocking of Autopilot devices, for those who are either retrospectively updating Autopilot devices or otherwise.
This script has been recognised as part of the MEM Official Community Tools and was carefully reviewed by a panel of industry experts.
This solution was evaluated based on technical value, originality, usefulness, and impact on the Endpoint Management ecosystem.
AutopilotGroupTagger is currently in Public Preview, meaning that although the it is functional, you may encounter issues or bugs with the script.
Tip
If you do encounter bugs, want to contribute, submit feedback or suggestions, please create an issue.
- π Option to create Dynamic Groups based on new Group Tags
- β Option to run in whatIf mode to simulate Group Tag or Dynamic Group changes
Once authenticated select one of the options to start updating Group Tags to your Autopilot devices:
- π₯ Update all Windows Autopilot devices with a new Group Tag
- β Update Windows Autopilot devices with an empty Group Tag with a new Group Tag
- π· Update Windows Autopilot devices with specific existing Group Tags with a new Group Tag
- π’ Update specific manufacturers of Windows Autopilot devices with a new Group Tag
- π Update specific models of Windows Autopilot devices with a new Group Tag
- π° Update Windows Autopilot devices with specific Purchase Orders with a new Group Tag
- β Update specific interactively selected Windows Autopilot devices with a new Group Tag
- π Export Windows Autopilot Device data, and selectively update multiple devices with new Group Tags
- π Remove existing Group Tags across all scenarios
Also options to unblock Autopilot devices:
- π₯ Unblock all Windows Autopilot devices
- β Unblock all blocked Windows Autopilot devices
- π’ Unblock specific manufacturers of Windows Autopilot devices
- π Unblock specific models of Windows Autopilot devices
Note
Before the Group Tags are assigned or removed, or the groups created, you are prompted whether you want to continue.
Important
- Supports PowerShell 7 on Windows and macOS
Microsoft.Graph.Authenticationmodule should be installed, the script will detect and install if required.Microsoft.PowerShell.ConsoleGuiToolsmodule should be installed, the script will detect and install if required.- Entra ID App Registration with appropriate Graph Scopes or using Interactive Sign-In with a privileged account
- v0.7.0
- Updated to allow for re-running of the script
- Bug fixes and UI improvements
- v0.6.0
- New functionality to allow for unblocking of Autopilot devices
- v0.5.0
- Allows for removal of Group Tags on Autopilot devices
- Option to create Dynamic Entra ID groups based on the Group Tags
- Support for PowerShell 7 on macOS and Windows replacing
Out-GridViewwithOut-ConsoleGridViewas part of theMicrosoft.PowerShell.ConsoleGuiToolsmodule - Allow for reselection of Group Tags, device makes and models, and purchase orders
- v0.4.0
- Now supports PowerShell 5
- v0.3.0
- Improved logic around Autopilot device selection options
- v0.2.0
- Included functionality to update group tags based on Purchase order
- v0.1.0
- Initial release
Install the script from the PowerShell Gallery
Install-Script -Name AutopilotGroupTaggerRunning the script without any parameters for interactive authentication:
.\AutopilotGroupTagger.ps1OR
Run the script with the your Entra ID Tenant ID passed to the tenantID parameter:
.\AutopilotGroupTagger.ps1 -tenantID '437e8ffb-3030-469a-99da-e5b527908099'
OR
Create an Entra ID App Registration with the following Graph API Application permissions:
Group.ReadWrite.AllDeviceManagementServiceConfig.ReadWrite.AllDevice.Read.AllDeviceManagementManagedDevices.Read.All
Create an App Secret for the App Registration to be used when running the script.
Then run the script with the corresponding Entra ID Tenant ID, AppId and AppSecret passed to the parameters:
.\AutopilotGroupTagger.ps1 -tenantID '437e8ffb-3030-469a-99da-e5b527908099' -appId '799ebcfa-ca81-4e63-baaf-a35123164d78' -appSecret 'g708Q~uot4xo9dU_1TjGQIuUr0UyBHNZmY2mdcy6'If you want the script to create dynamic groups based on the new Group Tags provided, include the switch parameter createGroups:
.\AutopilotGroupTagger.ps1 -createGroups -groupPrefix 'AGT-Autopilot-'This will allow for groups to be created with a prefix of AGT-Autopilot- followed by the Group Tag you specify, only if a group with the same name does not already exist.
If you want the script to just simulate the update of Group Tags use the whatIf parameter:
.\AutopilotGroupTagger.ps1 -whatIfNote
This whatIf parameter will allow the simulation of the update of Group Tags, all other prompts will remain the same.
Demo coming at some point, maybe.
Demo coming at some point, maybe.
Demo coming at some point, maybe.
Demo coming at some point, maybe.
Demo coming at some point, maybe.
If you encounter any issues or have questions:
- Check the Issues page
- Open a new issue if needed
- π Submit Feedback
- π Report Bugs
- π‘ Request Features
Thank you for your support.
This project is licensed under the MIT License - see the LICENSE file for details.
Created by Nick Benton of odds+endpoints