Skip to main content

Autopilot Device Management and Bulk Renaming with Microsoft Graph API

Audience: IT Administrators, Endpoint Engineers
Assumed knowledge: Windows Autopilot, Microsoft Intune, PowerShell scripting, Microsoft Graph API concepts.
Scope: This guide covers the end-to-end lifecycle of harvesting Autopilot hashes, managing metadata, and renaming devices programmatically. It applies to lab and shared device environments.

TL;DR
  • Harvest: Collect HWIDs and Group Tags locally via PowerShell.
  • Consolidate: Centralize CSV data on a secure network share.
  • Rename: Use the WindowsAutoPilotIntune module and Graph API to apply naming conventions in bulk.
  • Standardize: Adhere to the {Unit}_{Type}_{Identifier} naming convention for Group Tags.

Background & context

This procedure (ITAP) standardizes the collection of device metadata and streamlines the bulk renaming of Autopilot devices. By leveraging the Microsoft Graph API, administrators can ensure data accuracy, reduce manual entry errors, and automate the management of lab and shared devices during deployments and resets.

Prerequisites

RequirementMinimum / versionNotes
Role / PermissionsIntune AdministratorRequired for Autopilot profile management and device renaming.
PowerShell ModuleMicrosoft.GraphRequired for API connectivity.
PowerShell ModuleWindowsAutoPilotIntuneRequired for specific Autopilot resource manipulation.
ScriptGet-WindowsAutopilotInfoUsed for local HWID harvesting.
Network StorageSMB ShareA central repository for aggregating CSV files (e.g., \\CLASS-192...).
Environment assumptions
  • Devices have internet access to reach Microsoft Graph endpoints.
  • Tls12 is enabled for secure PowerShell connections.
  • The administrator has write access to the designated network shares.

Procedure / Implementation

This process is divided into three logical phases: Collection, Consolidation, and Execution.

Phase 1: Hardware ID (HWID) Collection

|
Step 1 – Gather Autopilot Hardware IDs

This script collects the Hardware Hash and serial number, assigns a Group Tag, and exports the data to a local CSV.

  1. Open PowerShell as Administrator.
  2. Update the $groupTag variable in the script below to match your deployment (see Naming Schemes).
  3. Run the following script:
Collect-HWID.ps1
# Ensure Tls12 is used for secure connections
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Create the HWID directory if it doesn't exist
New-Item -Type Directory -Path "C:\HWID" -Force
Set-Location -Path "C:\HWID"

# Install the Get-WindowsAutopilotInfo script if it's not already installed
Install-Script -Name Get-WindowsAutopilotInfo -Force

# Retrieve the serial number of the device
$serialNumber = (Get-WmiObject -Class Win32_Bios).SerialNumber

# Specify the group tag (Update this value)
$groupTag = "CLBA_USER_LAB123"

# Specify the output file path
$outputFile = "C:\HWID\AutopilotInfo_${serialNumber}.csv"

# Run the Get-WindowsAutopilotInfo cmdlet
Get-WindowsAutopilotInfo -OutputFile $outputFile -GroupTag $groupTag

Write-Host "Autopilot information has been saved to: $outputFile"
Step 2 – Transfer files to Network Share

Move the locally generated CSV files to a central repository.

Transfer-HWID.ps1
# Define paths
$sourceFolder = "C:\HWID"
# Update destination to your actual share path
$destinationFolder = "\\CLASS-192.mbs.tamu.edu\hash-store\SWS"

# Copy files
Get-ChildItem -Path $sourceFolder -Filter "*.csv" | ForEach-Object {
    Copy-Item -Path $_.FullName -Destination $destinationFolder -Force
    Write-Host "Copied $($_.Name) to $destinationFolder"
}
Step 3 – Combine into Single Hash File

Merge all individual CSV files into a single CombinedHashes.csv for upload.

Merge-Hashes.ps1
Param(
    [String]$HashFilesPath = "\\CLASS-192.mbs.tamu.edu\hash-store\SWS"
)

# Consolidate CSV files
Get-ChildItem -Path $HashFilesPath -Filter *.csv |
    Import-Csv |
    Export-Csv -Path "$HashFilesPath\CombinedHashes.csv" -NoTypeInformation -Force
Step 4 – Upload to Intune
  1. Log in to Microsoft Intune Admin Center.
  2. Navigate to Devices > Windows > Windows Enrollment > Devices.
  3. Click Import.
  4. Upload the CombinedHashes.csv generated in Step 3.
  5. Wait for the import to complete (this may take up to 15 minutes).
  6. Ensure the devices are assigned the correct Deployment Profile.

Phase 2: Device Info Collection

|
Step 5 – Export Device Info (Serial & NetBIOS)

To rename devices accurately, we need to map the Serial Number to the current Computer Name (NetBIOS).

Export-DeviceInfo.ps1
# Get NetBIOS name and serial number
$computerName = $env:COMPUTERNAME
$serialNumber = (Get-WmiObject -Class Win32_Bios).SerialNumber

# Export to CSV
$outputFile = "C:\HWID\DeviceInfo_${computerName}.csv"
[PSCustomObject]@{serialNumber = $serialNumber; ComputerName = $computerName} |
    Export-Csv -Path $outputFile -NoTypeInformation -Force
Step 6 – Transfer Device Info to Share

Send the device info CSVs to the central location.

Transfer-DeviceInfo.ps1
$sourceDirectory = "C:\HWID"
$destinationPath = "\\CLASS-192.mbs.tamu.edu\hash-store\SWS\deviceinfo"

Get-ChildItem -Path $sourceDirectory -Filter "DeviceInfo*.csv" | ForEach-Object {
    Copy-Item -Path $_.FullName -Destination $destinationPath -Force
    Write-Host "Copied $($_.Name) to $destinationPath"
}
Step 7 – Consolidate Device Info Files

Merge all DeviceInfo CSVs into a single master file for the renaming script.

Security Note

Avoid using public web-based CSV merger tools for internal asset data. Use the PowerShell method below.

Option A: PowerShell (Recommended)

Consolidate-DeviceInfo.ps1
$deviceInfoPath = "\\CLASS-192.mbs.tamu.edu\hash-store\SWS\deviceinfo"
$outputFile = "$deviceInfoPath\ConsolidatedDeviceInfo.csv"

Get-ChildItem -Path $deviceInfoPath -Filter "DeviceInfo*.csv" | 
    Import-Csv | 
    Export-Csv -Path $outputFile -NoTypeInformation -Force

Write-Host "Consolidated file created at $outputFile"

Option B: Manual Merge

  1. Navigate to the network share.
  2. Use Excel or a trusted CSV tool to combine files.
  3. Ensure columns serialNumber and ComputerName are present.
  4. Save as ConsolidatedDeviceInfo.csv.

Phase 3: Execution (Rename & Verify)

|
Step 8 – Bulk Rename via Graph API

This script reads the consolidated CSV and applies the new name to the Autopilot object in the cloud.

  1. Ensure you have the ConsolidatedDeviceInfo.csv file path ready.
  2. Run the following script:
Bulk-Rename-Autopilot.ps1
# Install the WindowsAutoPilotIntune module if not already installed
Install-Module -Name WindowsAutoPilotIntune -Force
Import-Module WindowsAutoPilotIntune

# Connect to Microsoft Graph
Connect-MgGraph

# Prompt the user for the CSV file path
$csvFilePath = Read-Host "Please enter the full path to your CSV file (e.g., C:\HWID\ConsolidatedDeviceInfo.csv)"

# Check if the file exists
if (-Not (Test-Path -Path $csvFilePath)) {
    Write-Host "File not found. Check path." -ForegroundColor Red
    exit
}

$devicesToRename = Import-Csv -Path $csvFilePath

# Organizational naming conventions
$namingSchemePrefix = "CLBA"
$departmentCode = "USER"

foreach ($device in $devicesToRename) {
    $serialNumber = $device.serialNumber
    $netBIOS = "${namingSchemePrefix}_${departmentCode}_${device.ComputerName}"

    try {
        # Get the Autopilot device ID based on the serial number
        $id = (Get-AutopilotDevice -serial $serialNumber).id

        if ($id) {
            Write-Host "Renaming device: $serialNumber to $netBIOS"
            Set-AutopilotDevice -id $id -displayName $netBIOS
            Write-Host "Success: $serialNumber -> $netBIOS" -ForegroundColor Green
        } else {
            Write-Host "Device with serial $serialNumber not found in Autopilot." -ForegroundColor Yellow
        }
    } catch {
        Write-Host "Error renaming serial: $serialNumber" -ForegroundColor Red
    }
}
Step 9 – Verification

Verify the Group Tag and Device Name have been applied correctly.

Verify-Device.ps1
# Install/Import SDK
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "DeviceManagementServiceConfig.Read.All", "DeviceManagementManagedDevices.Read.All"

$serialNumber = "YOUR_DEVICE_SERIAL_NUMBER"

# Get device info
$device = Get-MgDeviceManagementManagedDevice -Filter "serialNumber eq '$serialNumber'"

if ($device) {
    Write-Host "Device Name: $($device.DeviceName)" -ForegroundColor Green
    Write-Host "Group Tag: $($device.GroupTag)"
    Write-Host "Azure AD ID: $($device.AzureADDeviceId)"
} else {
    Write-Host "Device not found." -ForegroundColor Red
}

Best Practices & Recommendations

Naming Schemes

Adopting a structured naming convention ensures easy identification and simplifies policy application.

Format: {Unit FAMIS Code}_{Denotation}_{Identifier}

ComponentDescriptionExample
Unit CodeFAMIS code representing the unit.CLBA, CLVM
DenotationUser type or Department.ACCT, USER, SHARED, LAB
IdentifierRoom number or User name.LAB449, VIDAL

Examples:

  • CLBA_ACCT_LAB449
  • CLVM_SHARED_PRE

Intune Integration

Group tags are the "glue" for automation. They allow you to:

  • Assign Deployment Profiles dynamically.
  • Map specific Experience Scope Groups (ESGs) to User/Device groups.
  • Segment lab devices from staff devices automatically.

Troubleshooting & Known Issues

  • "File not found" in Step 8: Ensure you are pointing to the full path of the ConsolidatedDeviceInfo.csv and that your user account has read permissions to that share.
  • Authentication Errors: If Connect-MgGraph fails, ensure you are not behind a conditional access policy blocking PowerShell, and that you have consented to the required scopes.
  • Import Delays: After uploading hashes in Step 4, it is normal for the process to take 10-15 minutes. Do not attempt to rename a device until it appears in the Autopilot list.

References & FAQs

Change history

DateAuthorSummary of change
2024-12-11Chris NotzonInitial creation
2024-12-11Anthony GuevaraAdded bulk renaming scripts