What is a hardware hash and how do I get it from a device?

In this article I would like to describe the steps from reading the Autopilot hardware hash of a Windows client to importing it into Microsoft Intune.

To do this, we use the key combination SHIFT (+FN) + F10 in the Windows OOBE to start a CMD. There we first switch to a Windows PowerShell session by entering powershell:

In the PowerShell session we now change the execution policy because we will install and run a script from the PowerShell Gallery:

The command for this is:

Set-ExecutionPolicy Unrestricted

Immediately afterwards we install the script for reading and uploading the hardware hash:

Install-Script Get-WindowsAutopilotInfo

The script requires several confirmations for the installation, these must be confirmed with „y“.

Now that we have installed the script, we can use it to read the hardware hash and upload it directly to our Intune Tenant with a call parameter. To do this, we call the script with the following parameters:

#Upload without GroupTag
Get-WindowsAutoPilotInfo.ps1 -Online

#Upload with GroupTag
Get-WindowsAutoPilotInfo.ps1 -GroupTag MYGROUPTAG -Online

The group tag is required depending on the configuration, if the Intune Tenant only uses one autopilot profile you do not need a group tag, if you want to use different autopilot profiles, you can use group tags to map the automatic assignment.

After calling the script, some modules will be loaded and then you will see an Azure login mask.

Here you have to log in with an authorized Azure AD account to be able to upload the hardware hash. The upload takes 1-2 minutes and then the script reports the successful upload.

Now you have to wait 15-20 minutes for the hardware hash to replicate in the cloud and then the device can be restarted. A personalized tenant greeting should now appear on the screen and you can either initiate the pre-provisioning mode or the user-based rollout:

The hardware hash of the client is now imported and the client is bound to the Intune tenant.