WaitForOnboarding

1. # Script to track the process HYbrid Join, MDM enrollment, Defender for endpoint onboarding.
2. # [email protected]
3.  
4. $logfilepath="C:\Windows\Temp\DefenderOnboarding.log"
5. $OnboardingFolder = "C:\Windows\Onboarding" #used to set lock screen image by GPO
6.  
7. function WriteToLogFile ($message)
8. {
9. $message +" - "+ (Get-Date).ToString() >> $logfilepath
10. }
11.  
12. WriteToLogFile "Script started"
13. #Set powerplan to Ultra Performance. Keeps the machine from going to sleep
14. WriteToLogFile "Importing high Performance powerplan"
15. powercfg /import C:\Windows\Temp\High.pow 24c8a99f-711f-424b-1234-790c4168ed60
16. powercfg /s 24c8a99f-711f-424b-1234-790c4168ed60
17.  
18. WriteToLogFile "Waiting for Hybrid Join"
19. do {
20.     $AADInfo = Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo"
21.  
22.     $guids = $AADInfo.GetSubKeyNames()
23.     foreach ($guid in $guids) {
24.         $guidSubKey = $AADinfo.OpenSubKey($guid);
25.         $DeviceDisplayName = ($Null -ne $guidSubKey.GetValue("DeviceDisplayName"))
26.         Start-Sleep -Seconds 1
27.     }
28. } while ($DeviceDisplayName -ne "True")
29.     WriteToLogFile "Hybrid Joined"
30.  
31. WriteToLogFile "Retrigger Co-Management task"
32. Start-Sleep -Seconds 15
33. $instance = Get-WmiObject -Namespace root\ccm\dcm -Query "Select * from SMS_DesiredConfiguration WHERE DisplayName = 'CoMgmtSettingsProd'"
34. Invoke-CimMethod -Namespace root\ccm\dcm -ClassName SMS_DesiredConfiguration -MethodName TriggerEvaluation -Arguments @{“Name” = $instance.Name; “Version” = $instance.Version; “PolicyType” = $instance.PolicyType}
35.  
36. WriteToLogFile "Waiting for Intune enrollment"
37. do {
38.     $MDMEnrollment = $Null -ne (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Provisioning\OMADM\MDMDeviceID).DeviceClientID
39.     Start-Sleep -Seconds 1
40. } while ($MDMEnrollment -ne "True")
41.     WriteToLogFile "Enrolled in MDM"
42.  
43. WriteToLogFile "Waiting for Defender onboarding"
44. do {
45.     $MDEState = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status").onboardingstate -eq "1"
46.     Start-Sleep -Seconds 1
47. } while ($MDEState -ne "True")
48.     WriteToLogFile "Onboarded to Defender for endpoint"
49.  
50. WriteToLogFile "Waiting for VPN device profile"
51. do {
52.     $VPN = Get-VpnConnection -AllUserConnection -Name "AlwaysON VPN Device" -ErrorAction SilentlyContinue
53.     Start-Sleep -Seconds 10
54. } while ($VPN -eq $null)
55.     WriteToLogFile "VPN profile applied from Intune"
56.    
57. Remove-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization -Force
58.  
59. WriteToLogFile "Setting compnay recommended powerplan"
60. $powerplan = Get-WmiObject -Namespace root\cimv2\power -Class Win32_PowerPlan -Filter "ElementName = 'Company recommended'"
61. powercfg /setactive ([string]$powerplan.InstanceID).Replace("Microsoft:PowerPlan\{","").Replace("}","")
62.  
63. #Delete Ultimate powerplan
64. WriteToLogFile "Deleting imported performance powerplan"
65. powercfg /d 24c8a99f-711f-424b-1234-790c4168ed60
66.  
67. Remove-Item $OnboardingFolder
68. Unregister-ScheduledTask -TaskName waitforonboarding -Confirm:$false
69. WriteToLogFile "Done. Rebooting.."
70. Restart-Computer -Force