API tools faq
paste
Advertisement
Guest User

new-AutopilotEnrollApp.ps1

a guest
Apr 11th, 2025
39
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 2.59 KB | None | 0 0
raw download clone embed print report
  1. # Install required modules if not present
  2. $requiredModules = @('Microsoft.Graph.Applications', 'Microsoft.Graph.Authentication')
  3. foreach ($module in $requiredModules) {
  4.     if (!(Get-Module -ListAvailable -Name $module)) {
  5.         Install-Module -Name $module -Force -AllowClobber -Scope CurrentUser
  6.     }
  7. }
  8.  
  9. # Import the modules
  10. Import-Module Microsoft.Graph.Applications
  11. Import-Module Microsoft.Graph.Authentication
  12.  
  13. # Connect to Microsoft Graph with required permissions
  14. Connect-MgGraph -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All"
  15.  
  16. # Get tenant ID
  17. $tenantId = (Get-MgContext).TenantId
  18.  
  19. # Create the application
  20. $appName = "Autopilot Device Registration App"
  21. $app = New-MgApplication -DisplayName $appName `
  22.     -RequiredResourceAccess @(
  23.         @{
  24.             ResourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph
  25.             ResourceAccess = @(
  26.                 @{
  27.                     Id = "0c5e8a55-87a6-4556-be89-624c6ded1964" # Read and write Microsoft Intune Autopilot device information
  28.                     Type = "Role"
  29.                 }
  30.             )
  31.         }
  32.     ) `
  33.     -SignInAudience "AzureADMyOrg"
  34.  
  35. # Create a client secret
  36. $endDateTime = (Get-Date).AddYears(2)
  37. $passwordCred = Add-MgApplicationPassword -ApplicationId $app.Id -PasswordCredential @{
  38.     DisplayName = "Autopilot Registration Secret"
  39.     EndDateTime = $endDateTime
  40. }
  41.  
  42. # Create the service principal
  43. $sp = New-MgServicePrincipal -AppId $app.AppId
  44.  
  45. # Output the details
  46. Write-Host "`nApplication created successfully!"
  47. Write-Host "Please make sure to grant admin consent for the API permissions in the Azure Portal"
  48. Write-Host "`nApplication Details:"
  49. Write-Host "Tenant ID: $tenantId"
  50. Write-Host "Application (Client) ID: $($app.AppId)"
  51. Write-Host "Client Secret: $($passwordCred.SecretText)"
  52.  
  53. # Update enroll.cmd with new credentials
  54. $enrollPath = Join-Path $PSScriptRoot "enroll.cmd"
  55. $enrollContent = Get-Content -Path $enrollPath -Raw
  56.  
  57. # Replace the credentials in enroll.cmd
  58. $enrollContent = $enrollContent -replace "'[^']*' # TenantId", "'$tenantId' # TenantId"
  59. $enrollContent = $enrollContent -replace "'[^']*' # AppId", "'$($app.AppId)' # AppId"
  60. $enrollContent = $enrollContent -replace "'[^']*' # AppSecret", "'$($passwordCred.SecretText)' # AppSecret"
  61.  
  62. Set-Content -Path $enrollPath -Value $enrollContent
  63.  
  64. Write-Host "`nUpdated enroll.cmd with new credentials"
  65. Write-Host "`nIMPORTANT: Go to Azure Portal -> Azure Active Directory -> App registrations -> $appName -> API permissions"
  66. Write-Host "Click on 'Grant admin consent' button to enable the permissions"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!