IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined

Parameters

Parameter Attribute DataType Description Allowed Values
HybridAzureADJoinSkipConnectivityCheck Write Boolean The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE.
Description Write String Description of the profile
DeviceNameTemplate Write String The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.
DeviceType Write String The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. windowsPc, surfaceHub2, holoLens, surfaceHub2S, virtualMachine, unknownFutureValue
DisplayName Key String Name of the profile
EnableWhiteGlove Write Boolean Enable Autopilot White Glove for the profile.
EnrollmentStatusScreenSettings Write MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings Enrollment status screen setting
ExtractHardwareHash Write Boolean HardwareHash Extraction for the profile
Language Write String Language configured on the device
ManagementServiceAppId Write String AzureAD management app ID used during client device-based enrollment discovery
OutOfBoxExperienceSettings Write MSFT_MicrosoftGraphoutOfBoxExperienceSettings Out of box experience setting
Id Write String The unique identifier for an entity. Read-only.
Assignments Write MSFT_DeviceManagementConfigurationPolicyAssignments[] Represents the assignment to the Intune policy.
Ensure Write String Present ensures the policy exists, absent ensures it is removed. Present, Absent
Credential Write PSCredential Credentials of the Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

MSFT_DeviceManagementConfigurationPolicyAssignments

Parameters

Parameter Attribute DataType Description Allowed Values
dataType Write String The type of the target assignment. #microsoft.graph.groupAssignmentTarget, #microsoft.graph.allLicensedUsersAssignmentTarget, #microsoft.graph.allDevicesAssignmentTarget, #microsoft.graph.exclusionGroupAssignmentTarget, #microsoft.graph.configurationManagerCollectionAssignmentTarget
deviceAndAppManagementAssignmentFilterType Write String The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. none, include, exclude
deviceAndAppManagementAssignmentFilterId Write String The Id of the filter for the target assignment.
groupId Write String The group Id that is the target of the assignment.
groupDisplayName Write String The group Display Name that is the target of the assignment.
collectionId Write String The collection Id that is the target of the assignment.(ConfigMgr)

MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings

Parameters

Parameter Attribute DataType Description Allowed Values
AllowDeviceUseBeforeProfileAndAppInstallComplete Write Boolean Allow or block user to use device before profile and app installation complete
AllowDeviceUseOnInstallFailure Write Boolean Allow the user to continue using the device on installation failure
AllowLogCollectionOnInstallFailure Write Boolean Allow or block log collection on installation failure
BlockDeviceSetupRetryByUser Write Boolean Allow the user to retry the setup on installation failure
CustomErrorMessage Write String Set custom error message to show upon installation failure
HideInstallationProgress Write Boolean Show or hide installation progress to user
InstallProgressTimeoutInMinutes Write UInt32 Set installation progress timeout in minutes

MSFT_MicrosoftGraphOutOfBoxExperienceSettings

Parameters

Parameter Attribute DataType Description Allowed Values
DeviceUsageType Write String AAD join authentication type. Possible values are: singleUser, shared. singleUser, shared
HideEscapeLink Write Boolean If set to true, then the user can't start over with different account, on company sign-in
HideEULA Write Boolean Show or hide EULA to user
HidePrivacySettings Write Boolean Show or hide privacy settings to user
SkipKeyboardSelectionPage Write Boolean If set, then skip the keyboard selection page if Language and Region are set
UserType Write String Type of user. Possible values are: administrator, standard. administrator, standard

Description

Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • Group.Read.All, DeviceManagementServiceConfig.Read.All
  • Update

    • Group.Read.All, DeviceManagementServiceConfig.ReadWrite.All

Application permissions

  • Read

    • Group.Read.All, DeviceManagementServiceConfig.Read.All
  • Update

    • Group.Read.All, DeviceManagementServiceConfig.ReadWrite.All

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
        {
            Assignments                            = @();
            Description                            = "";
            DeviceNameTemplate                     = "";
            DeviceType                             = "windowsPc";
            DisplayName                            = "hybrid";
            EnableWhiteGlove                       = $True;
            Ensure                                 = "Present";
            ExtractHardwareHash                    = $False;
            HybridAzureADJoinSkipConnectivityCheck = $True;
            Language                               = "os-default";
            OutOfBoxExperienceSettings             = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{
                HideEULA = $True
                HideEscapeLink = $True
                HidePrivacySettings = $True
                DeviceUsageType = 'singleUser'
                SkipKeyboardSelectionPage = $False
                UserType = 'standard'
            };
            ApplicationId         = $ApplicationId;
            TenantId              = $TenantId;
            CertificateThumbprint = $CertificateThumbprint;
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
        {
            Assignments                            = @();
            Description                            = "";
            DeviceNameTemplate                     = "";
            DeviceType                             = "windowsPc";
            DisplayName                            = "hybrid";
            EnableWhiteGlove                       = $False; # Updated Property
            Ensure                                 = "Present";
            ExtractHardwareHash                    = $False;
            HybridAzureADJoinSkipConnectivityCheck = $True;
            Language                               = "os-default";
            OutOfBoxExperienceSettings             = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{
                HideEULA = $True
                HideEscapeLink = $True
                HidePrivacySettings = $True
                DeviceUsageType = 'singleUser'
                SkipKeyboardSelectionPage = $False
                UserType = 'standard'
            };
            ApplicationId         = $ApplicationId;
            TenantId              = $TenantId;
            CertificateThumbprint = $CertificateThumbprint;
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
        {
            DisplayName                            = "hybrid";
            Ensure                                 = "Absent";
            ApplicationId         = $ApplicationId;
            TenantId              = $TenantId;
            CertificateThumbprint = $CertificateThumbprint;
        }
    }
}