Skip to content
/ DeviceChassisInfo Public

Automatically create and manage Microsoft Entra groups based on the device chassis type. This will allow policies to be assigned to the chassis groups in Microsoft Intune. Additionally, this management is done proactively via a remediation deployed on the computer.

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mchave3/DeviceChassisInfo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Remediation
Remediation
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Setup_Intune_DeviceChassisInfo.ps1
Setup_Intune_DeviceChassisInfo.ps1
 
 

Repository files navigation

How to Use

This guide provides detailed instructions on how to utilize the Microsoft Intune Chassis Type script. Whether you prefer an automated setup or a more hands-on, manual configuration, this guide covers both options.

Prerequisites

Before you begin, ensure that the following prerequisites are in place:

  • PowerShell 5 or higher installed on your machine
  • Microsoft Entra account with administrative permissions
  • App registration on Microsoft Entra

Create an App Registration

  1. Navigate to Microsoft Entra Portal -> App registrations

  2. Click on "New registration" and enter the following information:

    • Name: The name of this application
    • Supported account types: Accounts in this organizational directory only

  3. Create a client secret:

    • On the side menu, go to "Certificates & secrets" -> "Client secrets" -> "New client secret"

  4. Assign API permissions:

    • On the side menu, go to "API permissions" -> "Add a permission" and enter the following permissions:

      • DeviceManagementConfiguration.ReadWrite.All
      • DeviceManagementManagedDevices.ReadWrite.All
      • Group.ReadWrite.All

    • Then, click on "Grant admin consent for (your tenant)"

Option 1 - Automatic tenant configuration

This option automatically configures your Microsoft Tenant comprehensively. The provided script handles tasks such as creating Microsoft Entra Groups, Microsoft Intune device categories, and uploading proactive remediation.

Step 1: Download the Script

To get started, download the Setup_Intune_DeviceChassisInfo.ps1 script from the GitHub repository.

Step 2: Configure Script Parameters

Open Setup_Intune_DeviceChassisInfo.ps1 in a text editor and modify the following parameters:

$global:tenantID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$global:clientID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$global:clientsecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Step 3: Execute the Script

Ensure that you execute this script with administrative privileges.

Option 2 - Manual tenant configuration

This option provides a more hands-on approach, allowing you to manually set up your Microsoft Azure environment.

Step 1: Create Microsoft Entra Groups

  1. Navigate to Microsoft Entra -> Groups

  2. Select "New group" and provide the following details:

    • Group type: Security
    • Name: Clients - ChassisType - Laptops
    • Description: The description of the group
    • Membership type: Dynamic Device
    • Dynamic device members -> Add dynamic query: (Rule builder or Rule syntax)
      • Rule builder:
        • Property: deviceCategory
        • Operator: Equals
        • Value: Laptop
      • Rule syntax: (device.deviceCategory -eq "Laptop")

  3. Repeat this process for each group you intend to create:

    • Desktop
    • Laptop
    • Tablet
    • Unknown Device
    • Virtual Machine

Step 2: Create Microsoft Intune Device Categories

  1. Navigate to Microsoft Intune -> Devices -> Device categories

  2. Click on “Create device category” and enter the following information:

    • Name: Laptop
    • Description: This device category is used for all laptops.

  3. Repeat this step for each device category:

    • Desktop
    • Laptop
    • Tablet
    • Unknown Device
    • Virtual Machine

Step 3: Download Detection & Remediation Scripts

  1. To get started, download the detection & remediation script from the GitHub repository.

  2. Open DeviceChassisInfo_Detection.ps1 & DeviceChassisInfo_Remediation.ps1 in a text editor and modify the following parameters:

    $global:tenantID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$global:clientID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$global:clientsecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Step 4: Create and Assign Proactive Remediation Scripts

  1. Navigate to Microsoft Intune -> Devices -> Remediations

  2. Click on “Create script package” and enter the following information:

    • Name: Specify the name of the script package
    • Description: Provide a description for the script package
    • Publisher: Indicate the publisher of the script package
    • Detection script file: Specify the PowerShell script that checks the device condition
    • Remediation script file: Specify the PowerShell script that resolves the device condition
    • Run this script using the logged-on credentials: No
    • Enforce script signature check: No
    • Run script in 64 bit PowerShell: No

  3. Proceed to “Next” and choose the groups to which you want to assign the script package.

  4. Continue to “Next” and configure the script schedule.

  5. Conclude by selecting “Create” to complete the process.

Contact

If you have any questions or issues with this script, feel free to contact me:

I appreciate your feedback and am ready to assist with any issues you may encounter.

About

Automatically create and manage Microsoft Entra groups based on the device chassis type. This will allow policies to be assigned to the chassis groups in Microsoft Intune. Additionally, this management is done proactively via a remediation deployed on the computer.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages