During an engagement at a customer there was a demand of having all computers in Endpoint Manager/Intune renamed to a naming standard including the two character ISO country code from the device owner followed by the serial number of the device. This was solved by using Graph API in a Powershell script running in an Azure Runbook.
The mission is to have all Windows devices in Microsoft Endpoint Manager follow a specified naming standard giving the device a unique name consisting of a country code and the device serial - ie: NO-132435465768. The solution must address existing and new devices.
The challenge with this design is related to compiling a device name consisting of the country code found at the user owning the device and the serial found on the device it self. I have found examples online for renaming endpoints, but these did not get hold of the country codes from the user to use as part of the new device name. Some of these examples include:
- Using OMAURI as explained by Carson Cloud
- Using part of UPN in proactive remediations as explained by Matt Setchell
- Using part of UPN in a script as explained by Maurice Daly
New devices - autopilot profiles
|Menu used for selecting country code when getting the hardware hash code|
Existing devices - renaming with script
The script has a hash table with current countries. The script will recure the country list selecting all users belonging to each country and further on list each device belonging to those users. Attributes from the user gives access to information about the country, while attributes from the device gives information about the serial number. The script takes into account the maximum length of 15 characters for computer names. This gives the fundaments for renaming the computer to the given naming standard. A rename will be initiated if the existing computer name differs from the standard.
Azure App Registration
The script authenticates through an Azure App Registration which has the following Microsoft Graph API application permissions:
|Encrypted variables stored in the runbook|
The runbook does have most of the modules loaded already, except for the Microsoft.Graph.Authentication module which has to be added from the Gallery.
Verify the results
When running the script, all outputs can be found in the logs, and all renamed computers are logged as warnings:
|Feedback from the script with renamed computers found as warnings|
This is reflected on the device in the Microsoft Endpoint Manager:
|Device waiting to be renamed|
As with other renaming requests in Microsoft Endpoint Manager, it requires the device to reboot before all registers (AzureAD, Intune, AutoPilot, Device) are up to date.
|Device rename confirmed in the portal|
This routine will effectively and automatically rename devices on a given schedule as long as the app secret is valid. The script can be altered to mix and match variables from user and device in order to create the corresponding device name for your naming convention. You can for example use information from the user like department, company, region, postalcode as a part of the computername.
No extra charge for the mistakes - solution shared as it is - use it at your own risk.
Thanks for reading - please share and comment.