Comprehensive Strategies to Obtain a Hardware Hash for Microsoft 365

Windows Autopilot is available with certain Microsoft 365 plans and allows IT administrators to automatically set up and configure new endpoint devices and reset and repurpose existing devices. To register and manage a device in Autopilot, you need to have its hardware hash. 

What is a hardware hash and how does it work?

A hardware hash, also known as a hardware ID, is a unique identifier assigned to every hardware device. Microsoft 365 uses hardware hash to verify a device’s identity when registering it with Windows Autopilot.

The hardware hash is generated based on specific hardware components unique to a device, such as the motherboard, CPU and BIOS. 

Why manually register devices with Windows Autopilot?

Some manufacturers and distributors generate a hash and register devices for the buyer. However, there are still reasons why you should know how to manually register devices with Windows Autopilot.

• Your device is from a manufacturer or reseller that doesn’t automatically register devices with Autopilot, it’s a virtual machine or it’s a legacy device that wasn’t automatically registered.
• You want to control the enrollment process and make sure only authorized devices are registered to maintain the security of your organization’s devices.
• You want to customize the configuration settings applied to each device during the deployment process.
• You want to track and manage IT assets using the information from manually obtaining hardware hashes. 

4 ways to get a hardware ID from devices

Use one of these four methods to capture the hardware hash or hardware ID from your device. 

1. Get a Hardware Hash through Microsoft Configuration Manager

IT administrators use Microsoft Configuration Manager to manage and deploy software, updates and settings across the devices on a network. It also lets you obtain the hardware hash for devices with these steps:

1. Launch the Configuration Manager console and navigate to the “Assets and Compliance” workspace.
2. Select Devices and choose the device you want to obtain the hardware hash for.
3. Right-click on the device and select Properties.
4. In the device properties window, navigate to the Hardware Inventory tab.
5. Click on Set Classes and enable the SMS_G_System_WINDOWS_AUTOPILOT_DEVICE class.
6. Click on OK to save the changes.
7. Initiate a hardware inventory cycle on the device.
8. Once the inventory cycle is complete, the hardware hash will be available in the Configuration Manager database.

2. Get a Hardware Hash during Windows OOBE

Windows OOBE (Out of Box Experience) is the initial setup process that users go through when setting up a new Windows device. During OOBE on a Windows 11 device, you can use the Windows Autopilot Diagnostics Page to obtain the hardware hash.

During OOBE, press Ctrl-Shift-D to open the Diagnostics Page. Here, you’ll find logs that include a CSV with the hardware hash that you can export to a removable drive.

3. Get a Hardware Hash using Windows PowerShell

Use Windows Management Instrumentation (WMI) and a PowerShell script to obtain the hardware hash for a Windows device. You can download the Get-WindowsAutopilotInfo.ps1 script from the PowerShell Gallery and run it on each device or install the script directly from the PowerShell Gallery.

Install the script directly on the device by typing these commands in a Windows PowerShell prompt:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

New-Item -Type Directory -Path “C:\HWID”

Set-Location -Path “C:\HWID”

$env:Path += “;C:\Program Files\WindowsPowerShell\Scripts”

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Install-Script -Name Get-WindowsAutopilotInfo

Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv

While Windows OOBE runs, open a command prompt, run the PowerShell command then type use the following commands:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

PowerShell.exe -ExecutionPolicy Bypass

Install-Script -name Get-WindowsAutopilotInfo -Force

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Get-WindowsAutopilotInfo -Online

Sign in when prompted, then sync with the Microsoft Intune admin center by selecting Devices, Windows, Windows enrollment, Devices (under Windows Autopilot Deployment Program), Sync.

After the device appears in the device list, you can restart it to make OOBE initiate the Windows Autopilot provisioning process. When prompted, approve the required app registration permissions.

4. Get a Hardware Hash through Windows desktop hash export

The desktop hash export utility lets you capture hardware IDs from Windows 10 and Windows 11 devices and export them in a CSV file. 

Begin by right-clicking on the Start menu and selecting Settings, Accounts, Access work or school.

Export the logs which include a CSV file that contains the hardware hash.

• In Windows 10, select the link to Export your management log files.
• In Windows 11, select Export in the “Export your management log files” tile.

In both Windows 10 and 11, the log files are exported to the Users\Public\Documents\MDMDiagnostics directory.

Viewing and deregistering devices with the Windows Autopilot service

View devices registered with Windows Autopilot by opening the Intune Admin Center and going to Devices, Enroll Devices, Windows Enrollment, Windows Autopilot Deployment Program, Devices.

When you take a device out of service permanently by following these steps, it should be deregistered first from Intune, then from Autopilot:

1. Log in to Microsoft Intune admin center.
2. On the Home screen, select Devices on the left.
3. In Devices | Overview, under By platform, choose Windows.
4. Look under the device name and select the device you want to deregister. You can use the search box to find the device.
5. Look at the properties screen for the device. Make a note of the serial number. You’ll need this later in Autopilot.
6. After noting the serial number, choose Delete from the toolbar at the top of the page.
7. In the warning dialog box, confirm device deletion by selecting “Yes”.

After deregistering your device from Intune, you can deregister it from Autopilot by following these steps:

1. Confirm the device was deregistered from Intune.
2. Log in to the Microsoft Intune admin center.
3. On the Home screen, select Devices on the left.
4. In Devices | Overview, under By platform, choose Windows.
5. On the Windows | Windows enrollment screen, select Windows enrollment. 
6. Under Windows Autopilot Deployment Program, choose Devices.
7. A Windows Autopilot devices screen will open. Look under Serial Number for the device you need to deregister, verifying the serial number matches the one you deregistered from Intune. You can use the Search by serial number box to find the matching serial number.
8. Click the checkbox next to the device to select it.
9. Click on the extended menu icon (…) to the right of the device. In the menu that appears, look at the option Unassign user.
   1. If Unassign user is available and not grayed out, select it. In the warning dialog box that appears, choose OK to confirm.
   2. If Unassign user is grayed out and not available, go to the next step.
10. Making sure the device is still selected, choose Delete from the toolbar at the top of the page.
11. In the warning dialog box that appears, select Yes to confirm deletion.
12. Wait for the deregistration process to finish. You can click the Sync button in the toolbar at the top of the page to speed up the process.
13. Hit Refresh in the toolbar at the top of the page every few minutes, until you no longer see the device.

Automate your IT asset discovery and management

Capturing a hardware ID and manually registering devices with Windows Autopilot is a way to control the deployment process. Having several ways to obtain a hardware hash ensures that you can keep your inventory up to date and allows you to use Autopilot for device provisioning and setup, enhanced security and reducing IT workload.

Another way to automate IT asset discovery and management is with NinjaOne’s IT asset management software. NinjaOne helps you discover unmanaged devices, increase visibility, identify risks, manage servers and workstations and reduce the cost of supporting endpoints.

Automating discovery and management helps you streamline your IT operations and free up time and resources spent on manual hardware asset management and recordkeeping. Learn more about NinjaOne’s IT asset management software today.