Comprehensive Strategies to Obtain a Hardware Hash for Microsoft 365

Comprehensive Strategies to Get a Hardware Hash for Microsoft 365 blog banner image

Windows Autopilot is available with certain Microsoft 365 plans and allows IT administrators to automatically set up and configure new endpoint devices and reset and repurpose existing devices. To register and manage a device in Autopilot, you need to have its hardware hash. 

What is a hardware hash and how does it work?

A hardware hash, also known as a hardware ID, is a unique identifier assigned to every hardware device. Microsoft 365 uses hardware hash to verify a device’s identity when registering it with Windows Autopilot.

The hardware hash is generated based on specific hardware components unique to a device, such as the motherboard, CPU and BIOS

NinjaOne’s IT Asset Management software helps simplify device registration.

Sign up for a 14-day free trial.

Why manually register devices with Windows Autopilot?

Some manufacturers and distributors generate a hash and register devices for the buyer. However, there are still reasons why you should know how to manually register devices with Windows Autopilot.

  • Your device is from a manufacturer or reseller that doesn’t automatically register devices with Autopilot, it’s a virtual machine or it’s a legacy device that wasn’t automatically registered.
  • You want to control the enrollment process and make sure only authorized devices are registered to maintain the security of your organization’s devices.
  • You want to customize the configuration settings applied to each device during the deployment process.
  • You want to track and manage IT assets using the information from manually obtaining hardware hashes. 

4 ways to get a hardware ID from devices

Use one of these four methods to capture the hardware hash or hardware ID from your device. 

1. Get a Hardware Hash through Microsoft Configuration Manager

IT administrators use Microsoft Configuration Manager to manage and deploy software, updates and settings across the devices on a network. It also lets you obtain the hardware hash for devices with these steps:

  1. Launch the Configuration Manager console and navigate to the “Assets and Compliance” workspace.
  2. Select Devices and choose the device you want to obtain the hardware hash for.
  3. Right-click on the device and select Properties.
  4. In the device properties window, navigate to the Hardware Inventory tab.
  5. Click on Set Classes and enable the SMS_G_System_WINDOWS_AUTOPILOT_DEVICE class.
  6. Click on OK to save the changes.
  7. Initiate a hardware inventory cycle on the device.
  8. Once the inventory cycle is complete, the hardware hash will be available in the Configuration Manager database.

2. Get a Hardware Hash during Windows OOBE

Windows OOBE (Out of Box Experience) is the initial setup process that users go through when setting up a new Windows device. During OOBE on a Windows 11 device, you can use the Windows Autopilot Diagnostics Page to obtain the hardware hash.

During OOBE, press Ctrl-Shift-D to open the Diagnostics Page. Here, you’ll find logs that include a CSV with the hardware hash that you can export to a removable drive.

3. Get a Hardware Hash using Windows PowerShell

Use Windows Management Instrumentation (WMI) and a PowerShell script to obtain the hardware hash for a Windows device. You can download the Get-WindowsAutopilotInfo.ps1 script from the PowerShell Gallery and run it on each device or install the script directly from the PowerShell Gallery.

Install the script directly on the device by typing these commands in a Windows PowerShell prompt:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

New-Item -Type Directory -Path “C:\HWID”

Set-Location -Path “C:\HWID”

$env:Path += “;C:\Program Files\WindowsPowerShell\Scripts”

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Install-Script -Name Get-WindowsAutopilotInfo

Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv

While Windows OOBE runs, open a command prompt, run the PowerShell command then type use the following commands:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

PowerShell.exe -ExecutionPolicy Bypass

Install-Script -name Get-WindowsAutopilotInfo -Force

Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned

Get-WindowsAutopilotInfo -Online

Sign in when prompted, then sync with the Microsoft Intune admin center by selecting Devices, Windows, Windows enrollment, Devices (under Windows Autopilot Deployment Program), Sync.

After the device appears in the device list, you can restart it to make OOBE initiate the Windows Autopilot provisioning process. When prompted, approve the required app registration permissions.

Want to learn more about PowerShell? Watch this 30-minute crash course.

4. Get a Hardware Hash through Windows desktop hash export

The desktop hash export utility lets you capture hardware IDs from Windows 10 and Windows 11 devices and export them in a CSV file. 

Begin by right-clicking on the Start menu and selecting Settings, Accounts, Access work or school.

Export the logs which include a CSV file that contains the hardware hash.

  • In Windows 10, select the link to Export your management log files.
  • In Windows 11, select Export in the “Export your management log files” tile.

In both Windows 10 and 11, the log files are exported to the Users\Public\Documents\MDMDiagnostics directory.

Viewing and deregistering devices with the Windows Autopilot service

View devices registered with Windows Autopilot by opening the Intune Admin Center and going to Devices, Enroll Devices, Windows Enrollment, Windows Autopilot Deployment Program, Devices.

When you take a device out of service permanently by following these steps, it should be deregistered first from Intune, then from Autopilot:

  1. Log in to Microsoft Intune admin center.
  2. On the Home screen, select Devices on the left.
  3. In Devices | Overview, under By platform, choose Windows.
  4. Look under the device name and select the device you want to deregister. You can use the search box to find the device.
  5. Look at the properties screen for the device. Make a note of the serial number. You’ll need this later in Autopilot.
  6. After noting the serial number, choose Delete from the toolbar at the top of the page.
  7. In the warning dialog box, confirm device deletion by selecting “Yes”.

After deregistering your device from Intune, you can deregister it from Autopilot by following these steps:

  1. Confirm the device was deregistered from Intune.
  2. Log in to the Microsoft Intune admin center.
  3. On the Home screen, select Devices on the left.
  4. In Devices | Overview, under By platform, choose Windows.
  5. On the Windows | Windows enrollment screen, select Windows enrollment. 
  6. Under Windows Autopilot Deployment Program, choose Devices.
  7. A Windows Autopilot devices screen will open. Look under Serial Number for the device you need to deregister, verifying the serial number matches the one you deregistered from Intune. You can use the Search by serial number box to find the matching serial number.
  8. Click the checkbox next to the device to select it.
  9. Click on the extended menu icon (…) to the right of the device. In the menu that appears, look at the option Unassign user.
    1. If Unassign user is available and not grayed out, select it. In the warning dialog box that appears, choose OK to confirm.
    2. If Unassign user is grayed out and not available, go to the next step.
  10. Making sure the device is still selected, choose Delete from the toolbar at the top of the page.
  11. In the warning dialog box that appears, select Yes to confirm deletion.
  12. Wait for the deregistration process to finish. You can click the Sync button in the toolbar at the top of the page to speed up the process.
  13. Hit Refresh in the toolbar at the top of the page every few minutes, until you no longer see the device.

Automate your IT asset discovery and management

Capturing a hardware ID and manually registering devices with Windows Autopilot is a way to control the deployment process. Having several ways to obtain a hardware hash ensures that you can keep your inventory up to date and allows you to use Autopilot for device provisioning and setup, enhanced security and reducing IT workload.

Another way to automate IT asset discovery and management is with NinjaOne’s IT asset management software. NinjaOne helps you discover unmanaged devices, increase visibility, identify risks, manage servers and workstations and reduce the cost of supporting endpoints.

Automating discovery and management helps you streamline your IT operations and free up time and resources spent on manual hardware asset management and recordkeeping. Learn more about NinjaOne’s IT asset management software today.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to simplify the hardest parts of IT?
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).