Microsoft Portals
      Back to home
      1. Help Center
      2. Microsoft Portals

      How to add device hardware ID into Intune customers' tenant as a CSP

      Overview

      Cloud Solution Providers (CSPs) / Microsoft partners have the ability to add devices into their customers' Intune tenants. In the below guide we will go over how a CSP can add their own customers' devices into Intune portal using their CSP account.

      Requirements

      CSP partner account with Microsoft.
      Devices that are manufactured no earlier than 2018 (need to test to confirm as some older device may be supported).
      Device Serial number.
      Device manufacturer.
      Device Model.

      Instructions

      Capturing the device details and importing to the CSP portal

      • Log in to the Microsoft partner portal.
        • You may need to your use admin account.
      • Click on CSP.
      • Select the customer you want to import the hardware hashes for.
      • Click on Devices (top left).
      • Select Add devices.
      • Download the sample.csv.
      • Open with notepad or notepad++ for better formatting. Excel may change formatting for this document.

      Note: Some models on purchase orders and RMM solutions might not match the exact model name of the device. You may need to capture the model name once per model on the device itself. To do so, run the below script using command line on the device itself and cross check the result against what is showing on the purchase order or your RMM solution.

      wmic csproduct get name

        • In the sample.csv keep the headers (line 1) and delete everything below it.
        • For each device you want to import, on a new line add the below:
        serial number,,, manufacturer, model

        • Upload the sample.csv to the CSP portal.
        • If you are adding a new group of devices give the group a name.
        • Click on Save.
        • Go to Endpoint manager on the customer's tenant. The URL will look something like: http://endpoint.microsoft.com/%customer.com% - make sure you change customer.com to your customer's full domain name.
        • In the Endpoint portal, go to Devices.
        • In the left panel click on Enrolled Devices blade.
        • Select the Windows Autopilot Devices icon.
        • From the top bar Click Sync.
        • Then click Refresh.
        • The device(s) should show in the list of devices.

        Note: It may take a few moments for the device(s) to appear in the list.

        Creating deployment profiles group

        • In the Microsoft Intune portal go to Devices.
        • Under Device onboarding, select Enrollment blade.
        • Select the Deployment profiles icon.
        • The profile will show Unassigned.
        • Go on the Groups blade and create a new Dynamic Group:
          • Group type: Security.
          • Group Name: Something that suites the autopilot device assignment.
          • Group Description: not mandatory, but you may use any description you want.
          • Membership type: Dynamic Device
          • Owner: You may add an owner to the group - not mandatory.
          • Dynamic device members: click on Add dynamic query and under Rule syntax click Edit add the below:
        (device.devicePhysicalIDs -any (_ -contains "[ZTDId]"))

          • With the above dynamic group, whenever a user enrols a devices using autopilot they will be automatically added to the group.
          • Go back to the group and check the group members to confirm.

          Note: Device Objects that are already on Entra ID will not be imported automatically to the dynamic group as the autopilot tag does not get updated as an attribute on existing devices, but rather gets created with new devices.
          To remediate such devices, a new "Assigned" group needs to be created then the device(s) need to be manually added to the group.

          Assign the group(s) to the autopilot profile

          • In Endpoint portal go to Devices.
          • Under Device onboarding, select Enrollment blade.
          • Select the Deployment profiles icon.
          • Click the profile you want to assign the group to.
          • Click on the Properties blade.
          • At the bottom next to Assignments click Edit.
          • Click Add groups and in the search find the group(s) you want to add.
            • Add the Dynamic group you created earlier, if you had also created an Assigned group then add that as well.
          • Click Select.
          • From the bottom left click on Review + save.
          • Click Save.
          • To confirm the assignment took place:
            • In the Endpoint portal, go to Devices.
            • In the left panel click on Enrolled Devices blade.
            • Select the Devices icon.
            • Wait a couple of minutes and check the profile status changed from Not assigned to Assigned.