Check Device Onboarding Exclusion Scheduled

Add unenrolled Autopilot devices to an exclusion group

Description

This runbook identifies Windows Autopilot devices that are not yet enrolled in Intune and ensures they are members of a configured exclusion group. It also removes devices from the group once they are no longer in scope.

Location

Organization → General → Check Device Onboarding Exclusion (Scheduled)

Full Runbook name

rjgit-org_general_check-device-onboarding-exclusion_scheduled

Permissions

Application permissions

Type: Microsoft Graph
- Group.ReadWrite.All
- Device.Read.All
- DeviceManagementManagedDevices.Read.All

Parameters

exclusionGroupName

Display name of the exclusion group to manage.

Property

Value

Required

false

Default Value

cfg - Intune - Windows - Compliance for unenrolled Autopilot devices (devices)

Type

String

maxAgeInDays

Maximum age in days for recently enrolled devices to be considered in grace scope.

Property

Value

Required

false

Default Value

Type

Int32

Back to Runbook Reference overview

Last updated 3 days ago

Was this helpful?

Good morning

hashtagDescription

hashtagLocation

hashtagPermissions

hashtagApplication permissions

hashtagParameters

hashtagexclusionGroupName

hashtagmaxAgeInDays