Running a task sequence from Intune

As mentioned in the previous topic, it is possible to run a task sequence in an existing OS. Taking that one step further, it is also reasonably simple to run a task sequence from Intune; that task sequence can then perform a variety of tasks such as installing a list of applications in the order that you want.

A PowerShell script can be used to initiate the task sequence. An example:

# If we are running as a 32-bit process on an x64 system, re-launch as a 64-bit process
if ("$env:PROCESSOR_ARCHITEW6432" -ne "ARM64") {
	if (Test-Path "$($env:WINDIR)\SysNative\WindowsPowerShell\v1.0\powershell.exe") {
		& "$($env:WINDIR)\SysNative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -NoProfile -File "$PSCommandPath"
		Exit $lastexitcode
	}
}

# Run the specified task sequence
$DeployRBootstrap = @{ ProgressTimeout = "1" }
iex (irm "https://our-server-name.com:7281/v1/Service/Bootstrap?tsid=5d1e3201-36cb-433c-88b4-71c031f653fa:1")

# Creating tag file so that Intune can see that it is installed
Mkdir "$($env:ProgramData)\2Pint Software" -Force | Out-Null
Set-Content -Path "$($env:ProgramData)\2Pint Software\RunTS.ps1.tag" -Value "Installed"

Update this script to specify your DeployR server's URL and task sequence ID (Guid) and version.

To run this from Intune, this script can be wrapped into a Win32 app that specifies these details:

• Installation command line: powershell.exe -noprofile -executionmode bypass -file RunTS.ps1

• Detection rule: File "%ProgramData%\2Pint Software\RunTS.ps1.tag" exists

This app can then be assigned to an appropriate group of devices. For Windows Autopilot (v1), include this app in the list of blocking apps in your enrollment status page settings. For Windows Autopilot device provisioning (v2), the same can also be done, or alternatively the script can be added to Intune as a platform script and included in the list of blocking scripts in the device preparation profile.