If you manage Windows Autopilot at scale, you will know how painful it is trying to add devices into Entra ID groups when all you have is a list of serial numbers.
Entra bulk upload does not accept serial numbers. It only accepts:
-
Device object IDs
-
Or user UPNs
This guide shows you how to turn a simple Notepad list of serial numbers into a ready-to-upload CSV file that Entra accepts.
No manual lookups. No clicking through portals.
Why this is useful
This method is perfect when:
-
You have received a bulk shipment of new laptops.
-
Devices are already imported into Windows Autopilot.
-
You need to quickly target them with:
-
Configuration profiles
-
ESP profiles
-
App deployments
-
Compliance policies
-
Instead of adding each device one-by-one, you can generate the CSV in seconds.
Step 1 – Create your serial number file
Create this file:
Add one serial number per line:
Step 2 – Install Microsoft Graph PowerShell (one time only)
Open PowerShell as yourself and run:
Install-Module Microsoft.Graph -Scope CurrentUser -Force
Step 3 – Run the conversion script
This script:
-
Reads your serial list
-
Finds the matching Autopilot records
-
Maps them to Entra device object IDs
-
Creates the CSV file ready for bulk upload
$serialFile = "D:\serials.txt"
$outCsv = "D:\group-members.csv"
$serials = Get-Content $serialFile | ForEach-Object { $<em data-start="1682" data-end="1712">.Trim() } | Where-Object { $</em> }
Import-Module Microsoft.Graph.DeviceManagement.Enrollment
Import-Module Microsoft.Graph.Identity.DirectoryManagement
Connect-MgGraph -Scopes "DeviceManagementServiceConfig.Read.All","Device.Read.All"
$apDevices = Get-MgDeviceManagementWindowsAutopilotDeviceIdentity -All
$rows = foreach ($s in $serials) {
<div class="contain-inline-size rounded-2xl corner-superellipse/1.1 relative bg-token-sidebar-surface-primary"><div class="sticky top-[calc(--spacing(9)+var(--header-height))] @w-xl/main:top-9"><div class="absolute end-0 bottom-0 flex h-9 items-center pe-2"><div class="bg-token-bg-elevated-secondary text-token-text-secondary flex items-center gap-4 rounded-sm px-2 font-sans text-xs"> </div></div></div><div class="overflow-y-auto p-4" dir="ltr"><code class="whitespace-pre!"><span class="hljs-variable">$ap</span> = <span class="hljs-variable">$apDevices</span> | <span class="hljs-built_in">Where-Object</span> { <span class="hljs-variable">$_</span>.SerialNumber <span class="hljs-operator">-eq</span> <span class="hljs-variable">$s</span> } | <span class="hljs-built_in">Select-Object</span> <span class="hljs-literal">-First</span> <span class="hljs-number">1</span>
<span class="hljs-keyword">if</span> (<span class="hljs-operator">-not</span> <span class="hljs-variable">$ap</span>) { <span class="hljs-keyword">continue</span> }
<span class="hljs-keyword">if</span> (<span class="hljs-operator">-not</span> <span class="hljs-variable">$ap</span>.AzureActiveDirectoryDeviceId) { <span class="hljs-keyword">continue</span> }
<span class="hljs-variable">$aad</span> = <span class="hljs-built_in">Get-MgDevice</span> <span class="hljs-literal">-Filter</span> <span class="hljs-string">"deviceId eq '<span class="hljs-variable">$</span></span>(<span class="hljs-variable">$ap</span>.AzureActiveDirectoryDeviceId)'" <span class="hljs-literal">-Property</span> Id | <span class="hljs-built_in">Select-Object</span> <span class="hljs-literal">-First</span> <span class="hljs-number">1</span>
<span class="hljs-keyword">if</span> (<span class="hljs-operator">-not</span> <span class="hljs-variable">$aad</span>) { <span class="hljs-keyword">continue</span> }
[<span class="hljs-type">pscustomobject</span>]<span class="hljs-selector-tag">@</span>{
memberObjectIdOrUpn = <span class="hljs-variable">$aad</span>.Id
}
</code></div></div>
}
$rows | Export-Csv -Path $outCsv -NoTypeInformation -Encoding UTF8
Step 4 – Upload to your Entra group
Your CSV will now exist here:
Go to:
Entra admin centre → Groups → your device group → Members → Bulk add members
Upload the CSV file and your devices will be added instantly.
Common issues
Autopilot record exists but device is skipped
The device has never enrolled yet, so it does not have an Entra object ID.
403 Forbidden error
Your account does not have permission to read Autopilot devices. You will need:
-
Intune role that allows reading Autopilot devices
-
Or admin consent for
DeviceManagementServiceConfig.Read.All
This process turns what used to be a 30-minute manual job into a 30-second task and works perfectly for laptop refresh projects, Intune migrations, and large Autopilot rollouts.
