Zehadi Alam
If encountering challenges with the Windows Configuration Designer to retrieve a bulk token, an alternative approach involves utilizing PowerShell. The following is an outline of the process.
1. Install and import the AADInternals PowerShell module.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
Install-Module AADInternals
Import-Module AADInternals
2. Get access token
Get-AADIntAccessTokenForAADGraph -Resource urn:ms-drs:enterpriseregistration.windows.net -SaveToCache
Enter Azure AD Z-Account credentials when prompted.
3. Retrieve bulk token
$bprt = New-AADIntBulkPRTToken -Name "z-myid@uga.edu"
The bulk token will be saved to a JSON file in the same directory.
4. Open the JSON file and copy the value from refresh_token, excluding quotes
5. Open Windows Configuration Designer and select Advanced Provisioning
6. Navigate to Accounts → Azure → Authority
Ensure the value is https://login.microsoftonline.com/common
7. Navigate to Accounts → Azure → BPRT
Paste the refresh token value from the JSON file
8. Export the provisioning package once all configurations are complete.
