Scribd
Upload
14 views2 pages

Intune Device

The document outlines a PowerShell script for authenticating with Microsoft Graph API using client credentials. It retrieves all managed devices from Intune, filters them to find Windows devices managed by MDM, and applies a specific device category to those devices. The script includes error handling to skip any devices that fail during the category application process.

Uploaded by

aron.kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
14 views2 pages

Intune Device

The document outlines a PowerShell script for authenticating with Microsoft Graph API using client credentials. It retrieves all managed devices from Intune, filters them to find Windows devices managed by MDM, and applies a specific device category to those devices. The script includes error handling to skip any devices that fail during the category application process.

Uploaded by

aron.kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

# ==========================

# CONFIGURATION
# ==========================

$ClientId = '23a9f6584'
$ClientSecret = 'mXm8QK22Wi.L2bRf'
$TenantId = '6fb5baac-4b2c4a47'
$DeviceCategoryId = '2ecb0ccd-01'
# ==========================
# AUTHENTICATION
# ==========================
$body = @{
grant_type = "client_credentials"
client_id = $clientId
client_secret = $clientSecret
scope = "https://graph.microsoft.com/.default"
}

$tokenResponse = Invoke-RestMethod -Method POST -Uri


"https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Body $body
$accessToken = $tokenResponse.access_token

$Headers = @{
Authorization = "Bearer $accessToken"
"Content-Type" = "application/json"
}

# ==========================
# GET DEVICES FROM INTUNE
# ==========================
$AllDevices = @()
$uri = "https://graph.microsoft.com/beta/deviceManagement/managedDevices"

do {
$response = Invoke-RestMethod -Method GET -Uri $uri -Headers $Headers
$AllDevices += $response.value
$uri = $response.'@odata.nextLink'
} while ($uri)

# ==========================
# FILTER FOR WINDOWS + MDM
# ==========================
$WindowsMDMDevices = $AllDevices | Where-Object {
$_.operatingSystem -eq "Windows" -and $_.managementAgent -like "*mdm*"
}

# ==========================
# APPLY DEVICE CATEGORY
# ==========================
foreach ($device in $WindowsMDMDevices) {
try {
$CategoryRef = @{ "@odata.id" =
"https://graph.microsoft.com/beta/deviceManagement/deviceCategories/
$DeviceCategoryId" }
$bodyJson = $CategoryRef | ConvertTo-Json -Depth 2

Invoke-RestMethod -Method PUT `


-Uri
"https://graph.microsoft.com/beta/deviceManagement/managedDevices/$($device.id)/
deviceCategory/`$ref" `
-Headers $Headers `
-Body $bodyJson `
-ErrorAction Stop
} catch {
# Silently skip failed devices
continue
}
}

You might also like