Update to Microsoft Intune PowerShell example script repository on GitHub

Microsoft

Jun 08, 2023

Since publishing the Intune GitHub sample script repository (repo) containing PowerShell scripts that demonstrate the use of the Microsoft Graph API for automation in 2016, there have been significant changes to the Microsoft Graph and PowerShell modules. To ensure the scripts remain relevant and useful for the community, we have reviewed and updated a subset of the scripts and simplified code. In addition, new GitHub repos have been created to house the updated scripts based on the scenario type.

Important: From a support perspective, Microsoft fully supports Intune and its ability to deploy PowerShell scripts. However, Microsoft does not support the scripts themselves, even if they are on our GitHub repository. They’re provided for example only. You are responsible for anything that they may do within your environment. Always test!

Starting today, the original Intune Graph Samples repo is being archived, however it’ll remain available for educational purposes and may continue to be used to provide examples on how to interact with Microsoft Graph endpoints directly.

Note: The samples in the now archived Intune Graph Samples repo use Azure Active Directory Authentication Library (ADAL) for authentication and authorization functionality, which is supported through June 2023. If you’re still using any of these samples in your environment, please see Migrate to the Microsoft Authentication Library (MSAL) and update them as soon as possible. Differences between ADAL and MSAL may be found here: Differences between ADAL.NET and MSAL.NET apps.

The new sample script repositories

The goal of the new repositories is to provide PowerShell scripts that can be used to automate common tasks in Intune using the Microsoft Graph and Microsoft Graph PowerShell modules. These scripts are intended to help Intune administrators better understand how to utilize the Graph and PowerShell modules for automation. However, it’s up to each organization to use these scripts as a starting point to develop their own automation scripts that they will own and maintain.

Note: With the theme of simplification, the samples do not have code for authentication, which means the newly updated scripts repo will need to be edited and modified before they can be run. Each sample script includes the necessary comments that will guide you through the process of adding the code for authentication. To learn more, see Using Microsoft Graph PowerShell authentication commands.

The new Intune GitHub repos are structured for quick access based on scenario as follows:

Microsoft Graph PowerShell SDK Intune Samples – NEW!
- Updated Intune management scripts with modern PowerShell functions.
Sample Shell solutions for Linux and macOS – unchanged
- Shell script samples compatible with Linux and macOS.
Sample Intune solutions – NEW!
- Automation scripts to perform actions related to a specific task or scenario.
Intune sample scripts – archive
- Legacy Intune script samples.

We’ve also published a landing page to help locate each GitHub repo created and managed by our team located at: https://aka.ms/IntuneScripts.

Additional script samples will continue to be updated and added in the future, however if you have any suggestions for changes, updates, or ideas for new samples, please feel free to share them in the comments below or reach out to us on Twitter @IntuneSuppTeam. This project is for the Intune community and we want to ensure that it meets the needs and expectations of everyone. Thank you for your contribution and support.

Updated Jun 08, 2023

Version 2.0

Intune_Support_Team

Microsoft

Joined October 11, 2018

View Profile

Intune Customer Success

Follow this blog board to get notified when there's new activity

10 Comments

Intune_Support_Team
Microsoft
Nov 28, 2024
Hi all,

Thank you for all the comments sharing your feedback, experience, and questions in regards to this feature. As mentioned in the article, we will continue to work to add additional script samples will in the future, and if you have any suggestions for changes, updates, or ideas for new samples, continue to share them in the comments below or reach out to us on Twitter @IntuneSuppTeam.

If we have missed any of your comments, and you continue to experience issues, please reach out to us via DM so we can investigate further.

Thanks!
CloudSnout
Copper Contributor
May 31, 2024
I am baffeled by the way this upgrade is communicated.
After about 8 browsertabs I still am just able to find partial information, with texts like "Select the checkbox next to the required permissions", but without mentioning the required permissions. Just share the one-stop-shop persmissionset to fully enable the functionalities within this module...

As far as comments in this thread go I believe I am not the only one.

However, if I understand correctly, we now end up with a module where each time the app id should be updated when you administer multiple Microsoft tenants, since you cannot choose the app id that will be created.

"With the theme of simplification" it might help to create a comprehensive setup-guide and an easy workaround to connect to multiple tenants.

For anyone lost in how to properly upgrade or create a new app registration:
powershell-intune-samples/Updating App Registration at master · microsoftgraph/powershell-intune-samples · GitHub

Tip 2: Do not use the wildcards in the return url. It's just urn:ietf:wg:oauth:2.0:oob

Hopefully this will be adressed, so that connecting to an environment becomes easier. Other modules are able to request a new registration if needed, while giving consent during authentication.
Flo-KKIT
Copper Contributor
May 22, 2024
Hello everyone, my script “IntuneWin32” unfortunately requires the Connect-MSIntuneGraph connection. However, I only get errors here. Does anyone have an idea?
- Intune_Support_Team
  Microsoft
  Nov 28, 2024
  Hi Flo-KKIT
  
  Sorry we missed your message. If you continue to experience issues with Connect-MSIntuneGraph on your device, can you share the error messages/screenshots via DM?
  
  Thanks!
nikolar97
Copper Contributor
May 21, 2024
Guys,

We have peace of code like this:

Update-MSGraphEnvironment -AppId "e00ac69e-........"
$cred = Get-Credential
connect-msgraph -Credential $cred

if we store those creds somewhere or use it like this we are getting following error:

connect-msgraph : AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 45bee449-0fe5-4cf3-9aa1-c52277731b00 Correlation ID: 4e795f88-745a-4c30-9363-f3f25ae18c14 Timestamp: 2024-05-16 13:55:08Z
At line:1 char:1
connect-msgraph -Credential $cred
+ CategoryInfo : NotSpecified: (:) [Connect-MSGraph], AdalServiceException
+ FullyQualifiedErrorId : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Connect

However if we just run connect-msgraph and type creds in Azure windows that pop-ups script executes without issue but we need to store those creds so script can execute without our interaction...

Any idea how to solve this?

BR
Flo-KKIT
Copper Contributor
May 17, 2024
Hello ,
I use the Win32App script to package and upload Intune applications.
I have installed it as follows. But then I get the following:

The simple connection with Connect-MSIntuneGraph does not work either. It looks as if the old app ID is still stored?
Connect-MSIntuneGraph -TenantID xxxxxxxxxxxxxxxxxx
BsdPerv
Copper Contributor
May 17, 2024
Hello. I added this to my script (which handled Intune MDM device management), prior to the Connect-MsGraph cmdlet:
Update-MsGraphEnvironment -AppID <MY-NEWLY-REGISTERED-APP-ID> | Out-Null
Flo-KKIT
Copper Contributor
May 17, 2024
Hello everyone,
I have also registered and authorized the new Enterprise App as described in the instructions. I have also updated the environment.
Unfortunately, the script still calls up the old app. What have I overlooked?

Connect-MSIntuneGraph -TenantID "xxxxx.onmicrosoft.com"
BsdPerv
Copper Contributor
May 13, 2024
nhtkid I struggled with this for a few days, but I think I have now figured it out.

I used option #2 (Register app in Entra ID and give Intune Graph permission in it) from this documentation:
https://github.com/microsoftgraph/powershell-intune-samples/blob/master/Updating%20App%20Registration

Once the Enterprise App was fully created, I ran this command in PowerShell:
Update-MSGraphEnvironment -appid <MY_NEW_APP_ID#>

Then I was able to connect with
Connect-MsGraph
and it no longer gave an error.

I am now able to run my old/traditional commands such as
Get-IntuneManagedDevice

nhtkid

Iron Contributor

May 11, 2024

So I have this simple script that could sync or reboot Intune devices.

It stopped working now due to the application id (d1ddf0e4-d672-4dae-b554-9d5bdfd93547) being retired.

I have many other scripts performing different Intune related tasks but all utilising MsGraph.

What exactly do I need to update to make the script working again?

Thanks!

Connect-MSGraph
$DeviceGroup = Read-Host -Prompt "Please provide the AAD group object ID"

$DeviceList = Get-Groups_Members -groupId $DeviceGroup -Select id, deviceId, displayName | get-MSGraphAllpages

$AllIntuneDevices = Get-IntuneManagedDevice -select id, operatingSystem, azureADDeviceId -Filter "contains(operatingSystem, 'iOS')" | get-MSGraphAllpages

foreach ($Device in $DeviceList)

{
    $deviceIntuneId = $AllIntuneDevices | Where-Object {$_.azureADDeviceId -eq $Device.deviceId}

    Write-Host $Device.deviceId

    if($deviceIntuneId)
    {
        Invoke-DeviceManagement_ManagedDevices_SyncDevice -managementDeviceId $deviceIntuneID.id

        Write-Host "Sync command has been sent to the device"
    }

    else {
        Write-Host "$Device.deviceId not found"
    }

}

Blog Post

Update to Microsoft Intune PowerShell example script repository on GitHub

The new sample script repositories