Forum Discussion

ShoneBGD's avatar
ShoneBGD
Copper Contributor
Dec 13, 2023

Managing Intune Device Categories via Graph

Hi, I need a way to automatically set device category for all devices inside dynamic group in Intune, what is the best way to achieve this with Microsoft Graph? Thank you, Regards,
Graph API
Intune
ShoneBGD's avatar
ShoneBGD
Copper Contributor
Dec 13, 2023

Hello Deleted,

 

Many thanks for the response , I manage to set up first step, register the app and set required permissions, but have a question regarding access token when I generate it were to put it in the script?

Actually I think i see were access token should be added, however I still have error after running the script:

Line |
55 | $devices = Invoke-RestMethod -Uri $devicesEndpoint -Headers $headers …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"error":{"code":"InvalidAuthenticationToken","message":"CompactToken parsing failed with error code:
| 80049217","innerError":{"date":"2023-12-14T09:04:48","request-id":"96649000-f2cf-414c-9cb0-cc24a0f2dadc","client-request-id":"96649000-f2cf-414c-9cb0-cc24a0f2dadc"}}}

 

Thank you,

Regards,

Shone

Deleted's avatar
Deleted
Dec 15, 2023

Hello ShoneBGD 

 

Welcome to the Microsoft community, my name is Recep I'll be happy to help you today.

 

Here are a few things to check:

  1. Access Token Availability:
    • Print the access token before making the request to see if it is obtained successfully. Add the following line after acquiring the access token:

Write-Host "Access Token: $accessToken

 

  1. Headers Configuration:
    • Confirm that the headers are configured correctly. You can add more debugging output to print the headers before making the request:

Write-Host "Request Headers: $($headers | Out-String)

 

  1. Verify Token Format:
    • Ensure that the access token is in the correct format (JWT) and has the necessary claims. You can use an online JWT decoder to check the contents of the token.

If the access token appears to be correct, and the headers are properly configured, the issue might be related to how the token is being used in the request. Make sure the token is included in the "Authorization" header with the "Bearer" scheme, as shown in your script.

Additionally, double-check that the dynamic group ID and other IDs used in the script are valid and exist in your Intune environment.

If the issue persists, please share the relevant parts of your script (specifically, where you acquire the access token and the headers configuration) so that I can provide more targeted assistance.

 

 

If I have answered your question, please mark your post as Solved

If you like my response, please give it a Like :smile:

Appreciate your Kudos! Proud to contribute! 🙂

 

  • ShoneBGD's avatar
    ShoneBGD
    Copper Contributor
    Dec 20, 2023

    Hello Recep,
    The problems seems with the script in this part:
    # Get devices in the dynamic group

    $devicesEndpoint = "https://graph.microsoft.com/v1.0/deviceManagement/dynamicDeviceGroups/$dynamicGroupID/devices"
    $devices = Invoke-RestMethod -Uri $devicesEndpoint -Headers $headers -Method GET
    It does not find devices under there , I can found all devices that need to be updated with correct deviceCategory under members in Microsoft Graph for example.
    If I compare script with one created from ChatGPT it tries to locate them under members here is example:
    # Get members of the dynamic group
    $group = Get-IntuneGroup -GroupId $groupId -AccessToken $accessToken
    $members = Get-IntuneGroupMember -GroupId $group.Id -AccessToken $accessToken


    I tried to verify access token on some JWT online site seems token is correct , not sure if something more need to be checked?
    Thanks again for the assistance,
    Regards,
    Nenad

Resources