Forum Discussion

energy_0's avatar
energy_0
Copper Contributor
Sep 20, 2024

Powershell - Change Intune Application Assignments

Hello,

 

I'd like to bulk-edit a number of my Intune Win32 assignments. I've got ~30 applications to go through, but I've noted their AppIDs so it would be worth the time investment to find a working Powershell script to run this without having to manually edit each one.

 

Below runs through Elevated Powershell without error, so I'd thought it was successful. Unfortunately nothing changes and assignments remain the same. I've cut down the number in this script and edited tenant-based ID's but practically-speaking this runs through fine.

 

Can anyone advise? I'm new to powershell and basically relying on AI to help make them, or the occasional forum post I can find. 

 

 

# Install the Microsoft Graph PowerShell SDK if not already installed

Install-Module Microsoft.Graph -Scope CurrentUser -Force

 

# Import the Device Management module

Import-Module Microsoft.Graph.DeviceManagement

 

# Connect to Microsoft Graph

Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All"

 

# Retrieve all mobile apps

$allApps = Get-MgDeviceAppManagementMobileApp

 

# Filter for Win32 apps

$win32Apps = $allApps | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.win32LobApp' }

 

# List of specific app IDs to target

$specificAppIds = @(

    "ba5988e8-4hhe-4e99-9181-ff85ce589113",

    "d49dk602-5e02-4af3-b09c-d98d8edac8fb"

)

 

# Filter the Win32 apps to only include the specific apps

$targetApps = $win32Apps | Where-Object { $specificAppIds -contains $_.Id }

 

# Define group IDs

$requiredGroupId = "57ce1fb3-5f94-4287-8f0b-e2ed595ac900"  # Replace with your actual required group ID

$uninstallGroupId = "aq7a3571-7f71-4deb-8f81-289dfe38a2e6"  # Replace with your actual uninstall group ID

 

# Loop through each target app and update the assignment

foreach ($app in $targetApps) {

    # Get the current assignments

    $assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id

 

    # Define the new assignments

    $requiredGroupAssignment = @{

        "@odata.type" = "#microsoft.graph.mobileAppAssignment"

        target = @{

            "@odata.type" = "#microsoft.graph.groupAssignmentTarget"

            groupId = $requiredGroupId

        }

        intent = "required"

    }

 

    $uninstallGroupAssignment = @{

        "@odata.type" = "#microsoft.graph.mobileAppAssignment"

        target = @{

            "@odata.type" = "#microsoft.graph.groupAssignmentTarget"

            groupId = $uninstallGroupId

        }

        intent = "uninstall"

    }

 

    # Add the new assignments to the existing assignments

    $updatedAssignments = $assignments + $requiredGroupAssignment + $uninstallGroupAssignment

 

    # Update the app assignments

    Update-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id -BodyParameter $updatedAssignments

No RepliesBe the first to reply

Resources