Forum Widgets
Latest Discussions
Powershell - Change Intune Application Assignments
Hello, I'd like to bulk-edit a number of my Intune Win32 assignments. I've got ~30 applications to go through, but I've noted their AppIDs so it would be worth the time investment to find a working Powershell script to run this without having to manually edit each one. Below runs through Elevated Powershell without error, so I'd thought it was successful. Unfortunately nothing changes and assignments remain the same. I've cut down the number in this script and edited tenant-based ID's but practically-speaking this runs through fine. Can anyone advise? I'm new to powershell and basically relying on AI to help make them, or the occasional forum post I can find. # Install the Microsoft Graph PowerShell SDK if not already installed Install-Module Microsoft.Graph -Scope CurrentUser -Force # Import the Device Management module Import-Module Microsoft.Graph.DeviceManagement # Connect to Microsoft Graph Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" # Retrieve all mobile apps $allApps = Get-MgDeviceAppManagementMobileApp # Filter for Win32 apps $win32Apps = $allApps | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.win32LobApp' } # List of specific app IDs to target $specificAppIds = @( "ba5988e8-4hhe-4e99-9181-ff85ce589113", "d49dk602-5e02-4af3-b09c-d98d8edac8fb" ) # Filter the Win32 apps to only include the specific apps $targetApps = $win32Apps | Where-Object { $specificAppIds -contains $_.Id } # Define group IDs $requiredGroupId = "57ce1fb3-5f94-4287-8f0b-e2ed595ac900" # Replace with your actual required group ID $uninstallGroupId = "aq7a3571-7f71-4deb-8f81-289dfe38a2e6" # Replace with your actual uninstall group ID # Loop through each target app and update the assignment foreach ($app in $targetApps) { # Get the current assignments $assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id # Define the new assignments $requiredGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $requiredGroupId } intent = "required" } $uninstallGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $uninstallGroupId } intent = "uninstall" } # Add the new assignments to the existing assignments $updatedAssignments = $assignments + $requiredGroupAssignment + $uninstallGroupAssignment # Update the app assignments Update-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id -BodyParameter $updatedAssignments
Connect-SPOService not working in PowerShell 7
Hi all, I'm having some issues getting Connect-SPOService working in PowerShell 7 (7.2.4). It works fine in Windows PowerShell (5.1.22), however it will always generate errors when trying to us it in PS 7 which I've listed below. Firstly if I open Windows PS, I can use it straight away, however if I open PS 7, I have to import the module in order to use it. I guess I can fix this with a profile adjustment, but is there a reason why this would be the case? Secondly even when it's been imported, if I try to connect with the following, I get an error: Connect-SPOService -Url https://***-admin.sharepoint.com Connect-SPOService: No valid OAuth 2.0 authentication session exists Never seen this before in Windows PS and I'm not sure how to resolve it so I tried connecting with this instead. Still got an error but a different one this time: Connect-SPOService -Url https://***-admin.sharepoint.com -Credential ***@***.com Connect-SPOService: The sign-in name or password does not match one in the Microsoft account system. I know these are the right credientials as again they work fine in Windows PS. This lead me to think that something still wasn't being imported correctly into PS 7, so I had a look at the modes, and I noticed that the ExportedCommands don't appear when Get-Module is run in PS 7, but again they do in Windows PS. I'm guessing this could be part of the issue but I'm not sure how to resolve it. From what I can see everything appears fine, but I'm sure I'm missing something here. I've tried setting my ExecutionPolicy to unrestricted in case that was the problem, however it didn't appear to change anything. If anyone has seen this before or could provide any help it would be greatly appreciated. I realise that I could just use Windows PS, but it feels like PS 7 is the way forward and it would be nice to better understand why this is happening. Many thanks in advance.
How to disable automatic updates in Debug Diagnostics 2.1 using PowerShell
Greetings all. I am writing a PowerShell script to do an unattended install of Debug Diagnostics Tool version 2.2.0.14. The installer is an x64 .msi. The unattended install works fine, but I am unable to find the correct switch/command to disable automatic updates for the tool. Here is the latest code I tried: Execute-MSI -Action 'Install' -Path "<filepath>\DebugDiagx64.msi" -Parameters "/qn /norestart ALLUSERS=2 DISABLE_AUTOUPDATES=1" Other switches I have tried for disabling updates includes DISABLE_UPDATES=1, UPDATES=0 and UPDATES=FALSE. None of these work. Updates can be disabled manually through the Options & Settings GUI. Screenshots for this are attached. I really need a way to disable the automatic updates through PowerShell during an unattended installation through SCCM . Thanks.How to disable automatic updates in Debug Diagnostics 2.1 using PowerShell
Greetings all. I am writing a PowerShell script to do an unattended install of Debug Diagnostics Tool version 2.2.0.14. The installer is an x64 .msi. The unattended install works fine, but I am unable to find the correct switch/command to disable automatic updates for the tool. Here is the latest code I tried: Execute-MSI -Action 'Install' -Path "<filepath>\DebugDiagx64.msi" -Parameters "/qn /norestart ALLUSERS=2 DISABLE_AUTOUPDATES=1" Other switches I have tried for disabling updates includes DISABLE_UPDATES=1, UPDATES=0 and UPDATES=FALSE. None of these work. Updates can be disabled manually through the Options & Settings GUI. Screenshots for this are attached. I really need a way to disable the automatic updates through PowerShell during an unattended installation. Thanks.Bug: Invoke-MgGraphRequest not respecting ErrorAction.
Hi folks, This is a brief callout that Invoke-MgGraphRequest is not currently respecting the ErrorAction parameter. Rather, it's hardwired to throwing an exception as if ErrorAction:Stop had been provided. If you're like me and typically use ErrorAction:Stop in a try/catch block then you won't be impacted, but if use another value like Continue (the default) or SilentlyContinue, you may find this breaks your automation. Example Hopefully this is addressed in a future version of the Microsoft.Graph.Authentication module. Cheers, Lain
Map vmdk to guest volume
I have a Hyper-V cluster and want PowerShell to give me a list of what vmdk file is assigned to which volume mount point in the virtual machine OS (Windows). Example: vmdk file mount point ------------------------------------------------------------------------------------------- C:\ClusterStorage\Data1\VM\ComputerA\Virtual Hard Disks\OSDisk.vhdx C:\ C:\ClusterStorage\Data1\VM\ComputerA\Virtual Hard Disks\MainMount.vhdx M:\ C:\ClusterStorage\Data1\VM\ComputerA\Virtual Hard Disks\Temp.vhdx M:\Temp The vmdks for C: and M: are mapped to drives in the guest, whereas Temp.vhdx is mounted in a folder under M:\. The main challenge for me is actually to find the correct elements that allow me to link a VMDK to a disk inside the virtual machine OS. The ones I found so far are: Get-Disk gives me numbers for adapter, port, target, and LUN, and Get-VMHardDiskDrive returns numbers for controller and location, which I guess link to target and LUN. But I'm pretty unsure whether it's safe to use these properties... Get-Disk returns a path, and I think I can use this to map the result of a win32_mountpoint CIM query to it to get the volume mount point... Does anyone have some valuable information for me on this?
Launch program remotely which must remain running
Hello everyone, I have to start and leave programs running on some remote PCs, I used invoke-command with start-job and start-process. Launching the script from my powershell window, the executables remain running until I close the window itself, I believe for reasons of remote sessions started. So if I schedule the start of this script in the Windows "Task Scheduler", the session is opened and closed and the executables start and close shortly after, that is, when the scheduled task completes. I also set the "-noexit" argument, but nothing happened. What can I do so that I can schedule these startups and let the affected programs run? I hope I was clear, ask if you need it, thanks everyone.New-MgBookingBusinessService | Customer Information Questions
I'm trying to turn off the stock Customer Information questions except for the customer email using PowerShell and New-MgBookingBusinessService and cannot seem to figure it out. Any assistance is much appreciated! # Prompt for Booking Business ID $bookingBusinessId = Read-Host "Enter the Booking Business ID (e.g., email address removed for privacy reasons)" # Prompt for default duration in minutes $defaultDurationMinutes = Read-Host "Enter default appointment duration in minutes (e.g., 15)" $defaultDuration = [TimeSpan]::FromMinutes([double]$defaultDurationMinutes) # Post-buffer stays at 5 minutes $postBuffer = [TimeSpan]::FromMinutes(5) # Hardcoded Excel file path $excelFilePath = "C:\Users\apettit\OneDrive - Eau Claire Area School District\Downloads\adamtestconferencedata.xlsx" # Prompt for worksheet/tab name $sheetName = Read-Host "Enter the worksheet/tab name to read data from" # Import Excel data using Import-Excel (requires ImportExcel module) if (-not (Get-Module -ListAvailable -Name ImportExcel)) { Install-Module -Name ImportExcel -Scope CurrentUser -Force } Import-Module ImportExcel $staffEmails = Import-Excel -Path $excelFilePath -WorksheetName $sheetName # Retrieve all staff members for the booking business Write-Host "Fetching all staff members for booking business ID: $bookingBusinessId" $allStaff = Get-MgBookingBusinessStaffMember -BookingBusinessId $bookingBusinessId if (-not $allStaff) { Write-Error "No staff members found for the booking business ID: $bookingBusinessId" return } # Retrieve all custom questions Write-Host "Fetching all custom questions for booking business ID: $bookingBusinessId" $allCustomQuestions = Get-MgBookingBusinessCustomQuestion -BookingBusinessId $bookingBusinessId if (-not $allCustomQuestions) { Write-Error "No custom questions found for the booking business ID: $bookingBusinessId" return } # Loop through each staff member from Excel automatically Write-Host "Creating individual booking services for each staff member..." foreach ($row in $staffEmails) { $email = $row.emailAddress.Trim().ToLower() # Automatically match staff from Booking Business $matchingStaff = $allStaff | Where-Object { $_.AdditionalProperties["emailAddress"] -and ($_.AdditionalProperties["emailAddress"].Trim().ToLower() -eq $email) } if ($matchingStaff) { $staffId = $matchingStaff.Id $displayName = $matchingStaff.AdditionalProperties["displayName"] Write-Host "Automatically creating service for: ${displayName} ($email)" -ForegroundColor Cyan try { # Prepare custom questions $customQuestions = $allCustomQuestions | ForEach-Object -Begin { $isLast = $false } -Process { $isLast = ($_.Id -eq $allCustomQuestions[-1].Id) $questionAssignment = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphBookingQuestionAssignment $questionAssignment.QuestionId = $_.Id $questionAssignment.IsRequired = if ($isLast) { $false } else { $true } $questionAssignment } # Prepare the reminder $defaultReminder = New-Object Microsoft.Graph.PowerShell.Models.MicrosoftGraphBookingReminder $defaultReminder.Message = "Don't forget! Family Teacher Conferences are tomorrow, and we are excited to visit with you! If you wish to change the meeting type (virtual, in-person, hybrid, or phone), please let the teacher know as soon as possible!" $defaultReminder.Offset = [TimeSpan]::FromDays(1) $defaultReminder.Recipients = @("customer") # Prepare service parameters $serviceParams = @{ BookingBusinessId = $bookingBusinessId DisplayName = "${displayName} Family Conference" Description = "Family Teacher Conference with ${displayName}" StaffMemberIds = @($staffId) # Assign specific staff member DefaultDuration = $defaultDuration DefaultPrice = 0.00 DefaultPriceType = "free" CustomQuestions = $customQuestions PostBuffer = $postBuffer IsLocationOnline = $true IsCustomerAllowedToManageBooking = $true DefaultReminder = $defaultReminder AdditionalInformation = @" Please arrive on time for your conferences as we will be sticking to a tight schedule. If you wish to change the meeting type (virtual, in-person, hybrid, or phone), please let the teacher know as soon as possible. If you require a translator, please submit a request at this form: https://forms.office.com/r/XWwBFWP7XD "@ # Appears in the customer confirmation email AdditionalProperties = @{ customerEmail = @{ isRequired = $true } # Only email field remains } } # Log service parameters Write-Host "Service Parameters for ${displayName}:" -ForegroundColor Blue $serviceParams.GetEnumerator() | ForEach-Object { Write-Host "$($_.Key): $($_.Value)" } # Create the booking service New-MgBookingBusinessService @serviceParams Write-Host "Booking service successfully created for ${displayName}!" -ForegroundColor Green } catch { Write-Error "Failed to create booking service for ${displayName}: $_" } } else { Write-Warning "No match found for email: $email" } }
Set Force a user to change password on next logon via Powershell
I have created a script to try and change the user setting 'force password change at next login'. I wish to do this without having to change their password. I have tried both user authentication (using a global admin account) and application authentication (via Client Secret). When I run the script in either authentication context I get access denied when it comes to updating the user. The script was to read in a csv file and do this but I have simplified a script to the following to show the basic concept of the commands I am trying to run and the authentication process. $secureSecret = ConvertTo-SecureString "xxxxxxxxxxxxxxxxx" -AsPlainText -Force $credential = New-Object PSCredential("xxxxxxxxxxxxxxxxxxxxx", $secureSecret) Connect-MgGraph -TenantId "xxxxxxxxxxxxxxxs" -ClientSecretCredential $credential Get-MgUser -UserId "email address removed for privacy reasons" -Property "userPrincipalName,userType,onPremisesSyncEnabled" Update-MgUser -UserId "email address removed for privacy reasons" -PasswordProfile @{ForceChangePasswordNextSignIn = $true} In the application I have created I have assigned the permissions I believe would be required to support this action (I added Directory.ReadWrite.All, just in case) The read user works fine but I get the error below when trying to update Update-MgUser_UpdateExpanded: Insufficient privileges to complete the operation. Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2025-10-15T13:36:46 I have tried this is two different 365 tenants but both fail with the same error. The tenant is a cloud only with no synchronisation from on-premise. I have tried many iterations but have reached the dead end point. Is it possible to force a password reset via a PowerShell script and if so what am I doing wrong with my permissions? TIA
