Mar 06 2019 06:31 AM - edited Mar 06 2019 06:36 AM
Hi all,
Looking for a bit of help with the Intune Powershell/graph interface.
I'm trying to manipulate Intune Device Categories via Powershell, so that I can firstly correct devices that were placed into the wrong category during enrollment, and secondly, I'm in the middle of moving from Hybrid SCCM/Intune to Azure Intune and where we're not using Device Categories for devices already enrolled into SCCM Hybrid Intune, I want to use powershell to loop through a CSV file full of device serial numbers / IMEI numbers and place corporate devices into the right device category.
So, investigating the powershell/graph interface for Intune, I can do something like
Get-IntuneManagedDevice -Filter "IMEI eq '01 012345 678910 1'" (Or -Filter "serialNumber eq 'DEADBEEF'" or whatever) and get my all my device's details output. This includes a field for "deviceCategoryDisplayName", which is the value I want to change.
I can even do Get-IntuneManagedDevice -Filter "serialNumber eq 'DEADBEEF'"| select manageddeviceid to get the managedDeviceID value as an output.
As far as I can tell, this should work with Update-IntuneManagedDevice? (see below)
get-help Update-IntuneManagedDevice -detailed
NAME
Update-IntuneManagedDevice
SYNOPSIS
Updates a "microsoft.graph.managedDevice".
SYNTAX
Update-IntuneManagedDevice -managedDeviceId <string>
So I should be able to update a device by using its managed Device ID?
What I can't do is:
Get-IntuneManagedDevice -Filter "serialNumber eq 'deadbeef'"| select manageddeviceid | Update-IntuneManagedDevice -deviceCategoryDisplayName 'BYOD'
I get the error below. Clearly I'm doing something wrong but can anyone point me in the right direction? I don't think that what I'm trying to do is fundamentally unreasonable... is it?
(just to be clear, doing Get-IntuneManagedDevice -managedDeviceID deadbeef-aaaa-bbbb-cccc-0123456789ab returns my target device details ok, and running Update-IntuneManagedDevice -managedDeviceID deadbeef-aaaa-bbbb-cccc-0123456789ab -deviceCategoryDisplayName 'BYOD' gives me the same error)
Update-IntuneManagedDevice : 400 Bad Request
{
"error": {
"code": "InternalError",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 6f743002-b0e0-48ed-a25d-0cdd33870efd - Url:
https://fef.msub02.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDe... \"CustomApiErrorPhrase\":
\"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}",
"innerError": {
"request-id": "6f743002-b0e0-48ed-a25d-0cdd33870efd",
"date": "2019-03-06T14:08:02"
}
}
}
At line:1 char:92
+ ... ddeviceid | Update-IntuneManagedDevice -deviceCategoryDisplayName 'BY ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Update-IntuneManagedDevice], HttpRequestException
+ FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Update_IntuneManagedDevice
Feb 11 2020 12:21 PM
@Robert Moir Did you ever work this out?... it's an interesting thread and sad to see no one's replied.
Jul 20 2020 03:44 PM
@Robert Moir have you tried editing the data via MSGraph?
Here's a Reddit article by u/kjubus
Mar 25 2021 03:10 PM
Jul 16 2021 07:59 PM
Jul 17 2021 11:19 PM - edited Jul 17 2021 11:22 PM
$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceURI = "https://graph.microsoft.com/"
$authority = "https://login.microsoftonline.com/common"
$AadModule = Import-Module -Name AzureAD -ErrorAction Stop -PassThru
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Always"
$authResult = $authContext.AcquireTokenAsync($resourceURI, $ClientID, $RedirectUri, $platformParameters)
$accessToken = $authResult.result.AccessToken
$body = @"
{"@odata.id":"https://graph.microsoft.com/beta/deviceManagement/deviceCategories/2b259feb-0bca-48ed-9dbb-1b87c6275..."}
"@
$apiurl = "https://graph.microsoft.com/beta/deviceManagement/managedDevices('bd93f0f3-fe56-43fe-823c-c41a99b473...`$ref"
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $($authResult.result.AccessToken)"} -Uri $apiUrl -Body $body -Method Put -ContentType 'application/json'
beware of the apiurl: ('bd93f0f3-fe56-43fe-823c-c41a99b4737f')/deviceCategory/`$ref"
2b259feb-0bca-48ed-9dbb-1b87c627521b = personal owned devices
377fdc15-6f3c-4165-b5b3-98261a8243da = company owned devices
Jul 19 2021 08:10 AM
I have created a blog post about device category. At the end of this post you can also find a script how to change the category via a powersehll script. Hope this helps you.
Regards
Jannik
Nov 04 2022 05:09 AM
@Jannik_ReinhardHi Jannik, thank you very much for your post. I hope you can still help me with a problem: I have to update the device category for about 500 devices of my company and these must be selected for a string present in the device name. For example, if the name of the device is "computer1-not" the category must be "pc laptop", in this case if the query finds the string "-not" in the name it must associate the category "pc laptop" to the device . How can I modify your script to achieve this? Thanks so much for the invaluable help. Marco
Nov 04 2022 09:10 AM
Nov 04 2022 09:29 AM
@Jannik_Reinhard thank you very much, I really appreciate your help. I'll try your script and let you know if all work fine.
Thanks!
Marco