microsoft intune
18 TopicsAssigning a Manager with PowerShell Graph – Manager Not Found
Hi everyone, We are currently refactoring our PowerShell scripts to align with Microsoft's recommended standards. In our script that creates new users in Azure Active Directory (AAD) via Microsoft Graph, we’re having trouble assigning a manager to a new user. Whether we try using the manager’s object ID or email address, the manager is not found, and the assignment fails. Has anyone encountered this issue before? Is there something we might be doing wrong in how we’re referencing or assigning the manager? Thanks in advance for your help.138Views0likes3CommentsPowershell - Change Intune Application Assignments
Hello, I'd like to bulk-edit a number of my Intune Win32 assignments. I've got ~30 applications to go through, but I've noted their AppIDs so it would be worth the time investment to find a working Powershell script to run this without having to manually edit each one. Below runs through Elevated Powershell without error, so I'd thought it was successful. Unfortunately nothing changes and assignments remain the same. I've cut down the number in this script and edited tenant-based ID's but practically-speaking this runs through fine. Can anyone advise? I'm new to powershell and basically relying on AI to help make them, or the occasional forum post I can find. # Install the Microsoft Graph PowerShell SDK if not already installed Install-Module Microsoft.Graph -Scope CurrentUser -Force # Import the Device Management module Import-Module Microsoft.Graph.DeviceManagement # Connect to Microsoft Graph Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" # Retrieve all mobile apps $allApps = Get-MgDeviceAppManagementMobileApp # Filter for Win32 apps $win32Apps = $allApps | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.win32LobApp' } # List of specific app IDs to target $specificAppIds = @( "ba5988e8-4hhe-4e99-9181-ff85ce589113", "d49dk602-5e02-4af3-b09c-d98d8edac8fb" ) # Filter the Win32 apps to only include the specific apps $targetApps = $win32Apps | Where-Object { $specificAppIds -contains $_.Id } # Define group IDs $requiredGroupId = "57ce1fb3-5f94-4287-8f0b-e2ed595ac900" # Replace with your actual required group ID $uninstallGroupId = "aq7a3571-7f71-4deb-8f81-289dfe38a2e6" # Replace with your actual uninstall group ID # Loop through each target app and update the assignment foreach ($app in $targetApps) { # Get the current assignments $assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id # Define the new assignments $requiredGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $requiredGroupId } intent = "required" } $uninstallGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $uninstallGroupId } intent = "uninstall" } # Add the new assignments to the existing assignments $updatedAssignments = $assignments + $requiredGroupAssignment + $uninstallGroupAssignment # Update the app assignments Update-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id -BodyParameter $updatedAssignments690Views0likes1CommentGet-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyID. How to get the ID?
Hello! I am trying to copy an Intune App Protection Policy so I can edit it and apply it to a different group of users. I've cobbled together the below script from other examples but it doesn't work because I am not able to find the -ManagedAppPolicyID that it wants. I've not been able to find it anywhere in Intune. I've not been able to find a PowerShell cmdlet that will list it either. Does anyone know how I can make this work? Or another way to do it? Install-Module Microsoft.Graph -Scope CurrentUser Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" $policyId = "<Insert App Policy ID>" $appProtectionPolicy = Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyId $policyId $newPolicy = $appProtectionPolicy | Select-Object * -ExcludeProperty Id, CreatedDateTime, Version, LastModifiedDateTime $newPolicy.DisplayName = "Copy of $($newPolicy.DisplayName)" New-MgDeviceAppManagementMobileAppConfiguration -Data $newPolicy Get-MgDeviceAppManagementManagedAppPolicy -Filter "displayName eq '$($newPolicy.DisplayName)'"100Views0likes2CommentsPowerShell script to change font of office apps
Hi, We are using Microsoft 365 for Enterprise for delivery office apps to users via Microsoft Intune. Currently the default font for all office apps is Calibri and now users want that it should change to Arial, 11 font. Is there a way in Powershell to make that change. I have been suggested ways to do it with .net objects or Interop. Can someone please share a sample PowerShell script or a full script to make that change. Thanks, Ashish Arya36KViews0likes18CommentsObject reference not set to an instance of an object - when splatting to a custom function
I've written a module for a specific O365 function - onboarding users to mobile in InTune. The module works, but I needed to add the ability for users to specify alternative credentials to run the module. To achieve this, I'm using the splat method, which enables me to add credentials in the hash table Unfortunately, I'm getting error "Object reference not set to an instance of an object" with this method and cannot understand why. The parameters appear to be passed through OK as I can print them to host, but the command doesn't like it. Hopefully it's something obvious. FYI, if I rem out @Params and use the $User variable, it will work. $Params = @{ User = $User } if ($Null -ne $Credential) {$Params.add('Credential', $Credential)} Try { get-EXOEnabled @Params #Custom function } Catch {...}Solved6.4KViews0likes5CommentsQuestion: Script to see if device is Azure AD joined
We often receive notebooks that are still joined to a Azure AD tenant. Is there a (simple) Powershell script that shows if a device is still joined to a tenant? Knowing which exact tenant the device is registered to is a nice-to-have but not required. FYI, we already tried the cmd command 'dsregcmd' but unfortunately the output was not reliable. We found multiple occasions where dsregcmd claimed the device was not Azure AD joined while it definitely was.5KViews0likes3CommentsQuestion: Script to remove a specific device from MEM (Intune) and Azure AD
I am looking for a script to fully remove an (Autopilot) device from a Microsoft tenant. The goal is to remove a specific device that I have physical access to from both Microsoft Endpoint Manager (Intune) and Azure AD. I want to accomplish this by running a (PowerShell) script on the device itself. The script should return output to indicate success or failure. Please keep the following parameters in mind: Before running the script, I have access to the physical device and I know the serial number of the device. I do not know the deviceID or tenant of the specific device, but I do have an Intune Admin account in the tenant where the device sits. The device is an Autopilot device. I do not want to log into the Microsoft tenant directly but only run scripts from the device itself. Thank you very much, looking forward to any tips this community has to offer!Solved35KViews0likes15CommentsIntune Powershell Script to delete Folders
Hi, I'm no expert in Powershell, and I'm willing to delete folders on computers that are managed by Intune. I already tried some scripts in Powershell to run in Intune, but I have no success in deleting the folders. How should I do it? Folder is located: c:\Users\STUDENTNAME\Appdata\Local\FOLDERtoDELETE and c:\Users\STUDENTNAME\Appdata\Roaming\FOLDERtoDELETE I've tried this script in Platform scripts: $foldersToCheck = @( "${env:LOCALAppData}\FOLDERtoDELETE_1", "${env:AppData}\FOLDERtoDELETE_2", "${env:ProgramFiles}\FOLDERtoDELETE_3", "${env:ProgramFiles(x86)}\FOLDERtoDELETE_4" ) foreach ($folderPath in $foldersToCheck) { if (Test-Path $folderPath -PathType Container) { try { Remove-Item -Path $folderPath -Recurse -Force -ErrorAction Stop Write-Host "Folder '$folderPath' has been deleted." } catch { Write-Host "Error deleting folder '$folderPath': $_" } } else { Write-Host "Folder '$folderPath' does not exist." } } Thank you very much in advance!3.8KViews0likes5CommentsWindows 11 assigned access - setting kiosk mode over powershell and WMI
Hey guys, so currently as this article states, kiosk multi app mode in Intune for windows 11 is on the roadmap, but there is no ETA, when it comes live. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/multi-app-kiosk-mode-now-available-in-windows-11/ba-p/3845558 I then tried as this article shows (https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-11-to-specific-apps to run the stated powershell script with my own configured XML file, as you can see here: $nameSpaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className Add-Type -AssemblyName System.Web $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode (@" <?xml version="1.0" encoding="utf-8" ?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="dca70007-6874-49b3-930f-26ead1d85918"> <AllAppsList> <AllowedApps> <App AppUserModelId="Citrix.Workspace" rs5:AutoLaunch="true"> <App AppUserModelId="MSEdge" /> <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> <App AppUserModelId="Microsoft.Windows.Explorer" /> </AllowedApps> </AllAppsList> <win11:StartPins> <![CDATA[ {"pinnedList": [ {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Citrix Workspace.lnk"}, {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"}, {"packagedAppId":"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel"}, {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"}, {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"} ]} ]]> <win11:StartPins/> <Taskbar ShowTaskbar="true"/><Taskbar/> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount/> <DefaultProfile Id="{c374b80f-6aea-4c02-b1db-7bb1dfc4fe84}"/> </Config> </Configs> </AssignedAccessConfiguration> "@) Set-CimInstance -CimInstance $obj but im getting following errors: Get-CimInstance: C:\Users\michael.woerner\GitHub-Repo\Github_Work\Intune\Scripts\Kiosk-XML-WMI.ps1:3:8 Line | 3 | $obj = Get-CimInstance -Namespace $namespaceName -ClassName $classNam … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Zugriff verweigert. InvalidOperation: C:\Users\michael.woerner\GitHub-Repo\Github_Work\Intune\Scripts\Kiosk-XML-WMI.ps1:5:1 Line | 5 | $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | The property 'Configuration' cannot be found on this object. Verify that the property exists and can be set. Set-CimInstance: C:\Users\michael.woerner\GitHub-Repo\Github_Work\Intune\Scripts\Kiosk-XML-WMI.ps1:44:30 Line | 44 | Set-CimInstance -CimInstance $obj | ~~~~ | Cannot bind argument to parameter 'InputObject' because it is null. Can you guys help me with that?16KViews0likes37CommentsWith Graph API we are only getting 1000 devices
HI Team, We are using the below PowerShell script to change the Primary user of a device by checking the last logged in userid. Below is the github repo link which holds this PowerShell script and also the link of an article about the explanation of this script - https://raw.githubusercontent.com/svdbusse/IntuneScripts/master/PrimaryUser/Set-PrimaryUserfromLastLogIn.ps1 https://svdbusse.github.io/SemiAnnualChat/2020/03/21/Changing-Intune-Primary-User-To-Last-Logged-On-User.html The problem now is that we are only able to get 1000 devices in the $Devices variable in the above mentioned script and we have around 2000 devices so 1000 more devices are not getting fetched by this script. Also this script always get the device in the same pattern i.e.. if I run the script today and tomorrow then the devices will show the same pattern that is also the reason the rest 1000 devices are not getting fetched. Any solution to this issue will be a great help for me. Regards, Ashish AryaSolved9.5KViews0likes10Comments