Assigning a Manager with PowerShell Graph – Manager Not Found
Hi everyone, We are currently refactoring our PowerShell scripts to align with Microsoft's recommended standards. In our script that creates new users in Azure Active Directory (AAD) via Microsoft Graph, we’re having trouble assigning a manager to a new user. Whether we try using the manager’s object ID or email address, the manager is not found, and the assignment fails. Has anyone encountered this issue before? Is there something we might be doing wrong in how we’re referencing or assigning the manager? Thanks in advance for your help.
Powershell - Change Intune Application Assignments
Hello, I'd like to bulk-edit a number of my Intune Win32 assignments. I've got ~30 applications to go through, but I've noted their AppIDs so it would be worth the time investment to find a working Powershell script to run this without having to manually edit each one. Below runs through Elevated Powershell without error, so I'd thought it was successful. Unfortunately nothing changes and assignments remain the same. I've cut down the number in this script and edited tenant-based ID's but practically-speaking this runs through fine. Can anyone advise? I'm new to powershell and basically relying on AI to help make them, or the occasional forum post I can find. # Install the Microsoft Graph PowerShell SDK if not already installed Install-Module Microsoft.Graph -Scope CurrentUser -Force # Import the Device Management module Import-Module Microsoft.Graph.DeviceManagement # Connect to Microsoft Graph Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" # Retrieve all mobile apps $allApps = Get-MgDeviceAppManagementMobileApp # Filter for Win32 apps $win32Apps = $allApps | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.win32LobApp' } # List of specific app IDs to target $specificAppIds = @( "ba5988e8-4hhe-4e99-9181-ff85ce589113", "d49dk602-5e02-4af3-b09c-d98d8edac8fb" ) # Filter the Win32 apps to only include the specific apps $targetApps = $win32Apps | Where-Object { $specificAppIds -contains $_.Id } # Define group IDs $requiredGroupId = "57ce1fb3-5f94-4287-8f0b-e2ed595ac900" # Replace with your actual required group ID $uninstallGroupId = "aq7a3571-7f71-4deb-8f81-289dfe38a2e6" # Replace with your actual uninstall group ID # Loop through each target app and update the assignment foreach ($app in $targetApps) { # Get the current assignments $assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id # Define the new assignments $requiredGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $requiredGroupId } intent = "required" } $uninstallGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $uninstallGroupId } intent = "uninstall" } # Add the new assignments to the existing assignments $updatedAssignments = $assignments + $requiredGroupAssignment + $uninstallGroupAssignment # Update the app assignments Update-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id -BodyParameter $updatedAssignments
Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyID. How to get the ID?
Hello! I am trying to copy an Intune App Protection Policy so I can edit it and apply it to a different group of users. I've cobbled together the below script from other examples but it doesn't work because I am not able to find the -ManagedAppPolicyID that it wants. I've not been able to find it anywhere in Intune. I've not been able to find a PowerShell cmdlet that will list it either. Does anyone know how I can make this work? Or another way to do it? Install-Module Microsoft.Graph -Scope CurrentUser Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" $policyId = "<Insert App Policy ID>" $appProtectionPolicy = Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyId $policyId $newPolicy = $appProtectionPolicy | Select-Object * -ExcludeProperty Id, CreatedDateTime, Version, LastModifiedDateTime $newPolicy.DisplayName = "Copy of $($newPolicy.DisplayName)" New-MgDeviceAppManagementMobileAppConfiguration -Data $newPolicy Get-MgDeviceAppManagementManagedAppPolicy -Filter "displayName eq '$($newPolicy.DisplayName)'"
PowerShell script to change font of office apps
Hi, We are using Microsoft 365 for Enterprise for delivery office apps to users via Microsoft Intune. Currently the default font for all office apps is Calibri and now users want that it should change to Arial, 11 font. Is there a way in Powershell to make that change. I have been suggested ways to do it with .net objects or Interop. Can someone please share a sample PowerShell script or a full script to make that change. Thanks, Ashish Arya
Question: Script to see if device is Azure AD joined
We often receive notebooks that are still joined to a Azure AD tenant. Is there a (simple) Powershell script that shows if a device is still joined to a tenant? Knowing which exact tenant the device is registered to is a nice-to-have but not required. FYI, we already tried the cmd command 'dsregcmd' but unfortunately the output was not reliable. We found multiple occasions where dsregcmd claimed the device was not Azure AD joined while it definitely was.Intune Powershell Script to delete Folders
Hi, I'm no expert in Powershell, and I'm willing to delete folders on computers that are managed by Intune. I already tried some scripts in Powershell to run in Intune, but I have no success in deleting the folders. How should I do it? Folder is located: c:\Users\STUDENTNAME\Appdata\Local\FOLDERtoDELETE and c:\Users\STUDENTNAME\Appdata\Roaming\FOLDERtoDELETE I've tried this script in Platform scripts: $foldersToCheck = @( "${env:LOCALAppData}\FOLDERtoDELETE_1", "${env:AppData}\FOLDERtoDELETE_2", "${env:ProgramFiles}\FOLDERtoDELETE_3", "${env:ProgramFiles(x86)}\FOLDERtoDELETE_4" ) foreach ($folderPath in $foldersToCheck) { if (Test-Path $folderPath -PathType Container) { try { Remove-Item -Path $folderPath -Recurse -Force -ErrorAction Stop Write-Host "Folder '$folderPath' has been deleted." } catch { Write-Host "Error deleting folder '$folderPath': $_" } } else { Write-Host "Folder '$folderPath' does not exist." } } Thank you very much in advance!Windows 11 assigned access - setting kiosk mode over powershell and WMI
Hey guys, so currently as this article states, kiosk multi app mode in Intune for windows 11 is on the roadmap, but there is no ETA, when it comes live. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/multi-app-kiosk-mode-now-available-in-windows-11/ba-p/3845558 I then tried as this article shows (https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-11-to-specific-apps to run the stated powershell script with my own configured XML file, as you can see here: $nameSpaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className Add-Type -AssemblyName System.Web $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode (@" <?xml version="1.0" encoding="utf-8" ?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="dca70007-6874-49b3-930f-26ead1d85918"> <AllAppsList> <AllowedApps> <App AppUserModelId="Citrix.Workspace" rs5:AutoLaunch="true"> <App AppUserModelId="MSEdge" /> <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> <App AppUserModelId="Microsoft.Windows.Explorer" /> </AllowedApps> </AllAppsList> <win11:StartPins> <![CDATA[ {"pinnedList": [ {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Citrix Workspace.lnk"}, {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"}, {"packagedAppId":"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel"}, {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"}, {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"} ]} ]]> <win11:StartPins/> <Taskbar ShowTaskbar="true"/><Taskbar/> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount/> <DefaultProfile Id="{c374b80f-6aea-4c02-b1db-7bb1dfc4fe84}"/> </Config> </Configs> </AssignedAccessConfiguration> "@) Set-CimInstance -CimInstance $obj but im getting following errors: Get-CimInstance: C:\Users\michael.woerner\GitHub-Repo\Github_Work\Intune\Scripts\Kiosk-XML-WMI.ps1:3:8 Line | 3 | $obj = Get-CimInstance -Namespace $namespaceName -ClassName $classNam … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Zugriff verweigert. InvalidOperation: C:\Users\michael.woerner\GitHub-Repo\Github_Work\Intune\Scripts\Kiosk-XML-WMI.ps1:5:1 Line | 5 | $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | The property 'Configuration' cannot be found on this object. Verify that the property exists and can be set. Set-CimInstance: C:\Users\michael.woerner\GitHub-Repo\Github_Work\Intune\Scripts\Kiosk-XML-WMI.ps1:44:30 Line | 44 | Set-CimInstance -CimInstance $obj | ~~~~ | Cannot bind argument to parameter 'InputObject' because it is null. Can you guys help me with that?
