2

Looking for a bit of help with the Intune Powershell/graph interface.

I'm trying to manipulate Intune Device Categories via Powershell, so that I can firstly correct devices that were placed into the wrong category during enrollment, and secondly, I'm in the middle of moving from Hybrid SCCM/Intune to Azure Intune and where we're not using Device Categories for devices already enrolled into SCCM Hybrid Intune, I want to use powershell to loop through a CSV file full of device serial numbers / IMEI numbers and place corporate devices into the right device category.

Investigating the powershell/graph interface for Intune, I can do something like

Get-IntuneManagedDevice -Filter "IMEI eq '01 012345 678910 1'" (Or -Filter "serialNumber eq 'DEADBEEF'" or whatever) and get my all my device's details output. This includes a field for "deviceCategoryDisplayName", which is the value I want to change.

I can even do Get-IntuneManagedDevice -Filter "serialNumber eq 'DEADBEEF'"| select manageddeviceid to get the managedDeviceID value as an output.

As far as I can tell, this should work with Update-IntuneManagedDevice (see below)

get-help Update-IntuneManagedDevice -detailed

NAME
Update-IntuneManagedDevice

SYNOPSIS
Updates a "microsoft.graph.managedDevice".

SYNTAX
Update-IntuneManagedDevice -managedDeviceId <string>

So I should be able to update a device by using its managed Device ID?

What I can't do is:

Get-IntuneManagedDevice -Filter "serialNumber eq 'deadbeef'"| select manageddeviceid | Update-IntuneManagedDevice -deviceCategoryDisplayName 'BYOD'

When I try, I get the error below. Clearly I'm doing something wrong but can anyone point me in the right direction? I don't think that what I'm trying to do is fundamentally unreasonable... is it?

(just to be clear, doing Get-IntuneManagedDevice -managedDeviceID deadbeef-aaaa-bbbb-cccc-0123456789ab returns my target device details ok, and running Update-IntuneManagedDevice -managedDeviceID deadbeef-aaaa-bbbb-cccc-0123456789ab -deviceCategoryDisplayName 'BYOD' gives me the same error)

Update-IntuneManagedDevice : 400 Bad Request
{
"error": {
"code": "InternalError",
"message": "{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 6f743002-b0e0-48ed-a25d-0cdd33870efd - Url:
https://fef.msub02.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDe... \"CustomApiErrorPhrase\":
\"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}",
"innerError": {
"request-id": "6f743002-b0e0-48ed-a25d-0cdd33870efd",
"date": "2019-03-06T14:08:02"
}
}
}
At line:1 char:92
+ ... ddeviceid | Update-IntuneManagedDevice -deviceCategoryDisplayName 'BY ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Update-IntuneManagedDevice], HttpRequestException
+ FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Update_IntuneManagedDevice
Rob Moir
  • 31,664
  • 6
  • 58
  • 86

1 Answers1

0

Having done some work on this, there is a need to work with the MS Graph functions for Intune PowerShell at the moment. You will also need to work with the GUID ID numbers for the device at the category.

Get Intune Device Catgories with Get-IntuneDeviceCategory and Intune Device ID with Get-IntuneManagedDevice (note here you want the "ID" field, not the "AzureADDeviceID".

Here is a working prototype

 #this is an example for 1 device:
 $intuneDeviceId = 'deadbeef-aaaa-bbbb-cccc-0123456789ab' #update the IntuneDeviceID, you will need to implement a loop for mutiple devices
 $deviceCategoryReqBody = '{"@odata.id":"https://graph.microsoft.com/beta/deviceManagement/deviceCategories/98765432-aaaa-bbbb-cccc-0123456789ab"}' #update the deviceCateg id
 $patchDeviceReqBody = '{}'

 #Running a GET method on the device ID to check its validity
 Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$intuneDeviceId/deviceCategory" -Headers $authToken -Method Get

 #calling the PUT method to update device category for that specific device
 Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$intuneDeviceId/deviceCategory/`$ref" -Headers $authToken -Method Put -Body $deviceCategoryReqBody

 #calling the PATCH method to update device details about device category
 Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$intuneDeviceId" -Headers $authToken -Method Patch -Body $patchDeviceReqBody

  #Running a GET method on the device ID to check its validity
 Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceCategories/" -Headers $authToken -Method Get

#endregion
Rob Moir
  • 31,664
  • 6
  • 58
  • 86