Home Cloud M365 Microsoft Intune – Powershell SDK

Microsoft Intune – Powershell SDK

By
Simon Lee
-
1360
0
Reading Time: 4 minutes

In this blog post, we will cover the steps for installing the MS Intune Powershell SDK.

For this post I will use be using an Administrative Windows Terminal session and PowerShell Desktop (5.0.0)

Install-Module -Name Microsoft.Graph.Intune

Once the Intune PowerShell Module is installed, The first time you connect we need to provide Admin Consent.
NOTE: This is only required the first time, after installing.

Connect-MSGraph -AdminConsent

You will be prompted to enter your AzureAD Global Administrator Credentials.

Once the credentials have bee passed your will be prompted for a Permissions Request Review.

Once accepted you will be logged into your Intune Tenancy.

Connecting for the second time you can use the below script.

# 1. Create the PSCredential object
$adminUPN = Read-Host -Prompt "Enter UPN"
$adminPwd = Read-Host -AsSecureString -Prompt "Enter password for $adminUPN"
$creds = New-Object System.Management.Automation.PSCredential ($adminUPN, $adminPwd)

# 2. Log in with these credentials
Connect-MSGraph -PSCredential $Creds

Powershell Time!

So how many cmdlets are there in the Microsoft.Graph.Intune Module you ask?
For a complete list of the commands check out the HypervLAB Github Repository.

Get Intune Device Details

Get-IntuneManagedDevice

id                                        : - - - - - - - - - - - 
userId                                    : - - - - - - - - - - - 
deviceName                                : HYPERVLAB-PC01
managedDeviceOwnerType                    : company
enrolledDateTime                          : 02/12/2020 23:00:05
lastSyncDateTime                          : 03/12/2020 20:14:23
operatingSystem                           : Windows
complianceState                           : compliant
jailBroken                                : Unknown
managementAgent                           : mdm
osVersion                                 : 10.0.18363.1198
easActivated                              : True
easDeviceId                               : - - - - - - - - - - - 
easActivationDateTime                     : 01/01/0001 00:00:00
azureADRegistered                         : True
deviceEnrollmentType                      : windowsCoManagement
activationLockBypassCode                  :
emailAddress                              : simon.lee@hypervlab.co.uk
azureADDeviceId                           : - - - - - - - - - - - 
deviceRegistrationState                   : registered
deviceCategoryDisplayName                 : Unknown
isSupervised                              : False
exchangeLastSuccessfulSyncDateTime        : 01/01/0001 00:00:00
exchangeAccessState                       : none
exchangeAccessStateReason                 : none
remoteAssistanceSessionUrl                :
remoteAssistanceSessionErrorDetails       :
isEncrypted                               : False
userPrincipalName                         : simon.lee@hypervlab.co.uk
model                                     : Virtual Machine
manufacturer                              : Microsoft Corporation
imei                                      :
complianceGracePeriodExpirationDateTime   : 31/12/9999 23:59:59
serialNumber                              : 2993-1979-9929-4537-3860-9175-34
phoneNumber                               :
androidSecurityPatchLevel                 :
userDisplayName                           : Simon Lee
configurationManagerClientEnabledFeatures :
wiFiMacAddress                            :
deviceHealthAttestationState              :
subscriberCarrier                         :
meid                                      :
totalStorageSpaceInBytes                  : 68717379584
freeStorageSpaceInBytes                   : 35909533696
managedDeviceName                         : simon.lee_Windows_12/2/2020_11:00 PM
partnerReportedThreatState                : unknown
deviceActionResults                       : {}

Updating Intune Devices

Using PowerShell and Automation can save a lot of time, especially when there doesn’t look to be a method to bulk sync devices from the Intune EndPoint Manager (at the time of posting at least). So we shall turn to the beloved PowerShell to once again save us with a simple ForEach script. 

Update-IntuneManagedDevice -managedDeviceId

For example if you wanted to update one device, yes you could use the End Point Manager Portal. But if you wanted to push a policy change to 100+ devices you would want to script it!
using the Get-IntuneManagedDevice Command we can retrieve the managedDeviceID GUID for each device.

Get-IntuneManagedDevice | Select deviceName,managedDeviceId

MS Intune Multi Device Update Script

# MS Intune Multi Device Update Script
# Author  : Simon Lee
# Twitter : @smoon_lee
# Blog    : https://hypervlab.co.uk

# Import Intune Powershell SDK
Import-Module -Name 'Install-Module -Name Microsoft.Graph.Intune'

# Connec to MS Intune
# 1. Create the PSCredential object
$adminUPN = Read-Host -Prompt "Enter UPN"
$adminPwd = Read-Host -AsSecureString -Prompt "Enter password for $adminUPN"
$creds = New-Object System.Management.Automation.PSCredential ($adminUPN, $adminPwd)

# 2. Log in with these credentials
Connect-MSGraph -PSCredential $Creds

# Define Devices
$DeviceID = Get-IntuneManagedDevice | Select-Object deviceName, managedDeviceId

ForEach ($Device in $DeviceID) {
    Write-Output "Updating Deivce: $($Device.deviceName)"
    Update-IntuneManagedDevice -managedDeviceId $Device.managedDeviceId

}

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here