Virtual Geek

This PowerShell script demonstrates automated management and synchronization of devices with Microsoft Intune via Microsoft Graph API. Using client credentials to authenticate against Azure AD, it retrieves an OAuth 2.0 token and lists all managed devices in the environment for reporting purpose. 

The script then triggers a sync for the first two devices by calling the /syncDevice endpoint, ensuring their compliance and configurations are up to date. Such automation is essential for IT admins to efficiently manage large device fleets in hybrid or cloud-first organizations

$loginUri = "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token"
$loginMethod = 'POST'
$loginBody = @{
    grant_type="client_credentials"
    client_id='xxxxxxxxxxxxxxxxxxxxxxx'
    client_secret='xxxxxxxxxxxxxxxxxxxxxxx'
    scope="https://graph.microsoft.com/.default"
}

$tokenResponse = Invoke-RestMethod -Uri $loginUri -Method $loginMethod -Body $loginBody -ContentType 'application/x-www-form-urlencoded'
$bearerTokenHeader = @{
    Authorization = "{0} {1}" -f $tokenResponse.token_type, $tokenResponse.access_token
}

$manageddevicesUri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices"
$allDevices = Invoke-RestMethod -Uri $manageddevicesUri -Headers $bearerTokenHeader -Method GET
#$allDevices.value | Select-Object id, deviceName, operatingSystem, complianceState | Format-Table

foreach ($device in $allDevices.value[0..1])
{
    $deviceUri = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$($device.id)/syncDevice"
    $deviceSyncInfo = Invoke-RestMethod -Uri $deviceUri -Headers $bearerTokenHeader -Method POST
    $deviceSyncInfo
}

Download mdm_syncdevices.ps1 script here or it is also available on github.com.

Alternatively if you need PowerShell Microsoft.Graph modules commands use as below. Streamlining Intune MDM Device Management with Microsoft Graph and PowerShell

# Install the Microsoft Graph module if needed 
Install-Module Microsoft.Graph -Scope CurrentUser  

# Connect to Microsoft Graph with device management permissions 
Connect-MgGraph -Scopes "DeviceManagementManagedDevices.ReadWrite.All"  

# Retrieve all managed devices list
Get-MgDeviceManagementManagedDevice

# Sync a device (replace DEVICE_ID) 
Invoke-MgBetaDeviceManagementManagedDeviceSyncDevice -ManagedDeviceId <DEVICE_ID>

################################################################

Import-Module Microsoft.Graph.DeviceManagement 
Sync-MgDeviceManagementManagedDevice -ManagedDeviceId $managedDeviceId

The key cmdlets from the Microsoft Graph PowerShell SDK that would replace the Invoke-RestMethod calls for this functionality are:

• Connect-MgGraph

• Get-MgDeviceManagementManagedDevice

• Invoke-MgSyncDevice (or a similarly named action cmdlet for device sync if it exists in the stable version, otherwise, Invoke-MgGraphRequest could be used for beta endpoints).

Useful Articles
PowerShell & Microsoft Graph API: Automate Full Intune Devices Sync more than 1000 Pagination
PowerShell Create and Export Self-Signed RSA Certificates (PFX, CER, PEM)
How to switch to other Azure AD tenant using PowerShell and Azure CLI
Creating a new user in Azure AD using oneliner PowerShell and Azure CLI
Connect-AzureAD: One or more errors occurred. Could not load type 'System.Security.Cryptography.SHA256Cng'
Create a Azure Virtual Network with Subnet using PowerShell
Azure add create a Subnet to existing Virtual Network using PowerShell
Remove Azure Virtual Network Subnet using PowerShell
Create key vault and secrets with access policies in Microsoft Azure
Working With Azure Key Vault Using Azure PowerShell and AzureCLI
Use Key Vault secret identifier url to get the secret value using Powershell
Use a Azure VM system assigned managed identity to access Azure Key Vault
Create Azure Key Vault Certificates on Azure Portal and Powershell
Export certificates from Azure Key Vault using PowerShell