-
Notifications
You must be signed in to change notification settings - Fork 57
Expand file tree
/
Copy pathRemove-PrimaryUserFromIntuneDevices.ps1
More file actions
153 lines (128 loc) · 3.63 KB
/
Remove-PrimaryUserFromIntuneDevices.ps1
File metadata and controls
153 lines (128 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<#
.SYNOPSIS
Remove the primary user from all Intune managed devices.
.DESCRIPTION
Retrieves all managed devices (optionally filtered by device name) and removes
the primary user assignment, effectively converting them to shared devices.
.NOTES
Author : Jannik Reinhard
Version: 1.1
#>
#Requires -Modules Microsoft.Graph.Authentication
function Connect-MgGraphIfNeeded {
$context = Get-MgContext
if (-not $context) {
Connect-MgGraph -Scopes "DeviceManagementManagedDevices.ReadWrite.All" -NoWelcome
}
}
####################################################
function Get-Win10IntuneManagedDevices {
<#
.SYNOPSIS
This gets information on Intune managed devices
.DESCRIPTION
This gets information on Intune managed devices
.EXAMPLE
Get-Win10IntuneManagedDevices
.NOTES
NAME: Get-Win10IntuneManagedDevices
#>
[cmdletbinding()]
param
(
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$deviceName
)
$devices = @()
$uri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices"
try {
if ($deviceName) {
$uri = "$uri?" + '$filter' + "=deviceName eq '$deviceName'"
$response = Invoke-MgGraphRequest -Uri $uri -Method GET
$devices += $response.value
} else {
while ($uri) {
$response = Invoke-MgGraphRequest -Uri $uri -Method GET
$devices += $response.value
$uri = $response.'@odata.nextLink'
}
}
}
catch {
Write-Error "Failed to retrieve managed devices: $_"
throw
}
return $devices
}
####################################################
function Get-IntuneDevicePrimaryUser {
<#
.SYNOPSIS
This lists the Intune device primary user
.DESCRIPTION
This lists the Intune device primary user
.EXAMPLE
Get-IntuneDevicePrimaryUser
.NOTES
NAME: Get-IntuneDevicePrimaryUser
#>
[cmdletbinding()]
param
(
[Parameter(Mandatory=$true)]
[string] $deviceId
)
$graphApiVersion = "beta"
$Resource = "deviceManagement/managedDevices"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" + "/" + $deviceId + "/users"
try {
$primaryUser = Invoke-MgGraphRequest -Uri $uri -Method GET
return $primaryUser.value."id"
}
catch {
Write-Error "Failed to get primary user for device $deviceId : $_"
throw "Get-IntuneDevicePrimaryUser error"
}
}
####################################################
function Remove-IntuneDevicePrimaryUser {
<#
.SYNOPSIS
This deletes the Intune device primary user
.DESCRIPTION
This deletes the Intune device primary user
.EXAMPLE
Remove-IntuneDevicePrimaryUser
.NOTES
NAME: Remove-IntuneDevicePrimaryUser
#>
[cmdletbinding()]
param
(
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
$IntuneDeviceId
)
$graphApiVersion = "beta"
$Resource = "deviceManagement/managedDevices('$IntuneDeviceId')/users/`$ref"
try {
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
Invoke-MgGraphRequest -Uri $uri -Method DELETE
}
catch {
Write-Error "Failed to remove primary user for device $IntuneDeviceId : $_"
throw "Remove-IntuneDevicePrimaryUser error"
}
}
# Auth
Connect-MgGraphIfNeeded
$allDevices = Get-Win10IntuneManagedDevices
$filter = "*" # If nothing specified then all devices. Use wildcard e.g. *
if (-not ($filter -eq '*')) {
$allDevices = $allDevices | Where-Object {$_.deviceName -like $filter}
}
foreach ($allDevice in $allDevices) {
Write-Host "Change $($allDevice.devicename) to a shared device"
Remove-IntuneDevicePrimaryUser -IntuneDeviceId $allDevice.id -ErrorAction Continue
}