I’d like to bulk-edit a number of my Intune Win32 assignments. I’ve got ~30 applications to go through, but I’ve noted their AppIDs so it would be worth the time investment to find a working Powershell script to run this without having to manually edit each one.
The below script runs through Elevated Powershell without error, so I’d thought it was successful. Unfortunately nothing changes and assignments remain the same. I’ve cut down the number in this script and edited tenant-based ID’s but practically-speaking this runs through fine. I’ve allowed an 8-hour passage of time for this to synchronise.
Any help would be appreciated.
Install the Microsoft Graph PowerShell SDK if not already installed
Install-Module Microsoft.Graph -Scope CurrentUser -Force
Import the Device Management module
Import-Module Microsoft.Graph.DeviceManagement
Connect to Microsoft Graph
Connect-MgGraph -Scopes “DeviceManagementApps.ReadWrite.All”
Retrieve all mobile apps
$allApps = Get-MgDeviceAppManagementMobileApp
Filter for Win32 apps
$win32Apps = $allApps | Where-Object { $_.‘@odata.type’ -eq ‘#microsoft.graph.win32LobApp’ }
List of specific app IDs to target
$specificAppIds = @(
"ba5988e8-4hhe-4e99-9181-ff85ce589113",
"d49dk602-5e02-4af3-b09c-d98d8edac8fb"
)
Filter the Win32 apps to only include the specific apps
$targetApps = $win32Apps | Where-Object { $specificAppIds -contains $_.Id }
Define group IDs
$requiredGroupId = “57ce1fb3-5f94-4287-8f0b-e2ed595ac900”
$uninstallGroupId = “aq7a3571-7f71-4deb-8f81-289dfe38a2e6”
Loop through each target app and update the assignment
foreach ($app in $targetApps) {
# Get the current assignments
$assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id
# Define the new assignments
$requiredGroupAssignment = @{
"@odata.type" = "#microsoft.graph.mobileAppAssignment"
target = @{
"@odata.type" = "#microsoft.graph.groupAssignmentTarget"
groupId = $requiredGroupId
}
intent = "required"
}
$uninstallGroupAssignment = @{
"@odata.type" = "#microsoft.graph.mobileAppAssignment"
target = @{
"@odata.type" = "#microsoft.graph.groupAssignmentTarget"
groupId = $uninstallGroupId
}
intent = "uninstall"
}
Add the new assignments to the existing assignments
$updatedAssignments = $assignments + $requiredGroupAssignment + $uninstallGroupAssignment
Update the app assignments
Update-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id -BodyParameter $updatedAssignments
}