Last active
July 13, 2023 21:06
-
-
Save SMSAgentSoftware/70f76191cd9c420e7fb39f17aa602c03 to your computer and use it in GitHub Desktop.
Invokes an Intune remediation script on demand against one or more devices (Microsoft.Graph.PowerShell version)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-MgDeviceRemediationOnDemand { | |
| [CmdletBinding()] | |
| Param | |
| ( | |
| [Parameter(Mandatory=$true)] | |
| [ValidateNotNull()] | |
| [ValidateNotNullOrEmpty()] | |
| [string[]] | |
| $Computername | |
| ) | |
| # Requires the Microsoft Graph PowerShell SDK (Microsoft.Graph.*) | |
| # MS Graph required permissions (delegated) | |
| # DeviceManagementManagedDevices.Read.All | |
| # DeviceManagementConfiguration.Read.All | |
| # DeviceManagementManagedDevices.PrivilegedOperations.All | |
| Begin | |
| { | |
| # Get NuGet | |
| $provider = Get-PackageProvider NuGet -ErrorAction Ignore | |
| if (-not $provider) | |
| { | |
| Write-Host "Installing provider NuGet..." -NoNewline | |
| try | |
| { | |
| Find-PackageProvider -Name NuGet -ForceBootstrap -IncludeDependencies -Force -ErrorAction Stop -WarningAction SilentlyContinue | |
| Write-Host "Success" -ForegroundColor Green | |
| } | |
| catch | |
| { | |
| Write-Host "Failed" -ForegroundColor Red | |
| throw $_.Exception.Message | |
| } | |
| } | |
| $module = Import-Module Microsoft.Graph.DeviceManagement -PassThru -ErrorAction Ignore | |
| if (-not $module) | |
| { | |
| Write-Host "Installing module Microsoft.Graph.DeviceManagement..." -NoNewline | |
| try | |
| { | |
| Install-Module Microsoft.Graph.DeviceManagement -Scope CurrentUser -Force -ErrorAction Stop -WarningAction SilentlyContinue | |
| Write-Host "Success" -ForegroundColor Green | |
| } | |
| catch | |
| { | |
| Write-Host "Failed" -ForegroundColor Red | |
| throw $_.Exception.Message | |
| } | |
| } | |
| $module = Import-Module Microsoft.Graph.Beta.DeviceManagement -PassThru -ErrorAction Ignore | |
| if (-not $module) | |
| { | |
| Write-Host "Installing module Microsoft.Graph.Beta.DeviceManagement..." -NoNewline | |
| try | |
| { | |
| Install-Module Microsoft.Graph.Beta.DeviceManagement -Scope CurrentUser -Force -ErrorAction Stop -WarningAction SilentlyContinue | |
| Write-Host "Success" -ForegroundColor Green | |
| } | |
| catch | |
| { | |
| Write-Host "Failed" -ForegroundColor Red | |
| throw $_.Exception.Message | |
| } | |
| } | |
| try | |
| { | |
| $null = Connect-MgGraph -Scopes "DeviceManagementManagedDevices.Read.All","DeviceManagementConfiguration.Read.All","DeviceManagementManagedDevices.PrivilegedOperations.All" -ErrorAction Stop | |
| } | |
| catch | |
| { | |
| throw $_.Exception.Message | |
| } | |
| Function Invoke-IntuneOnDemandRemediation { | |
| param($DeviceId,$RemediationId,$DeviceType) | |
| if ($DeviceType -eq "CoManaged") | |
| { | |
| $URL = "https://graph.microsoft.com/beta/deviceManagement/comanagedDevices('$DeviceID')/initiateOnDemandProactiveRemediation" | |
| } | |
| else | |
| { | |
| $URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices('$DeviceID')/initiateOnDemandProactiveRemediation" | |
| } | |
| $body = @{ | |
| "scriptPolicyId"="$RemediationID" | |
| } | ConvertTo-Json | |
| try | |
| { | |
| $Response = Invoke-MgGraphRequest -Uri $URL -Method POST -Body $Body -ErrorAction Stop | |
| } | |
| catch | |
| { | |
| $Response = $_.Exception.Message | |
| } | |
| return $Response | |
| } | |
| # Get list of remediations | |
| try | |
| { | |
| $result = Get-MgBetaDeviceManagementDeviceHealthScript -Property displayName,version,description,publisher,id -All -ErrorAction Stop | |
| } | |
| catch | |
| { | |
| throw $_.Exception.Message | |
| } | |
| # Check we have an actual list | |
| $Scripts = $Result | Select -Property DisplayName,Version,Description,Publisher,Id | |
| if ($Scripts.Count -lt 1) | |
| { | |
| Write-Warning "No remediation scripts found" | |
| break | |
| } | |
| # Prompt user to select a script | |
| $script:SelectedScript = $Scripts | Sort -Property displayName | Out-GridView -Title "Select a remediation" -OutputMode Single | |
| if ($null -eq $SelectedScript) | |
| { | |
| Write-Error "No remediation script selected" | |
| break | |
| } | |
| } | |
| Process | |
| { | |
| foreach ($Computer in $Computername) | |
| { | |
| # Find managed device in Graph | |
| try | |
| { | |
| $Device = Get-MgDeviceManagementManagedDevice -Filter "deviceName eq '$Computer'" -ErrorAction Stop | |
| } | |
| catch | |
| { | |
| Write-Error $_.Exception.Message | |
| continue | |
| } | |
| # Make sure only 1 result returned | |
| if ($null -eq $Device) | |
| { | |
| Write-Error "Device not found" | |
| continue | |
| } | |
| if ($Device.Count -gt 1) | |
| { | |
| Write-Error "Multiple devices found with the name '$Computer'. Device names must be unique." | |
| continue | |
| } | |
| # Invoke the remediation | |
| if ($Device.ManagementAgent -match "configurationManager") | |
| { | |
| $result = Invoke-IntuneOnDemandRemediation -DeviceID $Device.id -RemediationID $SelectedScript.id -DeviceType "CoManaged" | |
| } | |
| else | |
| { | |
| $result = Invoke-IntuneOnDemandRemediation -DeviceID $Device.id -RemediationID $SelectedScript.id | |
| } | |
| If ($null -ne $result) | |
| { | |
| # Try the other managament agent option | |
| if ($Device.ManagementAgent -match "configurationManager") | |
| { | |
| $result = Invoke-IntuneOnDemandRemediation -DeviceID $Device.id -RemediationID $SelectedScript.id | |
| } | |
| else | |
| { | |
| $result = Invoke-IntuneOnDemandRemediation -DeviceID $Device.id -RemediationID $SelectedScript.id -DeviceType "CoManaged" | |
| } | |
| If ($null -ne $result) | |
| { | |
| Write-Error $result | |
| continue | |
| } | |
| } | |
| } | |
| } | |
| End | |
| { | |
| $null = Disconnect-Graph | |
| } | |
| } | |
| # Example usage | |
| Invoke-MgDeviceRemediationOnDemand -Computername "PC001","PC002" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment