Recently, I had a requirement where I would need to set the Device Category of the devices in Intune. Well, for a single device it’s pretty easy right. We all know how we can do that. For those of you who are not aware how to change device category go to this MS article and learn https://docs.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping.
Now, we all have to agree that Device categories are there to make your job easier so that you can create Azure Security groups based on them and then do your deployments. But what happens to those Windows devices which you have enrolled using Hybrid Azure AD join. Like Mac and iOS, they don’t get any option or there isn’t any option where you could categorise them or rather assign some category automatically at the time of enrolment as you have done it using MDM GPO obviously.
So, the question is how can I update the device category of multiple devices at once. Well, there isn’t a straight forward procedure to do it as of now. You just can’t go to Intune portal and start updating each device separately, too much of manual effort. But we have some help from Graph API and Intune PowerShell Module. Small lines of code can achieve things so fast amazing right.🤗
Let’s see how we can achieve that. Well, here I will show how you can update it for one device; putting loops around those lines and executing the code for multiple devices is your job to do it. I can just show you how to build the code and achieve it.🤓
Below is the screenshot of the device where you can see that Device Category is Unassigned.
Let us see what we need to do in PowerShell to change this manually.
If you have not installed the Microsoft.Graph.Intune module. Execute below line first and install the module.
Install-Module -Name Microsoft.Graph.IntuneNote: If you face any error, try to open PowerShell in an elevated Admin prompt and set execution policy to Unrestricted.
Once the installation of the module is done do an import of the module now using the below command:
Import-Module Microsoft.Graph.IntuneAfter the importing the module successfully, we would need to connect to MS Graph to execute our code. The only pre-req here is that you should have at least Intune Administrator role to access and make changes to the device category. Command is below to connect to MSGraph:
Connect-MSGraphOnce you hit enter it will ask for your credentials like shown below
Enter your credentials to connect and then it would show your tenant id confirming the connection
Now, once you are connected you have to check your available device categories. This is required so that you get the id of your device categories, since at this moment you would not have any other way to get the id of device categories. Execute the below command to get the device category information.
Get-DeviceManagement_DeviceCategories
Check in the Intune portal whether you have correct information
For me all good up until now.
Next, you would require Intune Device ID of the device. You can get it from the Intune portal or since we are executing everything using PowerShell let’s get the device details in a file in .csv format and find the Device ID. You can use the same command to get the list of all device id’s:
Get-IntuneManagedDevice | Get-MSGraphAllPages | Select ID, DeviceName |Export-Csv -Path "c:\Temp\Listdevice.csv"The .csv file looks like this
Now, we have everything that we need to execute the code to change the device category.
I am going to change the device category of the device DESKTOP-U9IRJ4D so I am using it’s device id and device category will be Windows so I am using the device category id of the windows here.
#Declare Variables
$DeviceID = "dde9c683-ba2c-491c-92d2-453c8d549da0"
$DeviceCategory = '3deae90a-1692-446a-97e0-46ee2ce673ab'
# Create the request body which will associate the objects
$requestBody = @{ "@odata.id" = "https://graph.microsoft.com/beta/deviceManagement/deviceCategories/$DeviceCategory" }
# Make a call to Graph that will create the association
Invoke-MSGraphRequest -HttpMethod PUT -Url "deviceManagement/managedDevices/$DeviceID/deviceCategory/`$ref" -Content $requestBody
That’s it all done and your device category is changed from Unassigned to Windows.
You can use the same code now and just make changes to bulk amount of data at once.
Keep the device category id constant and get a dynamic entry for device id’s using foreach block and execute the same code for other devices. That should help you achieve your task.
Great, that’s it guys I hope that this should help you guys sort out the issue for Hybrid joined devices and Autopilot devices too. See you until next time. Cheers…😉
I have GA rights to our Azure Tenant, and I can change the device group for devices individually, as per your instructions above.
However l can;t get the foreach loop sample you provided above to work - "Failed to update" for every id I provide in the exported device txt file?
I was not able to make this work.I dont get any errors it just says failed to update to device ID.I am using the txt file with the DeviceID field.Could someone post an example for the DeviceList.txt its picking the device id from?
Hi Thanks for nice blog and script. I'm getting failed to update
. and getting 404- Not found for a device
When using a foreach loop, it continually fails to update the device category. Yet, individually, it works great. Like the user above, my PowerShell coding is very basic at minimal. yet I'm tasked wit a project that this would be extremely grateful.
When reading the .txt file, does it just need a list of device id's? what is a better way of providing the content to be modified, .txt file or a .csv file? Either way, it still fails on this end.
Can you please post an example of the code for multiple device id's. I am a code noob. Thank you in advance. Kind Regards Davy