CODEWITHSUNDEEP
azuremicrosoft-graph-apiintune
Yossi Nisani
Yossi Nisani

Reputation: 1

Azure assign group and device to script using Graph API

I am trying to assign groups and devices to a PowerShell script in Microsoft Intune using the following POST request: URL: https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/%7Bid%7D/Assign

Body: { "deviceManagementScriptGroupAssignments": [ { "@odata.type": "#microsoft.graph.deviceManagementScriptGroupAssignment", "id": "{ScriptId:GroupId}", "targetGroupId": "{GroupId}" } ], "deviceManagementScriptAssignments": [ { "@odata.type": "#microsoft.graph.deviceManagementScriptAssignment", "id": "{ScriptID:DeviceID}", "target": { "@odata.type": "#microsoft.graph.allDevicesAssignmentTarget", "deviceAndAppManagementAssignmentFilterId": null, "deviceAndAppManagementAssignmentFilterType": "none" } } ] }

However, I am getting a 400 error with the following message:

"{ "_version": 3, "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 615c3437-bd99-2193-9d4b-d9a61deb0340 - Url: https://fef.amsua0102.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/deviceManagementScripts('{id}')/microsoft.management.services.api.assign?api-version=5022-11-08", "CustomApiErrorPhrase": "", "RetryAfter": null, "ErrorSourceService": "", "HttpHeaders": "{}"}"

I base on this document of Microsoft https://learn.microsoft.com/en-us/graph/api/intune-shared-devicemanagementscript-assign?view=graph-rest-beta

Upvotes: 0

Views: 463

Answers (1)

kavya Saraboju
kavya Saraboju

Reputation: 10839

I tried to reproduce the same in my environment.

Received the same error:

{
    "error": {
        "code": "UnknownError",
        "message": "{\"ErrorCode\":\"Forbidden\",\"Message\":\"{\\  \\\"_version\\\": 3,\\  \\\"Message\\\": \\\"An error has occurred - Operation ID (for customer support): xxxx –

}

enter image description here

When I followed the url in the error and queried, I got that the api version is not supported.

enter image description here

Make sure the authorization header is given with bearer token which has proper permissions to work with intune and device management

enter image description here

Omit the parameter @odata.type in the post request body.

{
    "@odata.type": "#microsoft.graph.deviceManagementScript",
    …
    "runAs32Bit": true
}

enter image description here

Make sure you have DeviceManagementConfiguration.ReadWrite.All Application and delegated permissions.

enter image description here

Note that Intune requires an active Intune license for the tenant.

Upvotes: 0

Related Questions