Intune – Invoke sync to all devices in Intune with the Intune powershell SDK

Apple, Graph API, Guides, iOS, Modern Management 22 comments

IMPORTANT NOTICE.
A new updated article from 2023 on this topic has been published here:
https://timmyit.com/2023/10/23/invoke-sync-to-all-intune-devices-with-microsoft-graph-powershell-sdk/

The new article covers using the new Microsoft.Graph Powershell SDK instead of the old Intune Powershell SDK that has not been updated since 2019. I recommend you take a look at the newer article.

 

Continuing the series where I cover how to use the powershell SDK for Intune and some real world use cases. Today we will cover how to invoke a sync from Intune to one or several devices.

If you haven’t installed the SDK you can either go to https://www.powershellgallery.com/packages/Microsoft.Graph.Intune/ and you can also check out my earlier post on how to get started and use the SDK:

 

Intune Powershell SDK

Intune – Show VPP account Information directly from the client apps view for easier management 

Intune – Rename iOS devices with Intune Powershell SDK 

 

Syncing a device from the Intune Portal

 

The manual way of invoking a sync to a device from Intune is to go to Intune -> Devices -> (Select the device you want to sync) -> Sync 

 

 

 

But what we instead want to do is to invoke a sync with the help of the Intune Powershell SDK. The specific use case here is that you might need to run a sync to multiple devices and instead of needing to go in to the UI and click “Sync” as shown in the picture and for that we can use the Intune Powershell SDK and Graph API to do the work for us.

 

Sync one device

 

Lets get started, I assume you’ve Installed the SDK by now and the first thing we are going to look at is how to run a sync against a single device.

 

First we need to authenticate towards the tenant we are going to use and we do that with the Connect-MSGraph cmdlet.

 

Connect-MSGraph

 

 

Once connected we need to use the Get-IntuneManagedDevice cmdlet and then use the -Filter parameter to get the specific device we want. I’ll do a more in depth post on filtering and how you can search and filter when using the Graph API later so stay tuned for that.

In this example I’m just filtering on the deviceName property, you should replace ‘DESKTOP-G0HGUP’ for the device name you are looking for.

 

 

 


Get-IntuneManagedDevice -Filter "contains(deviceName,'DESKTOP-G0HGHUP')"

 

When we retrieved the device we need to invoke the sync request and for that we will use the Invoke-IntuneManagedDeviceSyncDevice cmdlet. If you want to make a one liner we just need to pipe the result and its super easy.

 

 

Get-IntuneManagedDevice -Filter "contains(deviceName,'DESKTOP-G0HGHUP')" | Invoke-IntuneManagedDeviceSyncDevice

 

Sync multiple devices

 

Now to the more exiting part, how can we leverage the power of the Intune Powershell SDK to sync multiple devices. We need to start just like we did when we tried to sync one device to get all the devices we want to invoke a sync on.

Side note. If you want to sync more than 1000 devices you need to do something called Paging. The Intune Powershell SDK uses Graph API which is a REST API and returns pages containing 1000 objects at the time, if you exceed 1000 you need to get the next page containing the next 1000 objects and so on until you got all the objects. This can be done by using the cmdlet Get-MSGraphAllPages.

 

Again we need to use the Get-IntuneManagedDevice cmdlet to get all the devices we want to invoke a sync on and we are using the -Filter parameter to get perhaps all the windows, iOS or Android devices. Here’s a few examples

 


$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem, 'iOS')"

$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem, 'Windows')"

$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem, 'Android')"

 

As mentioned earlier, if you have more than 1000 objects returned you need to use the Get-MSGraphAllPages like this

 


$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem, 'Windows')" | Get-MSGraphAllPages

 

 

 

Running the $Devices = Get-IntuneManagedDevice -Filter “contains(operatingsystem, ‘Windows’)” in my lab tenant will get me 5 devices

 

 

Next step is to invoke a sync towards all of those devices and I’m also adding a Write-host just to make it more visible that the script is actually doing something.

 


Foreach ($Device in $Devices)
{

Invoke-IntuneManagedDeviceSyncDevice -managedDeviceId $Device.managedDeviceId
Write-Host "Sending Sync request to Device with DeviceID $($Device.managedDeviceId)" -ForegroundColor Yellow

}

 

 

That’s it and below you will find the a complete script template you can use which will make sure the Powershell module is Installed and that you have an authentication token and if not it will run Connect-MSGraph where  you need to authenticate towards the tenant you want to run the script against. Stay tuned for more content in regards to Graph API and the Intune Powershell SDK.

 

$IntuneModule = Get-Module -Name "Microsoft.Graph.Intune" -ListAvailable
if (!$IntuneModule){

write-host "Microsoft.Graph.Intune Powershell module not installed..." -f Red
write-host "Install by running 'Install-Module Microsoft.Graph.Intune' from an elevated PowerShell prompt" -f Yellow
write-host "Script can't continue..." -f Red
write-host
exit
}
####################################################
# Importing the SDK Module
Import-Module -Name Microsoft.Graph.Intune

if(!(Connect-MSGraph)){
Connect-MSGraph
}
####################################################

#### Insert your script here

#### Gets all devices running Windows
$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem,'Windows')"

Foreach ($Device in $Devices)
{

Invoke-IntuneManagedDeviceSyncDevice -managedDeviceId $Device.managedDeviceId
Write-Host "Sending Sync request to Device with DeviceID $($Device.managedDeviceId)" -ForegroundColor Yellow

}

####################################################

 

Leave a comment or question in the comment section below.

 

That’s all for now and until next time, cheers !

Don’t forget to follow me on twitter

[twitter-follow screen_name=’Timmyitdotcom’]

 

And you can also find me blogging over at http://blog.ctglobalservices.com/

22 comments

  1. Pingback: Dowst.Dev | PowerShell Weekly – June 7, 2019
  2. Pingback: Intune Powershell SDK – 2019 – TimmyIT.com

  3. Thank you for sharing, this will help our case out a lot!

    To get this working to sync more than 1000 devices I had to use $devices.id

    I could successfully pull all the data for running over 1000, but running the sync on $devices.manageddeviceid would work on the first 1000, then error out.

    Reply

  4. Great post – that is frustrating you just in the GUI can select multiple devices and sync

    One thing – as I am not at all a big scriptor

    What if I want to sync devices in a specific dynamic group that is typically the thing I work most with – can this also somehow be done ?

    Reply

    1. Hi mate. Im having the same issue you were having where it errors out after 1000 entries. Can you please be a little more specific? I cant see to get it to work.

      Cheers

      Reply

    2. Hi mate. Im having the same issue you were having where it errors out after 1000 entries. Can you please be a little more specific? I cant see to get it to work.

      Cheers

      Reply

  5. Excellent Post – it is really wonderfull way to fetch device information.

    Reply

  8. Great post, can you help with a scenario where we would like to target the sync to a particular group of devices

    Reply

  9. Is there a way to find out if the sync finished? I would like to use this before and after doing some things on a device and checking if the changes I made have taken.
    Changes being a cleanup of diskspace and then checking how much there is.

    Reply

  10. Does anyone have the full PowerShell code to have it work with over 1000 devices?

    Reply

  11. To do more than 100 use: $Devices = Get-IntuneManagedDevice -Filter “contains(operatingsystem, ‘Windows’)” | Get-MSGraphAllPages

    Reply

  15. This script worked for us once we updated line 22 of the script to:

    $Devices = Get-IntuneManagedDevice -Filter “contains(operatingsystem, ‘Windows’)”| Get-MSGraphAllPages

    Reply

  16. Modified it a little work over 1000 and change for write-progress

    $IntuneModule = Get-Module -Name “Microsoft.Graph.Intune” -ListAvailable
    if (!$IntuneModule){

    write-host “Installing SDK Module”
    Install-Module Microsoft.Graph.Intune
    Import-Module -Name Microsoft.Graph.Intune
    }

    if(!(Connect-MSGraph)){
    Connect-MSGraph
    }

    $Devices = Get-IntuneManagedDevice -Filter “contains(operatingsystem,’Windows’)” | Get-MSGraphAllPages

    $device1 = 0

    Foreach ($Device in $Devices)
    {
    $device1++
    Invoke-IntuneManagedDeviceSyncDevice -managedDeviceId $Device.managedDeviceId
    Write-Progress -Activity “Sending Sync” -Status “Processing $($device1) of $($Devices.count)” -CurrentOperation $Device.deviceName -PercentComplete (($Device1 / $Devices.count)*100)

    }

    Reply
  17. Pingback: Is it really impossible to force an Intune sync from the command line? – 247 TECH
  18. Pingback: Invoke sync to all Intune devices with Microsoft Graph Powershell SDK – TimmyIT.com

Leave a Reply to mfopCancel reply