schedule custom notifications with Azure automation and the Intune powershell SDK

Azure Automation, Graph API, Intune Powershell SDK One comment

In a previouse blog post of mine I showed how one could use the Intune Powershell SDK to send custom notification which is a new feature in Intune but without accessing the Intune portal. See link below

Send custom notifications with intune powershell sdk

In todays article we will take it one step further and schedule a custom message to be sent with incorporating Azure Automation and Runbooks. This will allow us to send a message to the company portal app on a schedule.

One of the big new features in the latest Intune powershell SDK release was the ability to use the module in Azure automation which previously wasn’t possible.

Prerequisite

This post will not cover how to setup Azure automation and subscriptions, I will assume you already have that in place and if not I recommend you find the best platform for you to learn how to do that. Could be www.pluralsight.com or any free content out there. A good place to start would be to check out Microsofts own documentation and tutorials here https://docs.microsoft.com/en-us/azure/automation/

You also need to import the Intune Powershell SDK in to Azure automation here’s a short guide I made on how to do that

Import the Intune powershell sdk module in Azure automation

The script

Here’s the script we will be using in our runbook. Here’s the

TargetGroupID = The object ID for the target group you want to send notifications to

MessageTitle = The title of the message being sent

MessageBody = The content of the message 


$UPN = Get-AutomationVariable -Name 'SDKAdminUPN'
$APW = Get-AutomationVariable -Name 'SDKAdminPW'
$CAPW = ConvertTo-SecureString -String $APW  -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ($UPN, $CAPW)

$Resource = "deviceManagement/sendCustomNotificationToCompanyPortal"
$graphApiVersion = "Beta"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)"

##Object ID for the group of users you want to target
$TargetGroupID = "083473d0-bb4a-47e0-9efb-e991e0719705"

## Title of the notification that will be sent
$MessageTitle = "Have a great weekend!"

##The message you want to send
$MessageBody = "We hope you'll have a great weekend and to ensure that everyone gets a great start to their weekend don't forget to submit your weekly timesheet."

Connect-MSGraph -PSCredential $creds | out-null

$JSONName = @"
{
"notificationTitle":"$($MessageTitle)","notificationBody":"$($MessageBody)","groupsToNotify":["$($TargetgroupID)"]
}
"@

Invoke-MSGraphRequest -HttpMethod POST -Url $uri -Content $JSONName | out-null

Lets get started

We will start with creating 2 varibles which we will use for authentication in the script. We need one varible contianing our username and one with our password. We will be passing credentials when authenticating with the Intune Powershell SDK to Microsoft Graph.

Make sure the the account being used have sufficient permissions to use the Enterprise App and that the App also have the sufficent permissions to perform these actions.

If you use the default Enterprise App its the one named Microsoft Intune Powershell and has Applications ID d1ddf0e4-d672-4dae-b554-9d5bdfd93547.

Azure -> Enterprise App -> Microsoft Intune Powershell -> Permissions

Azure Automation account

Head over to your Azure automation account you want to use and then go to Variables -> Add a varible

Name the varible SDKAdminUPN and under value enter the full upn of the account which has admin access to Microsoft Graph and click “Create“.

Add another variable and name it SDKAdminPW, choose String under Type and enter the password in the value field and then select “Encrypted” to “Yes” and then “Create

Next step is to create our runbook. Headover to Runbook -> Create a Runbook

Give it a name and in this case I’m naming it “WeeklyTimesheetReminder” and choose “Powershell” as your Runbook Type.

Select your runbook and on the Overview pane click on “Edit

Copy and paste the powershell code provided in this post (Don’t forget to change the TargetGroupID varible to a group you have in your tenant) and once thats done click on “Test Pane”

Under the test pane click on “Start” and this will execute the powershell script.

If everything went as planned you will see “Completed” in the test pane.

Check your devices to make sure you get the message, this is however all based on that either the device or user is a member of the group we specified in the script of course.

This is how it looks on Android

This is how it looks inside of the company portal app

If you are happy with the result and you dont need to do any changes to script click on “Publish

If you have a older version of the runbook you might see this message

Now we have published our runbook and the next thing to do is to schedule when its supposed to run. In the Runbook overview pane click on “Link to schedule“.

Click on “Link a schedule to your runbook

Create a new schedule if you dont already have one

Give it a name, a start date and time. The date just refeers to when its should run the first time.
Choose a time zone and select “Recurrence” -> “Recurring”.

Select Recure every 1 Week and specify which day of the week it should run, in this case we want it to run every Friday.

To sum it up, this schedule runs every Friday at 2PM starting at 2019-08-03.

That’s all for now and until next time, cheers !

Don’t forget to follow me on twitterAnd you can also find me blogging over at http://blog.ctglobalservices.com/



One comment

  1. Pingback: Enterprise Mobility Tips episode #005 | Enterprise Mobility and Enterprise Client Management Blog

Leave a Reply