Im currently in the process of updating some of my older blogposts and this one is next inline
to get an 2023 overhaul. In 2019 I wrote “Intune – Invoke sync to all device sin Intune with the Intune Powershell SDK” that’s linked below. There 2 reasons why I need to revamp these articles and that’s because the Intune Powershell SDK has been depricated and not updated since 2019 by Microsoft and that we now
have a more uniformed Microsoft.Graph Powershell SDK.
There have been multiple times when I or customers of mine have had the need to perform a sync to many if not all devices in an environment. One time a customer had pushed out a misconfigured policy that broke the users mail on their phone. The solution was to push out a new correct profile and perform a sync to speed up the process or at least being sure that we had done everything we could do speed up the process.
We’ve all been there, performing a sync from the UI is simple and easy to do if its just one or a handful of devices. But what can we do if we need to do this on a lot of devices ?
The short answer is Powershell and the Microsoft.Graph Powershell SDK. With just a few lines of powershell code we can perform a sync to all devices!
Note.
I’m using Visual Studio Code ( https://code.visualstudio.com/ )with the Powershell extension installed for all my testing.
Before we jump in to the actual script it self I want to highlight some of my findings during this time when I tried to “translate” the old script to the new SDK. I also want to mention that this script is meant to be an inspiration and example on how to do this and not “this is the only way to do this”. The goal was to have a script that easy to understand and that fulfills a purpose. That being said there are many ways of expanding on this script to make it more efficient, to handle more policies, to add logging functionality or create reports based on the information.
Script
The script below is also available on github:
https://github.com/timmyit/Intune/blob/master/Sync-IntuneManagedDevices
Install-Module -Name Microsoft.Graph.DeviceManagement.Actions -Force -AllowClobber
Install-Module -Name Microsoft.Graph.DeviceManagement -Force -AllowClobber
# Importing the SDK Module
Import-Module -Name Microsoft.Graph.DeviceManagement.Actions
Connect-MgGraph -scope DeviceManagementManagedDevices.PrivilegedOperations.All, DeviceManagementManagedDevices.ReadWrite.All,DeviceManagementManagedDevices.Read.All
#### Gets All devices
$Devices = Get-MgDeviceManagementManagedDevice -All
Foreach ($Device in $Devices)
{
Sync-MgDeviceManagementManagedDevice -ManagedDeviceId $Device.Id
Write-Host "Sending Sync request to Device with Device name $($Device.DeviceName)" -ForegroundColor Yellow
}
Disconnect-Graph
Running the script
First step is to Install the modules required and importing the modules.
When you authenticate you will get prompted to add permissions to the Microsoft Graph Command Line Tool if you haven’t done that in the past.
From there we will get all the devices and go through each of them one by one and perform a sync. Depending on how many devices you have in your environment this could take a while. Approx. 1second per device.
Filters
If you want to filter and only sync for example only Windows devices, Android or iOS you can do that with adding the -Filter parameter. Here’s a few examples
#### Gets all Windows devices
$Devices = Get-MgDeviceManagementManagedDevice -Filter "contains(operatingsystem,'Windows')" -All
#### Gets all Android devices
$Devices = Get-MgDeviceManagementManagedDevice -Filter "contains(operatingsystem,'Android')" -All
#### Gets all iOS devices
$Devices = Get-MgDeviceManagementManagedDevice -Filter "contains(operatingsystem,'ios')" -All
Sync a single device based on name
If you want to perform a sync to a single devices based on just the name of the device we can do that with the -filter options. We are using Graph to do the filtering in the request to just get the machine that matches our name. From there we peform a sync.
If you have multiple objects with the same name, then you would need a foreach loop to send a sync command to all of them.
Device = Get-MgDeviceManagementManagedDevice -Filter "contains(deviceName,'VIA9999')"
Sync-MgDeviceManagementManagedDevice -ManagedDeviceId $device.Id
That’s it for this time, Don’t forget to follow me on X (twitter) @timmyitdotcom or connect with me on LinkedIn