{"id":2787,"date":"2018-03-23T16:56:39","date_gmt":"2018-03-23T15:56:39","guid":{"rendered":"https:\/\/www.lieben.nu\/liebensraum\/?p=2787"},"modified":"2018-03-23T16:56:39","modified_gmt":"2018-03-23T15:56:39","slug":"set-intune-mdm-user-scope-to-all-using-powershell-and-hidden-api","status":"publish","type":"post","link":"https:\/\/lieben.nu\/liebensraum\/2018\/03\/set-intune-mdm-user-scope-to-all-using-powershell-and-hidden-api\/","title":{"rendered":"set Intune MDM user scope to ALL using Powershell and hidden API"},"content":{"rendered":"<p>If you want to change the settings on this page (or most Azure Portal pages) programmatically:<\/p>\n<p><a href=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2018\/03\/set-intune-MDM-user-scope-to-all-user-powershell.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2788\" src=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2018\/03\/set-intune-MDM-user-scope-to-all-user-powershell.png\" alt=\"\" width=\"1001\" height=\"633\" srcset=\"https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2018\/03\/set-intune-MDM-user-scope-to-all-user-powershell.png 1001w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2018\/03\/set-intune-MDM-user-scope-to-all-user-powershell-300x190.png 300w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2018\/03\/set-intune-MDM-user-scope-to-all-user-powershell-768x486.png 768w\" sizes=\"auto, (max-width: 1001px) 100vw, 1001px\" \/><\/a><\/p>\n<p>Microsoft&#8217;ll tell you to use your browser, there is no API\/PS for this yet. As I really hate the answer &#8220;no&#8221;, I used Fiddler and baked some Powershell:<\/p>\n<pre><pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\n\nlogin-azurermaccount\n$context = Get-AzureRmContext\n$tenantId = $context.Tenant.Id\n$refreshToken = $context.TokenCache.ReadItems().RefreshToken\n$body = &amp;amp;amp;quot;grant_type=refresh_token&amp;amp;amp;amp;amp;amp;refresh_token=$($refreshToken)&amp;amp;amp;amp;amp;amp;resource=74658136-14ec-4630-ad9b-26e160ff0fc6&amp;amp;amp;quot;\n$apiToken = Invoke-RestMethod &amp;amp;amp;quot;https:\/\/login.windows.net\/$tenantId\/oauth2\/token&amp;amp;amp;quot; -Method POST -Body $body -ContentType 'application\/x-www-form-urlencoded'\n\n$header = @{\n'Authorization' = 'Bearer ' + $apiToken.access_token\n'Content-Type' = 'application\/json'\n    'X-Requested-With'= 'XMLHttpRequest'\n    'x-ms-client-request-id'= &#x5B;guid]::NewGuid()\n    'x-ms-correlation-id' = &#x5B;guid]::NewGuid()\n}\n$url = &amp;amp;amp;quot;https:\/\/main.iam.ad.ext.azure.com\/api\/MdmApplications\/eab0bcaf-9b2e-4e62-b9be-2eea708422f8?mdmAppliesToChanged=true&amp;amp;amp;amp;amp;amp;mamAppliesToChanged=true&amp;amp;amp;quot;\n\n$content = '{&amp;amp;amp;quot;objectId&amp;amp;amp;quot;:&amp;amp;amp;quot;eab0bcaf-9b2e-4e62-b9be-2eea708422f8&amp;amp;amp;quot;,&amp;amp;amp;quot;appId&amp;amp;amp;quot;:&amp;amp;amp;quot;0000000a-0000-0000-c000-000000000000&amp;amp;amp;quot;,&amp;amp;amp;quot;appDisplayName&amp;amp;amp;quot;:&amp;amp;amp;quot;Microsoft Intune&amp;amp;amp;quot;,&amp;amp;amp;quot;appCategory&amp;amp;amp;quot;:null,&amp;amp;amp;quot;logoUrl&amp;amp;amp;quot;:null,&amp;amp;amp;quot;isOnPrem&amp;amp;amp;quot;:false,&amp;amp;amp;quot;appData&amp;amp;amp;quot;:{&amp;amp;amp;quot;mamEnrollmentUrl&amp;amp;amp;quot;:null,&amp;amp;amp;quot;mamComplianceUrl&amp;amp;amp;quot;:null,&amp;amp;amp;quot;mamTermsOfUseUrl&amp;amp;amp;quot;:null,&amp;amp;amp;quot;enrollmentUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;https:\/\/enrollment.manage.microsoft.com\/enrollmentserver\/discovery.svc&amp;amp;amp;quot;,&amp;amp;amp;quot;complianceUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;https:\/\/portal.manage.microsoft.com\/?portalAction=Compliance&amp;amp;amp;quot;,&amp;amp;amp;quot;termsOfUseUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;https:\/\/portal.manage.microsoft.com\/TermsofUse.aspx&amp;amp;amp;quot;},&amp;amp;amp;quot;originalAppData&amp;amp;amp;quot;:{&amp;amp;amp;quot;mamEnrollmentUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;https:\/\/wip.mam.manage.microsoft.com\/Enroll&amp;amp;amp;quot;,&amp;amp;amp;quot;mamComplianceUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;&amp;amp;amp;quot;,&amp;amp;amp;quot;mamTermsOfUseUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;&amp;amp;amp;quot;,&amp;amp;amp;quot;enrollmentUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;https:\/\/enrollment.manage.microsoft.com\/enrollmentserver\/discovery.svc&amp;amp;amp;quot;,&amp;amp;amp;quot;complianceUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;https:\/\/portal.manage.microsoft.com\/?portalAction=Compliance&amp;amp;amp;quot;,&amp;amp;amp;quot;termsOfUseUrl&amp;amp;amp;quot;:&amp;amp;amp;quot;https:\/\/portal.manage.microsoft.com\/TermsofUse.aspx&amp;amp;amp;quot;},&amp;amp;amp;quot;mdmAppliesTo&amp;amp;amp;quot;:2,&amp;amp;amp;quot;mamAppliesTo&amp;amp;amp;quot;:2,&amp;amp;amp;quot;mdmAppliesToGroups&amp;amp;amp;quot;:&#x5B;],&amp;amp;amp;quot;mamAppliesToGroups&amp;amp;amp;quot;:&#x5B;]}'\nInvoke-RestMethod \u2013Uri $url \u2013Headers $header \u2013Method PUT -Body $content -ErrorAction Stop<\/pre><\/pre>\n<p>You can do almost anything using the above snippet and changing the endpoint URL and POST contents. Use Fiddler to capture, then replicate in code \ud83d\ude42<\/p>\n<p><strong>Be warned and use at your own risk, obviously this method is unsupported.<\/strong><\/p>\n\n\n<p class=\"wp-block-paragraph\">Edit 2021: I highly recommend using my new <a href=\"https:\/\/www.lieben.nu\/liebensraum\/2020\/04\/calling-graph-and-other-apis-silently-for-an-mfa-enabled-account\/\" data-type=\"post\" data-id=\"3412\">MFA-proof independent token function to call the main.iam API<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you want to change the settings on this page (or most Azure Portal pages) programmatically: Microsoft&#8217;ll tell you to use your browser, there is no API\/PS for this yet. As I really hate the answer &#8220;no&#8221;, I used Fiddler and baked some Powershell: login-azurermaccount $context = Get-AzureRmContext $tenantId = $context.Tenant.Id $refreshToken = $context.TokenCache.ReadItems().RefreshToken $body &hellip; <a href=\"https:\/\/lieben.nu\/liebensraum\/2018\/03\/set-intune-mdm-user-scope-to-all-using-powershell-and-hidden-api\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">set Intune MDM user scope to ALL using Powershell and hidden API<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5,22,39],"tags":[],"class_list":["post-2787","post","type-post","status-publish","format-standard","hentry","category-azure","category-intune","category-powershell"],"_links":{"self":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/2787","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/comments?post=2787"}],"version-history":[{"count":1,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/2787\/revisions"}],"predecessor-version":[{"id":4642,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/2787\/revisions\/4642"}],"wp:attachment":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/media?parent=2787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/categories?post=2787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/tags?post=2787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}