Bulk Update Windows Autopilot Group Tag using PowerShell with Graph API

MR INTUNE February 08, 2024

    Recently, I found a few Windows autopilot devices where the group tag was missing or the incorrect region group tag was assigned.e.g., US instead of EUROPE, due to which devices were not getting added to the correct dynamic group as per device region. So, we cannot update a single device group tag as that will take a long time, and let's use some automation to get it done so we can update the missing group tag or override the incorrect group tag assigned to any device.



    The following methods are available to update the group tag for new and existing Windows Autopilot devices:

    1. Manually updating the group tag name in a csv file for a specific or list of devices and then uploading in Microsoft Intune.
    Manual Group Tag Update in CSV file

    Also, you can update in the Intune portal directly on the below path:
    Go to intune.microsoft.com > Devices > Windows > Windows Enrollment > Devices


    2. Bulk update Windows Autopilot group tags using PowerShell with the Graph API.

    Let's use the quickest method using Windows PowerShell with the Graph API to update group tags for multiple autopilot devices directly in Intune. There are a few prerequisites for this process:

    1. Download the list of all existing autopilot hardware hashes uploaded from Intune in.csv format.
    Copy the required serial numbers and create a list of device serial numbers in a.txt file.


    2. Azure Enterprise app "Microsoft Intune PowerShell" permission to update information in Intune
    Go and check the settings in Entra.microsoft.com > Enterprise apps > Microsoft Intune PowerShell > Users and Groups (your user account should be part of it).


    3. A script to perform this automation
    Download the script from this link: http://tinyurl.com/linksforintune.
    GitHub Link for the script: https://github.com/mrintune/Intune/tree/main  
    Run this script in PowerShell with admin rights: 
    Connect-MSGraph
Update-MSGraphEnvironment -SchemaVersion "Beta" -Quiet
Connect-MSGraph -Quiet

#Change the content path with location of txt file in Line6

$Serialnumbers = Get-Content 'C:\Users\Testing\Desktop\Bulk group tag change\Targeted device serial numbers.txt'
$autopilotDevices = Invoke-MSGraphRequest -HttpMethod GET -Url "deviceManagement/windowsAutopilotDeviceIdentities" | Get-MSGraphAllPages

#Change the Group Tag in Line18 

foreach($autopilotDevice in $autopilotDevices)
{
foreach($Serialnumber in $serialnumbers)
{
if($autopilotDevice.serialNumber -eq $Serialnumber)
{
Write-Host "Matched, adding group tag to serial number" + $Serialnumber
$autopilotDevice.groupTag = "US"
$requestBody=
@"
    {
        groupTag: `"$($autopilotDevice.groupTag)`",
    }
"@

Invoke-MSGraphRequest -HttpMethod POST -Content $requestBody -Url "deviceManagement/windowsAutopilotDeviceIdentities/$($autopilotDevice.id)/UpdateDeviceProperties" 
}
else
{
write-host "Skipping Serial Number " + $Serialnumber
}
}
}
    MR INTUNE

    Posted by MR INTUNE

    Mr Intune | All About Microsoft Intune A platform of knowledge and insights about Microsoft Intune, SCCM, and other technologies aims to provide informative and engaging content that helps readers stay up-to-date with the latest trends and innovations.

    Post a Comment

    0 Comments

    Leave a comment