How To Sync Bulk Devices In Intune With PowerShell

The Bulk device feature in Microsoft Intune is a convenient way to perform a single action across multiple devices enrolled in Intune. One issue however with using the admin portal is that there is no option for ‘add devices’ or at least to use an existing device filter, you would need to select each machine manually.

In this tutorial, I am going to show you how to perform a bulk device sync (including other actions) across all enrolled devices in your tenant.

Prerequisites

To complete the necessary actions in this tutorial, you must have the Intune Administrator role assigned or you can also use a Global Administrator account.

You must also ensure you have the Microsoft Graph PowerShell SDK installed, you can follow my tutorial to complete these steps: How To Install the Microsoft Graph PowerShell Module

Initiate bulk device sync from the Intune portal​

The bulk device actions feature is also available from the Intune admin portal. Follow the below steps to initiate a bulk device sync using the admin portal.

1. Log in to https://endpoint.microsoft.com/ with your Intune Administrator or Global Administrator account.

2. Select Devices from the left-hand menu.

Select Devices
Select Devices

2. Select All devices.

Select All devices

3. Select Bulk device actions.

Select Bulk device actions

4. Select the OS type and device action from the dropdown lists and click Next. I have selected Windows and Sync.

Select the OS and Device action

5. Click Select devices to include and add all the devices you want to action.

Select devices to include
Select devices to include

6. Lastly, click Next, then Create.

Once you click Create, you will see a notification appear at the top right to indicate the sync request was successful.

Sync notification
Sync notification

Sync bulk devices in Intune with PowerShell

Let’s look at how we can programmatically automate sending a sync request to all of our Windows devices using PowerShell. 

Below I have demonstrated 2 methods of achieving the same result.

Method 1: Using Sync-MgDeviceManagementManagedDevice

Below I have used the Sync-MgDeviceManagementMangedDevice cmdlet and a loop, to cycle through each device and send a sync request.

Import-Module Microsoft.Graph.DeviceManagement.Actions

Select-MgProfile -Name beta

Connect-Mggraph -scopes DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementManagedDevices.PrivilegedOperations.All

$alldevices = get-MgDeviceManagementManagedDevice | Where-Object {$_.OperatingSystem -eq "Windows"}

Foreach ($device in $alldevices) {
    Sync-MgDeviceManagementManagedDevice -ManagedDeviceId $device.id
    write-host "Sending device sync request to" $device.DeviceName -ForegroundColor yellow
}

Method 2: Using Invoke-MgGraphRequest

Here I have used the Invoke-MgGraphRequest to make a POST request to Microsoft Graph with the necessary information to sync our devices. I first loop through each device and collect the IDs, then I format this information into a payload and send the request.

Import-Module Microsoft.Graph.DeviceManagement.Enrolment

Select-MgProfile -Name beta

Connect-Mggraph -scopes DeviceManagementManagedDevices.ReadWrite.All

$alldevices = get-MgDeviceManagementManagedDevice | Where-Object {$_.OperatingSystem -eq "Windows"}
$SyncDevices = @()

Foreach ($device in $alldevices) {
$string = $null
$string = @"
"$($device.id)"
"@
$SyncDevices = $SyncDevices + $string
}

$deviceString = $SyncDevices -join ","

$uri = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/executeAction"

$json = @{
action = "syncDevice"
platform = "windows"
deviceIds = @("string")
realAction = "syncDevice"
actionName = "syncDevice"
} | ConvertTo-Json

$json = $json.Replace('"string"', $deviceString)

Invoke-MgGraphRequest -Uri $uri -Body $json -method POST -ContentType "Application/Json"

For each script, if you want to modify which devices you want to target, you can modify the Where-Object filter to include the filter of your choice.

Other actions

Sending a sync request is not the only action that can be performed using PowerShell, other bulk device actions include:

  • Delete – Deletes the device.
  • Retire – Removes the device when it next checks in and leaves personal data on the device.
  • Collect diagnostics – Initiates a diagnostic log collection request.
  • Wipe – Wipes the whole device.
  • Autopilot reset – Initiates an Autopilot device reset.
  • Restart – Restarts the device.
  • Rename – Renamed the device.

You can modify the script in method 2 to send the above actions to your devices, by replacing the action, realAction and actionName fields.

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

This Post Has One Comment

  1. Bernhard

    Hello Daniel,
    for the device action “wipe” :
    # JSON payload for the Wipe action
    $json = @{
    action = “wipe”
    keepEnrollmentData = $false
    keepUserData = $false
    platform = “windows”
    deviceIds = @(“string”)
    realAction = “wipe”
    actionName = “wipe”
    } | ConvertTo-Json

    and for the device action Fresh Start:
    $json = @{
    action = “FreshStart”
    keepEnrollmentData = $false
    keepUserData = $false
    platform = “windows”
    deviceIds = @(“string”)
    realAction = “FreshStart”
    actionName = “FreshStart”
    } | ConvertTo-Json

    Greets Bernhard

Leave a Reply