The Bulk device feature in Microsoft Intune is a convenient way to perform a single action across multiple devices enrolled in Intune. One issue however with using the admin portal is that there is no option for ‘add devices’ or at least to use an existing device filter, you would need to select each machine manually.
In this tutorial, I am going to show you how to perform a bulk device sync (including other actions) across all enrolled devices in your tenant.
Prerequisites
To complete the necessary actions in this tutorial, you must have the Intune Administrator role assigned or you can also use a Global Administrator account.
You must also ensure you have the Microsoft Graph PowerShell SDK installed, you can follow my tutorial to complete these steps: How To Install the Microsoft Graph PowerShell Module
Initiate bulk device sync from the Intune portal
The bulk device actions feature is also available from the Intune admin portal. Follow the below steps to initiate a bulk device sync using the admin portal.
2. Select Devices from the left-hand menu.
2. Select All devices.
3. Select Bulk device actions.
4. Select the OS type and device action from the dropdown lists and click Next. I have selected Windows and Sync.
5. Click Select devices to include and add all the devices you want to action.
6. Lastly, click Next, then Create.
Once you click Create, you will see a notification appear at the top right to indicate the sync request was successful.
Sync bulk devices in Intune with PowerShell
Let’s look at how we can programmatically automate sending a sync request to all of our Windows devices using PowerShell.
Below I have demonstrated 2 methods of achieving the same result.
Method 1: Using Sync-MgDeviceManagementManagedDevice
Below I have used the Sync-MgDeviceManagementMangedDevice cmdlet and a loop, to cycle through each device and send a sync request.
Import-Module Microsoft.Graph.DeviceManagement.Actions
Select-MgProfile -Name beta
Connect-Mggraph -scopes DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementManagedDevices.PrivilegedOperations.All
$alldevices = get-MgDeviceManagementManagedDevice | Where-Object {$_.OperatingSystem -eq "Windows"}
Foreach ($device in $alldevices) {
Sync-MgDeviceManagementManagedDevice -ManagedDeviceId $device.id
write-host "Sending device sync request to" $device.DeviceName -ForegroundColor yellow
}
Method 2: Using Invoke-MgGraphRequest
Here I have used the Invoke-MgGraphRequest to make a POST request to Microsoft Graph with the necessary information to sync our devices. I first loop through each device and collect the IDs, then I format this information into a payload and send the request.
Import-Module Microsoft.Graph.DeviceManagement.Enrolment
Select-MgProfile -Name beta
Connect-Mggraph -scopes DeviceManagementManagedDevices.ReadWrite.All
$alldevices = get-MgDeviceManagementManagedDevice | Where-Object {$_.OperatingSystem -eq "Windows"}
$SyncDevices = @()
Foreach ($device in $alldevices) {
$string = $null
$string = @"
"$($device.id)"
"@
$SyncDevices = $SyncDevices + $string
}
$deviceString = $SyncDevices -join ","
$uri = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/executeAction"
$json = @{
action = "syncDevice"
platform = "windows"
deviceIds = @("string")
realAction = "syncDevice"
actionName = "syncDevice"
} | ConvertTo-Json
$json = $json.Replace('"string"', $deviceString)
Invoke-MgGraphRequest -Uri $uri -Body $json -method POST -ContentType "Application/Json"
For each script, if you want to modify which devices you want to target, you can modify the Where-Object filter to include the filter of your choice.
Other actions
Sending a sync request is not the only action that can be performed using PowerShell, other bulk device actions include:
- Delete – Deletes the device.
- Retire – Removes the device when it next checks in and leaves personal data on the device.
- Collect diagnostics – Initiates a diagnostic log collection request.
- Wipe – Wipes the whole device.
- Autopilot reset – Initiates an Autopilot device reset.
- Restart – Restarts the device.
- Rename – Renamed the device.
You can modify the script in method 2 to send the above actions to your devices, by replacing the action, realAction and actionName fields.
Hello Daniel,
for the device action “wipe” :
# JSON payload for the Wipe action
$json = @{
action = “wipe”
keepEnrollmentData = $false
keepUserData = $false
platform = “windows”
deviceIds = @(“string”)
realAction = “wipe”
actionName = “wipe”
} | ConvertTo-Json
and for the device action Fresh Start:
$json = @{
action = “FreshStart”
keepEnrollmentData = $false
keepUserData = $false
platform = “windows”
deviceIds = @(“string”)
realAction = “FreshStart”
actionName = “FreshStart”
} | ConvertTo-Json
Greets Bernhard