Have you ever run into an issue where you needed to bulk-import Intune devices to an Azure Active Directory Group?
Unfortunately, there isn’t an easy way to obtain them via the Endpoint Manager Admin Center. But, the portal does give you the Azure AD Device ID and Intune Device ID.
We can utilize the Azure AD Device ID to query the Azure AD tenant and pull the Object ID.
Getting the Azure AD Device ID
For this demonstration, I am going to export the Windows Devices from the Windows Devices blade in Intune. To capture the Azure AD Device ID in the export, make sure to modify and check it in the Columns:
Once you’ve applied the Azure AD Device ID column, go ahead and export your devices.
Note: You can also export all inventory data instead of enabling the Azure AD Device ID column.
Open up the CSV file from the export and copy the Azure Device IDs into a TXT file. There should be 1 ID per line. Save the TXT file.
Next, download Get-ObjectIDByDeviceID.ps1 from Github. This script requires Microsoft Graph modules to be installed.
To install the Microsoft Graph modules, or update them, run the following command: Install-Module -Name Microsoft.Graph -Force
Execute the script
- Run the PowerShell Script
- For the AzureDeviceIDFile parameter, specify the txt file you saved earlier.
Example: C:\Users\bardw\OneDrive\Desktop\Script Test\AzureID.txt
- For the ExportFile parameter, specify a path to save the CSV file.
Example: C:\Users\bardw\OneDrive\Desktop\Script Test\Object_IDs.csv
- Execute the script. You will be prompted to login and consent for the Microsoft Graph Scope “Directory.AccessAsUser.All”
Note: The account you use to authenticate with will need to have access to see devices in the tenant.
For more information about Microsoft Graph scopes, you can read about them here.
If successful, you should now have a CSV file ob the Object Id, Device Name, and Device Id.