Intune Automation using GraphQL

🧩 Syntax:
    ✨ Popular Languages
    • πŸ“š Other Languages
To use Microsoft Intune programmatically in scripts or automations, you'll primarily work with the Microsoft Graph API, which is the official interface for managing Intune (and other Microsoft 365 services) via code.


Here's what you need:




βœ… 1. Azure AD App Registration


You need to register an app in Azure Active Directory to authenticate and get tokens to call the Microsoft Graph API.


    

  • Go to Azure Portal β†’ Azure Active Directory β†’ App registrations β†’ New registration
    • 

  • Choose a name, supported account type, and optionally redirect URI (not needed for client credentials flow)
    • 

  • After registration, note the Application (client) ID and Directory (tenant) ID
    • 





βœ… 2. Client Secret or Certificate


    

  • In the app's Certificates & secrets, create a client secret (or upload a certificate for higher security).
    • 

  • Save the secret value (you won’t see it again).
    • 





βœ… 3. API Permissions


You must assign the required permissions for Intune operations.


    

  • Go to your app β†’ API permissions β†’ Add a permission
    

    • 

  • Choose Microsoft Graph β†’ Application permissions
    

    • 

  • Search and add permissions like:
    

      

    • DeviceManagementConfiguration.ReadWrite.All
      • 

    • DeviceManagementManagedDevices.ReadWrite.All
      • 

    • Device.ReadWrite.All
      • 

    • etc., depending on what you're automating
      • 

    

    • 

  • Click Grant admin consent for the permissions
    

    • 





βœ… 4. Use Microsoft Graph API (via script or SDK)


You can now authenticate using the client credentials and call the Graph API.


Example (Python with msal):


import requests
from msal import ConfidentialClientApplication

client_id = 'your-client-id'
client_secret = 'your-client-secret'
tenant_id = 'your-tenant-id'

authority = f"https://login.microsoftonline.com/{tenant_id}"
scope = ["https://graph.microsoft.com/.default"]

app = ConfidentialClientApplication(client_id, authority=authority, client_credential=client_secret)
token_result = app.acquire_token_for_client(scopes=scope)

if "access_token" in token_result:
    headers = {
        'Authorization': f"Bearer {token_result['access_token']}",
        'Content-Type': 'application/json'
    }
    response = requests.get("https://graph.microsoft.com/v1.0/deviceManagement/managedDevices", headers=headers)
    print(response.json())
else:
    print("Authentication failed.")





βœ… 5. Script/Automation Environment


This can be used in:


    

  • Python, PowerShell, or any language that supports HTTP calls.
    • 

  • Run in scheduled tasks, CI/CD pipelines (e.g., GitHub Actions, Azure DevOps), or as Azure Functions.
    •
πŸ“¦ Size:
2.72 KB
πŸ—“οΈ Created:
a year ago
πŸ”„ Updated:
9 months ago
πŸ‘οΈ Views:
204
MinuteBio

MinuteBio Games

Instant Browser Games

No downloads. No installs. Just play.

🏈 Retro Bowl 🏹 Ragdoll Archers ⛷️ Slope 🧬 BitLife
Play 1000+ Games β†’
ChatbotsPlace Logo

ChatbotsPlace AI

All-in-one AI Platform
Try AI Models Free β†’