Skip to main content

Start Intune Device Sync via Graph API

Requirements: Microsoft Entra ID Authentication token is needed to use this script and the Graph API.

This tool allows you to initiate Intune Sync on multiple or all devices. The Graph API is accessed via PowerShell and triggers the sync on the devices.

Permissions

This script uses Graph API and authenticates with an App Registration or User based access token. The App Registration or the user context needs the following Microsoft Graph permission:

DeviceManagementManagedDevices.PrivilegedOperations.All

This permission can be set either as application permission or as delegated permission.

PowerShell Script

In preparation, the Microsoft Entra ID access token from the previous step must be stored in this variable: $Global:AzureADAccessToken

Then this script can be executed. Here, the sync of all Windows devices in Intune is triggered.

$uri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=startswith(operatingSystem,'windows')"
$Results = Invoke-RestMethod -Method GET -Uri $uri -ContentType "application/json" -Headers @{Authorization = "Bearer $($Global:AzureADAccessToken)MicrosoftEntraIDAccessToken)"; ConsistencyLevel = "eventual"}
$ResultsValue = $results.value
if ($results."@odata.nextLink" -ne $null) {
    $NextPageUri = $results."@odata.nextLink"
    ##While there is a next page, query it and loop, append results
    While ($NextPageUri -ne $null) {
        $NextPageRequest = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($Global:AzureADAccessToken)MicrosoftEntraIDAccessToken)"} -Uri $NextPageURI -Method Get)
        $NxtPageData = $NextPageRequest.Value
        $NextPageUri = $NextPageRequest."@odata.nextLink"
        $ResultsValue = $ResultsValue + $NxtPageData
    }
}
$IntuneDevices = $ResultsValue | where {$_.devicename -like "MW-*"}

$SuccessDevices = @()
$ErrorDevices = @()

foreach($IntuneDevice in $IntuneDevices){
    try{
        $uri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices('$($IntuneDevice.id)')/syncDevice"
        Invoke-RestMethod -uri $uri -Method POST -Headers @{Authorization = "$($Global:AzureAdAccessToken)MicrosoftEntraIDAccessToken)"}
        Write-Output "Started Sync for " $IntuneDevice.devicename
        $SuccessDevices += $IntuneDevice
    }catch{
        Write-Output "Error while syncing " $IntuneDevice.devicename
        $ErrorDevices += $IntuneDevice
    }
}