You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We explicitly assign a scope tag to a group of devices. When looking at the properties of these devices they only show the assigned Scope Tag, not the implied "Default" scope tag.
This works fine in the UI, for myself with rights to all Scope Tags and for those with rights to just the "Default" Scope Tag.
However, ran with my full admin account, the Powershell commands Get-IntuneManagedDevice and Get-DeviceManagement_ManagedDevices fail to find these devices with the special Scope Tag, until the "Default" is added to them.
Get-IntuneManagedDevice -managedDeviceId '01c165f1-0dea-4056-8765-3140d8fb0752'
Get-IntuneManagedDevice : 404 Not Found
{"error":{"code":"ResourceNotFound","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"Resource does not contain a tag allowed by the current role. - Operation ID (for customer support):
00000000-0000-0000-0000-000000000000 - Activity ID: 985f047b-47bd-4312-9542-73f313b0ee72 - Url:
https://fef.msua04.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices%28%2701c165f1-0dea-4056-8765-3140d8fb0752%27%29?api-version=2021-04-07\",\r\n
\"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\":
\"{}\"\r\n}","innerError":{"date":"2022-02-03T19:35:15","request-id":"985f047b-47bd-4312-9542-73f313b0ee72","client-request-id":"985f047b-47bd-4312-9542-73f313b0ee72"}}}
At line:1 char:1
+ Get-IntuneManagedDevice -managedDeviceId '01c165f1-0dea-4056-8765-314 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-DeviceManagement_ManagedDevices], HttpRequestException
+ FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_DeviceManagement_ManagedDevices
I accidently disabled a batch of Azure AD objects that I thought did not have a corresponding Intune object, because these same devices are not included in a full device export.
Is there a way to export ALL devices, no matter their scope tags? Or, could this be a bug?
Sorry, I had forgotten that this was on GitHub and opened a support case with the Intune team (29569402) and created a ServerFault question.
The text was updated successfully, but these errors were encountered:
We explicitly assign a scope tag to a group of devices. When looking at the properties of these devices they only show the assigned Scope Tag, not the implied "Default" scope tag.
This works fine in the UI, for myself with rights to all Scope Tags and for those with rights to just the "Default" Scope Tag.
https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsMenuBlade/properties/mdmDeviceId/8769c25f-0513-4df3-ba44-72bc2e627882/primaryUserId/01c165f1-0dea-4056-8765-3140d8fb0752However, ran with my full admin account, the Powershell commands Get-IntuneManagedDevice and Get-DeviceManagement_ManagedDevices fail to find these devices with the special Scope Tag, until the "Default" is added to them.
I accidently disabled a batch of Azure AD objects that I thought did not have a corresponding Intune object, because these same devices are not included in a full device export.
Is there a way to export ALL devices, no matter their scope tags? Or, could this be a bug?
Sorry, I had forgotten that this was on GitHub and opened a support case with the Intune team (29569402) and created a ServerFault question.
The text was updated successfully, but these errors were encountered: