
Function Get-IDMAzureUser{

        This function is used to get AAD Users from the Graph API REST interface
        The function connects to the Graph API Interface and gets any users registered with AAD
        Must be in GUID format. This is the users GUID
        Must be in UPN format (email). This is the user principal name (eg
    .PARAMETER Property
        Option to filter user based on property.
        Get-IDMAzureUser -Id '12981fe3-6049-4039-853f-e20c8d327116'
        Returns specific user by GUID registered with Azure AD
        Get-IDMAzureUser -userPrincipleName
        Returns specific user by UserPrincipalName registered with Azure AD




        # Defining Variables
        $graphApiVersion = "beta"
        $Resource = "users"
        If ($PSCmdlet.ParameterSetName -eq "ID"){
            $QueryBy = $Id
        If ($PSCmdlet.ParameterSetName -eq "UPN"){
            $QueryBy = $UPN
        try {
                $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)"
                Write-Verbose $uri
                $Response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
            else {
                    $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)/$QueryBy"
                    Write-Verbose $uri
                    $Response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
                else {
                    $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)/$QueryBy/$Property"
                    Write-Verbose $uri
                    $Response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
        catch {
        If($Passthru) {
            return $Response
        Elseif($QueryBy -and -NOT($Property)){
            return (ConvertFrom-GraphHashtable $Response -ResourceUri "$Global:GraphEndpoint/$graphApiVersion/$($Resource)")
            return $Response.Value

Function Get-IDMAzureUsers{
        This function is used to get a users in Azure
        The function connects to the Graph API Interface and gets users
    .PARAMETER Filter
    Filters by User by looking for characters that are equal to its filterby parameter
    .PARAMETER FilterBy
    Options are: UserPrincipalName,SurName,EMailAddress,SearchDisplayName. Defaults to 'UserPrincipalName'
    .PARAMETER IncludeGuests
    [True | False] Include users that have an external label on them
        Returns all users except guest
        Get-IDMAzureUsers -IncludeGuests
        Returns all users except guest
        Get-IDMAzureUsers -Filter ''
        Returns a user with UPN of ''
        @('John','Bob') | Get-IDMAzureUsers -FilterBy SearchDisplayName
        Returns all users with display name of Bob of John in it


        [string]$FilterBy = 'UserPrincipalName',


        # Defining Variables
        $graphApiVersion = "beta"
        $Resource = "users"

        #If($FilterBy -eq 'SearchDisplayName' ){
        # $AuthToken += @{ConsistencyLevel = 'eventual'}
        $Query = @()

               'UserPrincipalName' {$Query += "userPrincipalName eq '$Filter'";$Operator='filter'}
               'SurName' {$Query += "SurName eq '$Filter'";$Operator='filter'}
               'EMailAddress' {$Query += "mail eq '$Filter'";$Operator='filter'}
               'SearchDisplayName' {$Query += "`"displayName:$Filter`"";$Operator='search'}

        #build query filter if exists
        If($Query.count -ge 1){
            $filterQuery = "`?`$$Operator=" + ($Query -join ' and ')
            $uri = "$Global:GraphEndpoint/$graphApiVersion/$Resource" + $filterQuery
            $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)?`$filter=userType eq 'Member'" + $filterQuery

        try {
            Write-Verbose "Get $uri"
            $response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
        catch {
            return $Response.Value
            return (ConvertFrom-GraphHashtable $Response.Value -ResourceUri "$Global:GraphEndpoint/$graphApiVersion/$Resource")

Function Get-IDMDeviceAssignedUser{
        This function is used to get a Managed Device username from the Graph API REST interface
        The function connects to the Graph API Interface and gets a managed device users registered with Intune MDM
        Must be in GUID format. This is for Intune Managed device ID, not the Azure ID or Object ID
    .PARAMETER Passthru
        Returns all user details for the device
        Get-IDMDeviceAssignedUser -DeviceID 0a212b6a-e1d2-4985-b9dd-4cf5205662fa
        Returns a managed device user registered in Intune
        @('0a212b6a-e1d2-4985-b9dd-4cf5205662fa','ef07dabc-2b16-48cb-9692-a6ab9ff48c55') | Get-IDMDeviceAssignedUser
        Returns a device pending action that matches DeviceID's

        # Defining Variables
        $graphApiVersion = "beta"
        $Resource = "deviceManagement/manageddevices('$DeviceID')"

        try {
            $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)"
            Write-Verbose "Get $uri"
            $response = Invoke-MgGraphRequest -Uri $uri -Method Get -ErrorAction Stop
        catch {
            $userdetails = "" | Select-Object userPrincipalName,UserId,userDisplayName,enrolledDateTime,emailAddress,lastSyncDateTime
            $userdetails.userPrincipalName = $response.userPrincipalName
            $userdetails.UserId = $response.userId
            $userdetails.userDisplayName = $response.userDisplayName
            $userdetails.enrolledDateTime = $response.enrolledDateTime
            $userdetails.emailAddress = $response.emailAddress
            $userdetails.lastSyncDateTime = $response.lastSyncDateTime
            return $userdetails
            return $response.userId

function Set-IDMDeviceAssignedUser {

        This updates the Intune device primary user
        This updates the Intune device primary user
    .PARAMETER DeviceId
        Must be in GUID format. This is for Intune Managed device ID, not the Azure ID or Object ID
        Must be in GUID format. This is for Azure User ID
        Must be in UPN format (email). This is the user principal name (eg
        Set-IDMDeviceAssignedUser -DeviceID '08d06b3b-8513-417b-80ee-9dc8a3beb377' -UPN ''
        Assigns the user to device'
        Set-IDMDeviceAssignedUser -DeviceID '08d06b3b-8513-417b-80ee-9dc8a3beb377' -UserId 'c9d00ac2-b07d-4477-961b-442bbc424586'
        Assigns the user to device'
        @('08d06b3b-8513-417b-80ee-9dc8a3beb377','c9d00ac2-b07d-4477-961b-442bbc424586') | Set-IDMDeviceAssignedUser -UPN ''
        Returns all users with display name of Bob of John in it



        $graphApiVersion = "beta"
        If ($PSCmdlet.ParameterSetName -eq "UPN"){
            $UserId = (Get-IDMAzureUser -UPN $UPN).Id
        $Resource = "deviceManagement/managedDevices('$DeviceId')/users/`$ref"

        #build UserUri body; convert to JSON
        $userUri = "$Global:GraphEndpoint/$graphApiVersion/users/" + $UserId
        $JSON = @{ ""="$userUri" } | ConvertTo-Json -Compress

        $uri = "$Global:GraphEndpoint/$graphApiVersion/$($Resource)"

        try {
            Write-Verbose "Get $uri"
            $null = Invoke-MgGraphRequest -Uri $uri -Method Post -Body $JSON -ErrorAction Stop
        } catch {
