Functions/Add-IntuneScopeTagToRoleAssignment.ps1
|
function Add-IntuneScopeTagToRoleAssignment { <# .SYNOPSIS Assigns an existing scope tag to a role assignment. .DESCRIPTION Updates a role assignment to include a scope tag by sending a PATCH request to update the roleScopeTagIds property. .PARAMETER RoleAssignmentId The ID of the role assignment to update. .PARAMETER ScopeTagId The ID of the scope tag to assign. .EXAMPLE Add-IntuneScopeTagToRoleAssignment -RoleAssignmentId "assignment-id" -ScopeTagId "scope-tag-id" #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$RoleAssignmentId, [Parameter(Mandatory = $true)] [string]$ScopeTagId ) # Check if connected to Microsoft Graph if (-not (Get-MgContext -ErrorAction SilentlyContinue)) { Write-Error "You must run Connect-IntuneGraph before calling this function." return } Write-Verbose "Assigning scope tag '$ScopeTagId' to role assignment '$RoleAssignmentId'" try { $payload = @{ roleScopeTagIds = @($ScopeTagId) } $jsonPayload = $payload | ConvertTo-Json -Depth 10 $result = Invoke-MgGraphRequest -Method PATCH -Uri "deviceManagement/roleAssignments/$RoleAssignmentId" ` -Body $jsonPayload -ContentType "application/json" Write-Verbose "Scope tag assigned to role assignment '$RoleAssignmentId'" return $result } catch { Write-Error "Error assigning scope tag: $_" } } |