Functions/Connect-IntuneGraph.ps1
|
function Connect-IntuneGraph { <# .SYNOPSIS Connects to Microsoft Graph Beta with the required scopes for Intune RBAC. .DESCRIPTION This function uses the beta modules by connecting to the beta environment. It requests scopes for device management RBAC and configuration. Install-Module -Name Microsoft.Graph.Beta.DeviceManagement Install-Module -Name Microsoft.Graph.Beta.DeviceManagement.Actions Install-Module -Name Microsoft.Graph.Beta.Groups #> [CmdletBinding()] param( [Parameter(Mandatory = $false)] [string]$TenantId, [string]$AppId, [string]$AppSecret ) # See if user is already connected if (Get-MgContext -ErrorAction SilentlyContinue) { Write-Host "Already connected, use Disconnect-MgGraph if you need to reconnect or change the user scope." -ForegroundColor Yellow return } Else { Write-Verbose "Connecting to Microsoft Graph Beta for Intune..." try { $scopes = @( "RoleAssignmentSchedule.ReadWrite.Directory", "Directory.ReadWrite.All", "Policy.ReadWrite.ConditionalAccess", "DeviceManagementApps.ReadWrite.All", "DeviceManagementConfiguration.ReadWrite.All", "DeviceManagementManagedDevices.ReadWrite.All", "Policy.ReadWrite.PermissionGrant", "RoleManagement.ReadWrite.Directory", "Policy.ReadWrite.DeviceConfiguration", "DeviceLocalCredential.Read.All", "DeviceManagementManagedDevices.PrivilegedOperations.All", "DeviceManagementServiceConfig.ReadWrite.All", "Policy.Read.All", "DeviceManagementRBAC.ReadWrite.All", "AdministrativeUnit.ReadWrite.All" ) # Connect to the beta environment If ($AppId) { Connect-MgGraph -ClientId $AppId -TenantId $TenantId -ClientSecret $AppSecret -Scopes $scopes Write-Verbose "Connected successfully to Microsoft Graph Beta." } Else { Connect-MgGraph -Scopes $scopes Write-Verbose "Connected successfully to Microsoft Graph Beta." } } catch { Write-Error "Failed to connect to Microsoft Graph Beta: $_" } } } |