Adaxes

flow for wiping DEP managed devices in Intune

0 votes

I'm currently trying to create a workflow that has been requested by our business. One of our IT departments is responsible for wiping devices. This can be done through Intune, but I would like to make this possible in Adaxes as well. I already have custom command that works, based on the user context and a given serial number. Now Instead of using the User Context, I need to be able to wipe by only giving the serial number. The IT department doesn't always know to wich person this specific devices is bound to.

Requirements

  • Initiator puts in a serial number
  • custom command will check for the device and send wipe command
  • limit scope to specific target users (filter on department)

I also need to take in consideration that searching all the devices first and then filtering the specific device may take some time to complete. What would be a good solution in this case? Working with a scheduled task and populate a business unit? I attached the existing script that has been created as reference

Import-Module Microsoft.Graph.Authentication
Import-Module Microsoft.Graph.Identity.SignIns
Import-Module Microsoft.Graph.DeviceManagement.Actions

# Get the Azure AD access token
$token = $Context.CloudServices.GetAzureAuthAccessToken("https://graph.microsoft.com")
$token = $token | ConvertTo-SecureString -AsPlainText -Force
Connect-MgGraph -AccessToken $token

# Get Microsoft 365 Object ID
try
{
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    $Context.LogMessage("The user %fullname% doesn't have a Microsoft 365 account.", "Warning")
    return
}

#process the user
$user = Get-MgUser -UserId $objectId
$upn = $user.userprincipalname
$Context.LogMessage("$($UPN)", "information")

#get all devices of the user
$devices = Get-mgdevicemanagementManagedDevice -filter "UserPrincipalName eq '$UPN'"

#filter iOS DEP devices
$serial = "%param-serialnumber%"
$iOSDevices = $devices | where-Object{ $_.SerialNumber -eq "$serial"}
$Context.LogMessage("Device ID: $($iOSdevices.AzureADDeviceID), Device Name: $($iOSdevices.DeviceName), Manufacturer: $($iOSdevices.Manufacturer)", "Information")


#if no devices found
if ($iOSDevices.Count -eq 0){
    $Context.LogMessage("No Device found for this serial number $($Serial)", "warning")
}

Else{
    #get the object ID
    $IntuneDeviceID = $iOSDevices.AzureAdDeviceId
    $iOSDevices = get-MgDevice -filter "deviceID eq '$IntuneDeviceID'"
    $iOSDeviceID = $iOSDevices.Id

    # Wipe the device
    try
        {
            $params = @{
            keepEnrollmentData = $false
            keepUserData = $false
            persistEsimDataPlan = $false
        }

            Clear-MgDeviceManagementManagedDevice -ManagedDeviceId $IntuneDeviceID -BodyParameter $params
            $Context.LogMessage("Wipe command sent to device with Serial $($serial)", "Warning")
        }
    catch
        {
            $Context.LogMessage("Failing to send Wipe command. Contact Core Services.", "Warning")
            return
        }
}
by (40 points)
0

Hello Alex,

Unfortunately, that is not something we can assist you with as there is no such built-in functionality in Adaxes. Using a script is the only option and that is something that fully relies on Microsoft functionality. We were not able to find scripts like the one you need.

by (295k points)

Please log in or register to answer this question.

Related questions

0 votes
1 answer
Wiping active Sync devices

I am trying to create a custom command that will wipe the users phones. The it seems the power shell is not taking the Variable %username%. Please see below Import-Module Adaxes Add ... } IS there and way to get it to take "$Target" in ther Get command?

asked Jul 10, 2014 by admin_ntst (40 points)
0 votes
1 answer
Hot to Get ActiveSync devices details for all users ?

Hello, We need a report or a custom command that export all Active Sync devices details. Is there a way to do it ? Thanks :-) Michel

asked Feb 11, 2022 by zemitch (200 points)
0 votes
1 answer
isolated DomainA,DomainB. Common Adaxes service server for both managing DomainA,DomainB as managed domain

hello, We are doing poc for Adaxes software. Our need: Adaxes as front end to manage multiple isolated domains with no trust e.g. Domain A, Domain B. We deployed ... domain B always gives error "User or password is not correct". Is this toplogy supported

asked Jul 11, 2024 by VBahubali (40 points)
0 votes
1 answer
Possible for Group 'Managed By' Value to Inherit Parent OU 'Managed By' Value?

Is it possible to for security groups that are nested under an OU to inherit that OU's 'Managed By' value? I'd like to grant the OU Owner rights to the security groups ... option is to manually edit each group one by one. Is there a script that automates this?

asked Mar 26, 2020 by sirslimjim (480 points)
0 votes
1 answer
Managed Office 365 tenants - polling for license count

I am wondering what the expected behavior is, and what troubleshooting can be done, for this issue: We have a few tenants listed under Cloud Services > Office 365 We ... know, but they don't have access to force the license update themselves. Thanks, Jason

asked Jan 9, 2019 by Jasonmh (540 points)
3,600 questions
3,288 answers
8,329 comments
548,307 users