You always wanted to automate a specific action within Intune / the Microsoft Endpoint Manager Portal (MEM) but were afraid of the complexity? The Microsoft Graph API docs deliver you more questions instead of answers? Automating tasks within the MEM portal could be very easy, couldn’t it? I promise it will be much simpler with this magician trick.

Microsoft Endpoint Manager Portal

The MEM Portal UI relies on the Microsoft Graph API. This means that the UI where you create new settings and policies and the Intune backend are encapsulated with different layers. Communication between the UI and the backend happens with the Microsoft Graph API. With the developer tools we can trace network traffic and discover the request URLs and request body payload which are required to interact with the API.

Architecture {: .align-center}

Example about how to capture URLs and build a PowerShell script

Original request body:

1
2
3
4
5
6
7
8
9

{
    "relationships": [
        {
            "@odata.type": "#microsoft.graph.mobileAppDependency",
            "targetId": "152c3443-fe12-4c14-979d-9870fe224b5b",
            "dependencyType": "autoInstall"
        }
    ]
}

Full example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

#Requires -Module MSAL.PS

$accessToken = Get-MsalToken -ClientId d1ddf0e4-d672-4dae-b554-9d5bdfd93547 -DeviceCode

# Build authentication header for API requests
$authHeader = @{
    'Content-Type'  = 'application/json'
    'Authorization' = $accessToken.CreateAuthorizationHeader()
    'ExpiresOn'     = $accessToken.ExpiresOn.LocalDateTime
}

$requestBody = @{
    "relationships" = @(
        @{
            "@odata.type"    = "#microsoft.graph.mobileAppDependency"
            "targetId"       = "152c3443-fe12-4c14-979d-9870fe224b5b"
            "dependencyType" = "autoInstall"
        }
    )
}

$requestUrl = "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/de79d203-f72e-4c31-9536-a56a9e18916d/updateRelationships"

Invoke-RestMethod -Method Post -Uri $requestUrl -Body $($requestBody | ConvertTo-Json) -Headers $authHeader

Hint: Add a filter like graph.microsoft.com method:POST to your dev tools to only show POST requests made to the API. {: .notice}

Final words

Now you know that the MEM portal runs almost entirely on the Microsoft Graph Beta API. But be aware that resources and entities are subject to change for all resources on the beta endpoint. If you want to build an app or want to receive official support you need to use the v1.0 version of the Microsoft Graph API.