How to Correctly Use PATCH Request on Intune Device Health Script Assignments in Microsoft Graph API

Swahela Mulla 90 Reputation points
2024-04-15T07:29:09.7266667+00:00

Hello Everyone,

 

I am currently working with the Microsoft Graph API to manage Intune proactive remediation scripts programmatically. I've successfully used the POST method to assign a device health script to a group, but I'm encountering issues when trying to modify (i.e., PATCH) existing assignments to include additional groups.

When using the POST method on the /assign endpoint, it replaces the existing assignments instead of adding new ones. For example, if a script is assigned to Group1, and I use the POST method to assign it to Group2, the assignment to Group1 is removed.

To resolve this, I attempted to use a PATCH request to update the existing assignment. Here is the request I used:

PATCH https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignments/{deviceHealthScriptAssignmentId}
Content-type: application/json
Content-length: 590
{
  "@odata.type": "#microsoft.graph.deviceHealthScriptAssignment",
  "target": {
    "@odata.type": "#microsoft.graph.groupAssignmentTarget",
    "groupId": "xxxx-xxxx-xxxx-xxx-xxxxxxx"
  },
  "runRemediationScript": true,
  "runSchedule": {
    "@odata.type": "microsoft.graph.deviceHealthScriptDailySchedule",
    "interval": 8,
    "useUtc": true,
    "time": "11:58:36.2550000"
  }
}

However, this resulted in an error:

{
  "error": {
    "code": "No method match route template",
    "message": "No OData route exists that match template ~/singleton/navigation/key/navigation/key with http verb PATCH for request /DeviceFE/StatelessDeviceFEService/deviceManagement/deviceHealthScripts('{deviceHealthScriptId}')/assignments('{deviceHealthScriptAssignmentId}')."
  }
}

This error suggests that the PATCH method may not be supported for the endpoint I'm targeting. My main questions are:

  1. Is the PATCH method supported for modifying device health script assignments in Microsoft Graph API?
  2. If so, what is the correct format for the PATCH request?
  3. Alternatively, how can I add a new group to an existing assignment without removing the existing ones, ideally using PowerShell?
  4. I have assigned required permissions as well.

Any guidance or examples would be greatly appreciated.

 

Thank you in advance for your help!

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,351 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,068 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 43,126 Reputation points Microsoft Vendor
    2024-04-16T02:39:57.5433333+00:00

    @Swahela Mulla, Thanks for posting in Q&A. Based on the Dev log I captured when I add the user group in UI. I find it uses POST action and all the groups we want to add needs to include int he Request Body. For example, I want to add group 2 into the assignment while there's already group 1 in the assignment. I add both two groups' id in the request body.POST

    https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignRequest Body:

    {
    "deviceHealthScriptAssignments": [
        {
            "id": "6eb09d44-bxxxxxxx7a524d44f147",
            "target": {
                "@odata.type": "#microsoft.graph.groupAssignmentTarget",
                "groupId": "group 1 id",
                "deviceAndAppManagementAssignmentFilterId": "00000000-0000-0000-0000-000000000000"
            },
            "runRemediationScript": true,
            "runSchedule": {
                "@odata.type": "#microsoft.graph.deviceHealthScriptDailySchedule",
                "interval": 1,
                "time": "8:0:0",
                "useUtc": false
            }
        },
        {
            "target": {
                "@odata.type": "#microsoft.graph.groupAssignmentTarget",
                "groupId": "group 2 id"
            },
            "runRemediationScript": true,
            "runSchedule": {
                "@odata.type": "#microsoft.graph.deviceHealthScriptDailySchedule",
                "interval": 1,
                "time": "8:0:0",
                "useUtc": false
            }
        }
    ]
}

    User's image

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.