I'm looking to backup the Activation Lock Bypass Code for iPads since the bypass code is lost if the device is removed from Intune. However, whenever I try to fetch the value using the PowerShell Intune SDK module it is returned $null.
Connect-MSGraph
$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem, 'iOS')" | Get-MSGraphAllPages
$Devices | Select serialNumber, activationLockBypassCode
However, if I loop through the devices one by one the result isn't $null, so this works:
Connect-MSGraph
$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem, 'iOS')" | Get-MSGraphAllPages
$Output = foreach ($Device in $Devices | select -first 30) {
Get-IntuneManagedDevice -managedDeviceId $Device.id -select id, serialNumber, deviceName, userDisplayName, userPrincipalName, emailAddress, deviceCategoryDisplayName, activationLockBypassCode, managedDeviceOwnerType, managementAgent, isSupervised, model, enrolledDateTime, lastSyncDateTime
}
$Output | select id, serialNumber, deviceName, userDisplayName, userPrincipalName, emailAddress, deviceCategoryDisplayName, activationLockBypassCode, managedDeviceOwnerType, managementAgent, isSupervised, model, enrolledDateTime, lastSyncDateTime
As seen in this post as well.
The Intune module is written in .NET in which I'm not proficient, so I don't know why this method would work but not the first. I thought this to be a Intune module bug, but when trying to use the Graph API Explorer I only get a $null value as well.
GET /deviceManagement/managedDevices/{managedDeviceId}
The above workaround works when I manually run it as a global admin, but I'm currently learning Azure Automation and would like to schedule this. However, when I run it with the RunAsAccount the value is returned
$null, using both methods, while all other properties return a value as expected.
Is this a bug I should report somewhere or am I missing something? Does the activationLockBypassCode property require additional permissions or to be called in a specific manner?