IntuneManagement
IntuneManagement copied to clipboard
Micke-K
Add support for GCC High endpoints while using Start-IntuneManagement.ps1 with TenantId, AppId and Secret.
Unable to connect to GCC High tenant using the existing app registration route as described above. This would be helpful in environments in GCC High where an app registration that already meets or exceeds the app permissions needed for the IM utility to interact with the tenant.
Let me know if there are any questions at all! Thank you.
Hello,
I'll see if I can figure this out without being able to test it.
Cheers!
Hello,
I added support for this in the Development branch. At least I hope so. I can't test it.
Download the source from Development
I added support for the following options
-GraphEnvironment [public | usGov | china]
-GCCType [gcc | gcgHigh | gccDoD]
So you could add the following to the command line
-GraphEnvironment usGov -GCCType gcc
Cheers!
Hey! So I tried to connect using the new development file but couldn't get it to work using the Start-* script and tried importing the cloud API module directly and issued the command below. Still no dice. Does it look like I'm missing anything?
Initialize-CloudAPIManagement -TenantId $env:AZURE_TENANT_ID -AppId $env:_CLIENT_ID -Secret $env:AZURE_CLIENT_SECRET -GraphEnvironment USGov -GCCType gccHigh Use settings in registry ##################################################################################### Application started ##################################################################################### PowerShell version: 7.5.0 PowerShell edition: Core OS: Windows 10 Enterprise 10.0.26100.3321 Module Compare loaded successfully Module Copy loaded successfully Module Documentation loaded successfully Module DocumentationCustom loaded successfully Module DocumentationHTML loaded successfully Module DocumentationMD loaded successfully Module DocumentationWord loaded successfully Module EndpointManager loaded successfully Module EndpointManagerInfo loaded successfully Module IntuneAppManagement loaded successfully Module IntuneAssignments loaded successfully Module IntuneFilterUsage loaded successfully Module IntuneTools loaded successfully Module MSALAuthentication loaded successfully Module MSGraph loaded successfully Trigger function Invoke-InitializeModule Trigger Invoke-InitializeModule in Compare Trigger Invoke-InitializeModule in Copy Trigger Invoke-InitializeModule in Documentation Trigger Invoke-InitializeModule in DocumentationCustom Trigger Invoke-InitializeModule in DocumentationHTML Trigger Invoke-InitializeModule in DocumentationMD Trigger Invoke-InitializeModule in DocumentationWord Failed to add Word Interop type. Cannot create word documents. Verify that Word is installed properly. Exception: Cannot find path 'C:\Users\iammichael\Downloads\IntuneManagement-Development\Microsoft.Office.Interop.Word.dll' because it does not exist. Trigger Invoke-InitializeModule in EndpointManager Trigger Invoke-InitializeModule in EndpointManagerInfo Trigger Invoke-InitializeModule in IntuneAssignments Trigger Invoke-InitializeModule in IntuneFilterUsage Trigger Invoke-InitializeModule in IntuneTools Trigger Invoke-InitializeModule in MSALAuthentication Loaded Microsoft.IdentityModel.Abstractions.dll version 8.1.1.51005 Loaded Microsoft.Identity.Client.dll version 4.67.2.0 Trigger Invoke-InitializeModule in MSGraph Add settings and menu items Change view to Intune Manager Add MSAL App 14d82eec-204b-4c2f-b7e8-296a70dab67e https://login.microsoftonline.us/organizations/ Use Graph environment: graph.microsoft.us Failed to login. Error: invalid_grant. Description: AADSTS70043: The refresh token has expired or is invalid due to sign-in frequency checks by conditional access. The token was issued on 2025-02-19T14:32:42.1560330Z and the maximum allowed lifetime for this request is 432000. Trace ID: 40f732f7-5f24-4e80-881d-55bea7785100 Correlation ID: 4b253c1d-b530-44d0-921b-a7d71fe0e854 Timestamp: 2025-03-15 23:08:38Z Activating View Intune Manager Trigger function Invoke-ViewActivated Trigger Invoke-ViewActivated in Compare Trigger Invoke-ViewActivated in Copy Trigger Invoke-ViewActivated in Documentation Running latest version: 3.9.8 Trigger function Invoke-ShowMainWindow Trigger Invoke-ShowMainWindow in Compare Trigger Invoke-ShowMainWindow in Documentation Trigger function Invoke-GraphObjectsChanged Trigger Invoke-GraphObjectsChanged in Documentation Trigger Invoke-GraphObjectsChanged in EndpointManager Trigger function Invoke-GraphObjectsChanged Trigger Invoke-GraphObjectsChanged in Documentation Trigger Invoke-GraphObjectsChanged in EndpointManager Trigger function Invoke-GraphObjectsChanged Trigger Invoke-GraphObjectsChanged in Documentation Trigger Invoke-GraphObjectsChanged in EndpointManager Trigger function Invoke-GraphObjectsChanged Trigger Invoke-GraphObjectsChanged in Documentation Trigger Invoke-GraphObjectsChanged in EndpointManager Trigger function Invoke-GraphObjectsChanged Trigger Invoke-GraphObjectsChanged in Documentation Trigger Invoke-GraphObjectsChanged in EndpointManager
Hello,
Initialize-CloudAPIManagement -TenantId $env:AZURE_TENANT_ID -AppId $env:_CLIENT_ID -Secret $env:AZURE_CLIENT_SECRET -GraphEnvironment USGov -GCCType gccHigh
$env:_CLIENT_ID - Is this correct?
I uploaded an update with additional logging. Try that and let me know what it says in the log.
Cheers!
We are trying to get this working as well. Is there a document that shows the list of API grants we need to enable in our application? I have been reading through the documentation and cannot locate them.
Failed to login. Error: invalid_request. Description: AADSTS900382: Confidential Client is not supported in Cross Cloud request. Trace ID: b7cbdbae-ea7b-45f6-b7ea-796de7c52a00 Correlation ID: 230fe407-19a3-4fd9-aaf3-a5d4d3b0b3ab Timestamp: 2025-05-21 16:17:53Z
See full console below.
PS C:****\Downloads\IntuneManagement-Development\IntuneManagement-Development> .\Start-IntuneManagementGCC.ps1 Using Tenant Id: ****** Using Azure App Id: ****** Using Azure App Secret Using Azure Graph Environment: USGov Using Graph Environment type: gccHigh Use settings in registry ##################################################################################### Application started ##################################################################################### PowerShell version: 5.1.22621.4391 PowerShell build: 10.0.22621.4391 PowerShell CLR: 4.0.30319.42000 PowerShell edition: Desktop OS: Windows 10 Enterprise 10.0.22631.5335 Module Compare loaded successfully Module Copy loaded successfully Module Documentation loaded successfully Module DocumentationCustom loaded successfully Module DocumentationHTML loaded successfully Module DocumentationMD loaded successfully Module DocumentationWord loaded successfully Module EndpointManager loaded successfully Module EndpointManagerInfo loaded successfully Module IntuneAppManagement loaded successfully Module IntuneAssignments loaded successfully Module IntuneFilterUsage loaded successfully Module IntuneTools loaded successfully Module MSALAuthentication loaded successfully Module MSGraph loaded successfully Trigger function Invoke-InitializeModule Trigger Invoke-InitializeModule in Compare Trigger Invoke-InitializeModule in Copy Trigger Invoke-InitializeModule in Documentation Trigger Invoke-InitializeModule in DocumentationCustom Trigger Invoke-InitializeModule in DocumentationHTML Trigger Invoke-InitializeModule in DocumentationMD Trigger Invoke-InitializeModule in DocumentationWord Trigger Invoke-InitializeModule in EndpointManager Trigger Invoke-InitializeModule in EndpointManagerInfo Trigger Invoke-InitializeModule in IntuneAssignments Trigger Invoke-InitializeModule in IntuneFilterUsage Trigger Invoke-InitializeModule in IntuneTools Trigger Invoke-InitializeModule in MSALAuthentication Loaded Microsoft.IdentityModel.Abstractions.dll version 6.35.0.41201 Loaded Microsoft.Identity.Client.dll version 4.67.2.0 Trigger Invoke-InitializeModule in MSGraph Add settings and menu items Change view to Intune Manager Failed to login. Error: invalid_request. Description: AADSTS900382: Confidential Client is not supported in Cross Cloud request. Trace ID: b7cbdbae-ea7b-45f6-b7ea-796de7c52a00 Correlation ID: 230fe407-19a3-4fd9-aaf3-a5d4d3b0b3ab Timestamp: 2025-05-21 16:17:53Z Trigger function Invoke-GraphAuthenticationUpdated Trigger Invoke-GraphAuthenticationUpdated in EndpointManager Trigger Invoke-GraphAuthenticationUpdated in MSGraph Clear cached values Activating View Intune Manager Trigger function Invoke-ViewActivated Trigger Invoke-ViewActivated in Compare Trigger Invoke-ViewActivated in Copy Trigger Invoke-ViewActivated in Documentation Running latest version: 3.9.8 Trigger function Invoke-ShowMainWindow Trigger Invoke-ShowMainWindow in Compare Trigger Invoke-ShowMainWindow in Documentation
-GraphEnvironment usGov -GCCType gcc
When I try this method it says that "GraphEnviroment" is not a parameter and I am using the devoplment branch. I did also try the main one as well.
