我们明确地为设备组分配了一个范围标签。查看这些设备的属性时,它们仅显示分配的范围标签,而不是隐含的“默认”范围标签。
对于拥有所有范围标记权限的我来说,以及对于那些仅拥有“默认”范围标记权限的人来说,这在 UI 中运行良好。
https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsMenuBlade/properties/mdmDeviceId/8769c25f-0513-4df3-ba44-72bc2e627882/primaryUserId/01c165f1-0dea-4056-8765-3140d8fb0752
但是,使用我的完整管理员帐户运行时,Powershell 命令 Get-IntuneManagedDevice 和 Get-DeviceManagement_ManagedDevices 无法找到具有特殊范围标记的这些设备,直到向它们添加“默认”。
Get-IntuneManagedDevice -managedDeviceId '01c165f1-0dea-4056-8765-3140d8fb0752'
Get-IntuneManagedDevice : 404 Not Found
{"error":{"code":"ResourceNotFound","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"Resource does not contain a tag allowed by the current role. - Operation ID (for customer support):
00000000-0000-0000-0000-000000000000 - Activity ID: 985f047b-47bd-4312-9542-73f313b0ee72 - Url:
https://fef.msua04.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices%28%2701c165f1-0dea-4056-8765-3140d8fb0752%27%29?api-version=2021-04-07\",\r\n
\"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\":
\"{}\"\r\n}","innerError":{"date":"2022-02-03T19:35:15","request-id":"985f047b-47bd-4312-9542-73f313b0ee72","client-request-id":"985f047b-47bd-4312-9542-73f313b0ee72"}}}
At line:1 char:1
+ Get-IntuneManagedDevice -managedDeviceId '01c165f1-0dea-4056-8765-314 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Get-DeviceManagement_ManagedDevices], HttpRequestException
+ FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_DeviceManagement_ManagedDevices
我意外禁用了一批我认为没有对应 Intune 对象的 Azure AD 对象,因为这些相同的设备不包含在完整的设备导出中。
有没有办法导出所有设备,无论其范围标签是什么?或者,这可能是一个错误?