microsoft / Intune-PowerShell-SDK

Native PowerShell support for invoking Microsoft Intune Graph API to enable IT Pro scenario automation.
MIT License
314 stars 77 forks source link

Invoke-IntuneManagedDeviceWipeDevice reporting back 400 Bad Request #51

Closed patlewis-MSFT closed 5 years ago

patlewis-MSFT commented 5 years ago

Running Invoke-IntuneManagedDeviceWipeDevice fails although working in Graph explorer.

Steps to repro: Connect-MSGraph $devices = Get-IntuneManagedDevice

Invoke-IntuneManagedDeviceWipeDevice -managedDeviceId $devices[].id -keepEnrollmentData $false -keepUserData $false -macOsUnlockCode "111111" Failure: Invoke-IntuneManagedDeviceWipeDevice : 400 Bad Request { "error": { "code": "BadRequest", "message": "{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 13b1d9ee-b9d2-49c4-bff7-d7afd9dff0cb - Url: https://fef.amsua0502.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices%28%27b0fe8aa9-7d00-43f1-9ffb-1e2e5c2f66f3%27%29/microsoft.management.services.api.wipe?api-version=2018-05-24\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}", "innerError": { "request-id": "13b1d9ee-b9d2-49c4-bff7-d7afd9dff0cb", "date": "2019-07-02T19:36:21" } } } Fiddler trace shows post going to same path as Graph Explorer which works. Difference appears to be parameters sent are passed with Powershell SDK version and the authentication / authorization header is different with Powershell SDK { "keepEnrollmentData": false, "keepUserData": false, "macOsUnlockCode": "11111" }
patlewis-MSFT commented 5 years ago

I was able to reproduce this behavior also in Graph Explorer by adding the 3 parameters to the request body so it appears this is causing the problem. In the Powershell cmdlet there is no way to eliminate sending the parameters without a code change in cmdlet.

rohitramu commented 5 years ago

@patlewis-MSFT Thank you for raising this issue! It has now been fixed in the latest version (6.1907.1.0) on the PowerShell Gallery. The "macOsUnlockCode" parameter is no longer mandatory.

sujith-cy commented 4 years ago

Today I was trying to run Invoke-IntuneManagedDeviceWipeDevice without macLockcode but it fails, please see screenshot below maclookcode please assist