-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRemoveCertificateFromIntune.ps1
49 lines (36 loc) · 1.26 KB
/
RemoveCertificateFromIntune.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<#
.DESCRIPTION
TThis script enables an administrator to delete a specific existing certificate from Intune.
.EXAMPLE
.NOTES
Author: Thomas Kurth/baseVISION
Date: 22.06.2022
History
001: First Version
#>
$RunningInAzureVM = $true
Select-MgProfile -Name "beta"
if($RunningInAzureVM){
$response = Invoke-WebRequest -Uri ('http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://graph.microsoft.com/') -Method GET -Headers @{Metadata="true"} -UseBasicParsing
$content = $response.Content | ConvertFrom-Json
# Azure AD
$AADAuthBody = @{
AccessToken = $content.access_token
}
} else {
# Azure AD - Empty will throw Interactive Auth
$AADAuthBody = @{
Scopes = @("User.Read.All","GroupMember.Read.All","DeviceManagementConfiguration.ReadWrite.All")
}
}
try {
$context = Get-MgContext -ErrorAction Stop
if($null -eq $context){
throw "Not connected"
}
} catch {
Connect-MgGraph @AADAuthBody
}
$AllUserPFXs = ,(Get-MgDeviceManagementUserPfxCertificate -All -Property @("id","expirationDateTime","userPrincipalName"))
$PfxToDel = $AllUserPFXs | Out-GridView -OutputMode Single
Remove-MgDeviceManagementUserPfxCertificate -UserPfxCertificateId $PfxToDel.Id