IntuneBulkMaster

24.8.1.0

Public/Invoke-IBMremoteLock.ps1

                                function Invoke-IBMremoteLock {

    <#

    .SYNOPSIS

        Triggers a remote lock on Intune managed devices.

    .DESCRIPTION

        The `Invoke-IBMremoteLock` function allows you to remotely lock Intune managed devices. 

        You can specify devices individually using `DeviceId`, `GroupName`, `DeviceName`, or `OS`. 

        Additionally, you can choose to lock all devices or select specific devices/groups interactively.

    .NOTES

        Author: Florian Salzmann | @FlorianSLZ | https://scloud.work

        Version: 1.0

        Date: 2024-08-01

    #>

    param (

        [parameter(Mandatory = $false, HelpMessage = "Specify the ID of the individual device to lock.")]

        [string]$DeviceId,

        [parameter(Mandatory = $false, HelpMessage = "Specify the name of the group containing devices to lock.")]

        [string]$GroupName,

        [parameter(Mandatory = $false, HelpMessage = "Specify the name of the individual device to lock.")]

        [string]$DeviceName,

        [parameter(Mandatory = $false, HelpMessage = "Specify the operating system of the devices to lock. For example, 'Windows' or 'iOS'.")]

        [string]$OS,

        [parameter(Mandatory = $false, HelpMessage = "Lock all devices managed by Intune.")]

        [switch]$AllDevices,

        [parameter(Mandatory = $false, HelpMessage = "Interactively select specific devices to lock.")]

        [switch]$SelectDevices,

        [parameter(Mandatory = $false, HelpMessage = "Interactively select a specific group of devices to lock.")]

        [switch]$SelectGroup

    )

    # Get device IDs based on provided criteria

    if($AllDevices){

        $deviceIds = Get-IntuneDeviceIDs -AllDevices 

    }elseif($SelectDevices){

        $deviceIds = Get-IntuneDeviceIDs -SelectDevices

    }elseif($SelectGroup){

        $deviceIds = Get-IntuneDeviceIDs -SelectGroup

    }else{

        $deviceIds = Get-IntuneDeviceIDs -DeviceId $DeviceId -GroupName $GroupName -DeviceName $DeviceName -OS $OS 

    }

    if (-not $deviceIds) {

        Write-Warning "No devices found based on the provided criteria."

        return

    }

    # Lock each device

    $counter = 0

    foreach ($deviceId in $deviceIds) {

        $counter++

        Write-Progress -Id 0 -Activity "Remote Lock devices" -Status "Processing $($counter) of $($deviceIds.count)" -CurrentOperation $computer -PercentComplete (($counter/$deviceIds.Count) * 100)

        $uri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/$deviceId/remoteLock"

        try {

            $response = Invoke-MgGraphRequest -Method POST -Uri $uri

            Write-Verbose "Remote Lock triggered for device ID: $deviceId. $Response"

        } catch {

            Write-Output "An error occurred while remote Lock device ID: $deviceId. Error: $_"

        }

    }

}