Deploying a mapping group key for users via Microsoft Intune

Use this method to deploy a mapping group key to managed cloud devices. Before you begin, click here to download the PowerShell script template. We have provided you with this template so you can use it to add your mapping group key to the Registry. Once downloaded, you will notice that the following file is available in the C:\Users\UserName\Downloads folder: Powershell_script_template.zip.

Show/Hide all imagesClosed

  1. Extract the contents of the Powershell_script_template.zip folder.

  2. Open the Mapping group key folder followed by the PowerShell script in a Text Editor such as Notepad or Notepad++.

  3. Replace the INSERT_YOUR_MAPPINGGROUP_KEY_VALUE string with your mapping group key within the quotation marks and save the PowerShell script.

  4. Log in to the Microsoft 365 admin center and select Admin from the App launcher. Closed

  1. Select Show all from the Navigation menu. Closed

  1. Select Endpoint Manager to open the Microsoft Intune admin center. Closed

  1. Select Devices from the Navigation menu, then Scripts and remediations on the Devices | Overview page. Closed

  1. Select the Platform scripts tab from the Devices | Scripts and remediations page, then Add > Windows 10 and later. The Add PowerShell script page appears.

  2. In the Basics section, type the name of the PowerShell script in the Name box, then select Next.

  3. In the Script settings section, click the Select a file icon to select the PowerShell script you edited earlier. Closed

The PowerShell script will add the mapping group key in the Registry.

  1. Select Yes to run the PowerShell script using the logged on credentials.

  2. Leave all other settings as default and select Next.

  3. In the Assignments section, select Add groups (under Included groups) to display the Select groups to include blade. Closed

  1. Select the desired Microsoft Entra ID groups for which you want to deploy the mapping group key, then click Select.

  2. Leave all other settings as default and select Next.

  3. Review the settings summary in the Review + add section and select Add to complete deploying the mapping group key for users via Microsoft Intune.

When you deploy a mapping group key via Microsoft Intune, your changes will not take effect immediately. Devices in the selected Microsoft Entra ID groups will sync automatically over a period (generally 30 minutes); you can also manually sync all the devices in the chosen groups via Bulk Device Actions or restart your computer to implement your changes immediately. If you deploy a mapping group key via Microsoft Intune to a device where CDM is already running, you must restart CDM on that device for your changes to take effect.

Related topics:

Deploying a mapping group key for computers via Group Policy

Deploying a mapping group key for users via Group Policy