# Connect using Managed Identity
Connect-MgGraph -Identity
function Set-DeviceCategory {
    [CmdletBinding(SupportsShouldProcess=$True)]
    param (
        [parameter(Mandatory)][string] $DeviceID,
        [parameter(Mandatory)][string] $CategoryID
    )
    Write-Verbose "updating device... $DeviceID"
    $requestBody = @{
        "@odata.id" = "https://graph.microsoft.com/beta/deviceManagement/deviceCategories/$CategoryID"
    }
    [string]$url = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$DeviceID/deviceCategory/`$ref"
    Write-Verbose "request-url: $url"
    if (!$WhatIfPreference) {
        $result = Invoke-MGGraphRequest -Method PUT -Uri $url -Body $requestBody
    } else {
        Write-Host "[WHAT-IF] would submit request to graph API" -ForegroundColor Cyan
    }
    #$result
}

# Get all devices
$devices = Get-MgDeviceManagementManagedDevice -All -Property Id, operatingSystem, userId, Devicename | Select-Object Id, operatingSystem, userId, Devicename

foreach ($device in $devices) {

    # Überprüfen, ob das Gerät ein Windows-Gerät ist
    if ($device.operatingSystem -eq "Windows") {

        # Überprüfen, ob ein Benutzer vorhanden ist
        if ($device.userId) {
            $user = Get-MgUser -UserId $device.userId -Property Id, DisplayName, companyName | Select-Object Id, DisplayName, companyName

            # Überprüfen, ob der Benutzer eine Firma hat
            if ($user.companyName) {

                # Check, ob der RoleScopeTag bereits existiert
                $existingdeviceCategorie = Get-MgDeviceManagementDeviceCategory -Filter "displayName eq '$($user.CompanyName)'"
                $status = $existingdeviceCategorie

                # RoleScopeTag erstellen, wenn noch nicht vorhanden
                if ($existingdeviceCategorie -eq $null) {
                    
                    New-MgDeviceManagementDeviceCategory -DisplayName $user.CompanyName
                    $existingdeviceCategorie = Get-MgDeviceManagementDeviceCategory -Filter "displayName eq '$($user.CompanyName)'"
                    Set-DeviceCategory -DeviceID $device.Id -CategoryID $existingdeviceCategorie.Id
                    Write-Host "Set-DeviceCategory" $existingdeviceCategorie.displayName "for Device" $device.Devicename
                }
                else {
                    Set-DeviceCategory -DeviceID $device.Id -CategoryID $existingdeviceCategorie.Id
                    Write-Host "Set-DeviceCategory" $existingdeviceCategorie.displayName "for Device" $device.Devicename
                }
            }
        }
    }
}