How to Push Managed Google Play Applications through Intune

Go to Microsoft Endpoint Manager. endpoint.microsoft.com
Once you are in the Endpoint Manager, also known as Intune, head over to Apps in the left navigation.
Once you are in Apps, select Android from the Apps navigation. It would be under By Platform.
Click on Add to app a managed google play application.
Select Managed Google Play app from the app type menu.
It would then ask you to start a connection process between your Intune account to your Android Enterprise Account. Click on it to start the connection process. If your Google account is already connected, please skip this step and move to step number 13.
Click on I agree and then “Launch Google to connect now”.
A new screen will pop up, click on sign in and log in with your Google credentials.
Once you log in, click on get started.
Add your business name and then click on Next.
Click on Complete Registration.
Then you would see that your google account would be connected to Intune.
Head back over to Apps and then in Android which is under By Platform and Add a new Managed Google play application as shown in previous steps.
Then you would see that Google Play store would open right up and from there you can search for an application and select it.
Select any application you want to push, For this demo, I would be using Microsoft Office.
Once you click on select, the select button will turn green indicating that the app has been added. Then Click on Sync. It would be at the top.
You can also verify that the app has been added by going back into apps.
Now in order to bulk assign this app to all users, you would need to run a PowerShell script. Please copy the below script.

##Bulk assigns all Managed Play Store apps as Available to All Users
Write-Host "Installing Microsoft Graph modules if required (current user scope)"
#Install MS Graph if not available
if (Get-Module -ListAvailable -Name Microsoft.Graph.Authentication) {
Write-Host "Microsoft Graph Already Installed"
}
else {
try {
Install-Module -Name Microsoft.Graph.Authentication -Scope CurrentUser -Repository PSGallery -Force
}
catch [Exception] {
$_.message
exit
}
}
Function Connect-ToGraph {
<#
.SYNOPSIS
Authenticates to the Graph API via the Microsoft.Graph.Authentication module.
.DESCRIPTION
The Connect-ToGraph cmdlet is a wrapper cmdlet that helps authenticate to the Intune Graph API using the Microsoft.Graph.Authentication module. It leverages an Azure AD app ID and app secret for authentication or user-based auth.
.PARAMETER Tenant
Specifies the tenant (e.g. contoso.onmicrosoft.com) to which to authenticate.
.PARAMETER AppId
Specifies the Azure AD app ID (GUID) for the application that will be used to authenticate.
.PARAMETER AppSecret
Specifies the Azure AD app secret corresponding to the app ID that will be used to authenticate.
.PARAMETER Scopes
Specifies the user scopes for interactive authentication.
.EXAMPLE
Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret
-#>
[cmdletbinding()]
param
(
[Parameter(Mandatory = $false)] [string]$Tenant,
[Parameter(Mandatory = $false)] [string]$AppId,
[Parameter(Mandatory = $false)] [string]$AppSecret,
[Parameter(Mandatory = $false)] [string]$scopes
)
Process {
    Import-Module Microsoft.Graph.Authentication
    $version = (get-module microsoft.graph.authentication | Select-Object -expandproperty Version).major
    if ($AppId -ne "") {
        $body = @{
            grant_type    = "client_credentials";
            client_id     = $AppId;
            client_secret = $AppSecret;
            scope         = "https://graph.microsoft.com/.default";
        }
 
        $response = Invoke-RestMethod -Method Post -Uri https://login.microsoftonline.com/$Tenant/oauth2/v2.0/token -Body $body
        $accessToken = $response.access_token
 
        $accessToken
        if ($version -eq 2) {
            write-host "Version 2 module detected"
            $accesstokenfinal = ConvertTo-SecureString -String $accessToken -AsPlainText -Force
        }
        else {
            write-host "Version 1 Module Detected"
            Select-MgProfile -Name Beta
            $accesstokenfinal = $accessToken
        }
        $graph = Connect-MgGraph  -AccessToken $accesstokenfinal 
        Write-Host "Connected to Intune tenant $TenantId using app-based authentication (Azure AD authentication not supported)"
    }
    else {
        if ($version -eq 2) {
            write-host "Version 2 module detected"
        }
        else {
            write-host "Version 1 Module Detected"
            Select-MgProfile -Name Beta
        }
        $graph = Connect-MgGraph -scopes $scopes
        Write-Host "Connected to Intune tenant $($graph.TenantId)"
    }
}
}    
Load the Graph module
Import-Module microsoft.graph.authentication  
Connect-ToGraph -Scopes "RoleAssignmentSchedule.ReadWrite.Directory, Domain.Read.All, Domain.ReadWrite.All, Directory.Read.All, Policy.ReadWrite.ConditionalAccess, DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, openid, profile, email, offline_access"
Function Add-ApplicationAssignment() {
<#
.SYNOPSIS
This function is used to add an application assignment using the Graph API REST interface
.DESCRIPTION
The function connects to the Graph API Interface and adds a application assignment
.EXAMPLE
Add-ApplicationAssignment -ApplicationId $ApplicationId
Adds an application assignment in Intune
.NOTES
NAME: Add-ApplicationAssignment
#>
[cmdletbinding()]
param
(
    $ApplicationId
)
$graphApiVersion = "Beta"
$Resource = "deviceAppManagement/mobileApps/$ApplicationId/assign"
try {
    if (!$ApplicationId) {
        write-host "No Application Id specified, specify a valid Application Id" -f Red
        break
    }
    $JSON = @"
    {
        "mobileAppAssignments": [
        {
        "@odata.type": "#microsoft.graph.mobileAppAssignment",
        "intent": "Available",
        "settings": {
        "@odata.type": "#microsoft.graph.androidManagedStoreAppAssignmentSettings",
        "androidManagedStoreAppTrackIds": [],
        "autoUpdateMode": "default"
        },
        "target": {
        "@odata.type": "#microsoft.graph.allLicensedUsersAssignmentTarget"
        }
        }
        ]
        }
"@
    $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
    Invoke-MgGraphRequest -Uri $uri -Method Post -Body $JSON -ContentType "application/json"
}
catch {
    $ex = $_.Exception
    $errorResponse = $ex.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($errorResponse)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd();
    Write-Host "Response content:`n$responseBody" -f Red
    Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
    write-host
    break
}
}
$uri = "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps?`$filter=((isof('microsoft.graph.androidManagedStoreApp') and microsoft.graph.androidManagedStoreApp/isSystemApp eq false)) and (microsoft.graph.managedApp/appAvailability eq null or microsoft.graph.managedApp/appAvailability eq 'lineOfBusiness' or isAssigned eq true)"
$apps = (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value
foreach ($app in $apps) {
$appid = $app.id
Add-ApplicationAssignment -ApplicationId $appid
}

Open up Windows PowerShell. (Search in Windows for PowerShell and open it).
Once you open it, copy and paste the entire script and press enter.
Once you click enter, it would ask you to sign in. Please sign in with a Global Administrator Account.
After you’ve signed in, check the box for consent and then accept the permissions requested.
It would then say Connected to Intune tenant.
Then you can verify by going into apps and seeing if the assigned has changed to Yes.