Each time we do an Intune deployment, particularly for shoppers who come from SCCM or different platforms, we’re requested to offer some means to look at particulars of managed units. As everyone knows, Intune reporting is a bit “fundamental,” so on this article, I stroll by means of the steps to make use of PowerShell to acquire the data generally requested by shoppers to assist their operations.
Intune PowerShell Modules
Presently, two PowerShell modules can be utilized. The primary is the Intune PowerShell module; the second is the Microsoft Graph PowerShell SDK, which incorporates the system administration and functions sub-modules. Microsoft doesn’t preserve the Intune PowerShell module anymore and I like to recommend that you simply use the Microsoft Graph PowerShell SDK one, which Microsoft actively maintains to aligned with the most recent launch of Graph APIs.
The scripts we develop utilizing the Graph SDK are extra future-proofed and will probably be simpler so as to add new options alongside the highway. One other profit from utilizing the Graph SDK is that it really works for non-Home windows units, which is useful for folks like me who use macOS units as their major workstation.
To start out, we should join the Graph API endpoint utilizing Join-MgGraph cmdlet. In case you want it, listed here are the steps to put in the Microsoft Graph PowerShell module, and a few recommendation about completely different means to authenticate and hook up with the Microsoft Graph PowerShell modules is out there discovered right here. Word that we simply want to put in Microsoft.Graph PowerShell modules as the remainder will probably be loaded on-demand when wanted.
Join-MgGraph -Scopes "DeviceManagementApps.Learn.All","DeviceManagementManagedDevices.Learn.All"
You could now surprise what scopes (permissions) are wanted to run the system administration cmdlets. I like to recommend that you simply first determine the cmdlet you wish to use then verify the permission scope required from the Microsoft documentation. For what we have to do, the next scopes must be sufficient.
- DeviceManagementApps.Learn.All
- DeviceManagementManagedDevices.Learn.All
Now we’re prepared to collect information about units. I’ll separate the sections into the several types of reviews we often generate.
Keep in mind to make use of PowerShell 7 or above to run Microsoft Graph PowerShell SDK cmdlets. Utilizing Home windows PowerShell might consequence within the following error, which has but to be fastened by Microsoft (Determine 1).
Get Checklist of Functions for Managed Units
I’ve completely different reviews for cell and Home windows units as the information obtainable differs throughout system households. For cell units, two administration approaches can be found: Cell Utility Administration (MAM) and Cell Gadget Administration (MDM) with completely different system administration capabilities. I don’t focus on the variations right here, however you possibly can check with this text for extra particulars.
Purchasers typically ask for a report about managed functions and variations and anticipate that the report consists of each MAM and MDM managed functions . The Graph SDK cmdlets you want are use are:
- Get-MgDeviceManagementDetectedApp (MDM utility information protecting Home windows, macOS, iOS, and Android)
- Get-MgDeviceAppManagementManagedAppRegistration (MAM).
Right here’s some instance code that I take advantage of to drag a report of all apps from cell units managed by Intune MAM (together with Azure AD joint system):
$consequence=@ ()
Get-MgDeviceManagementDetectedApp -All | ForEach-Object {
$tmp=$_
$consequence+=(Get-MgDeviceManagementDetectedAppManagedDevice -DetectedAppId $_.id | Choose-Object -Property @{Identify=”Gadget”;Expression={$_.DeviceName}},
@{Identify=”App”;Expression={$tmp.DisplayName}},
@{Identify=”Model”;Expression={$tmp.Model}},
@{Identify=”Platform”;Expression={$tmp.platform}})
}
$consequence | Kind-Object -Property Gadget, App, Model | Out-GridView
The consequence appears to be like just like the output proven in Determine 2.
Let me clarify the script circulation:
- We outline an empty array referred to as tmp to retailer the consequence.
- Use Get-MgDeviceManagementDetectedApp -All to get all of the detected app from Intune.
- The ForEach-Object cmdlet processes the app information and calls Get-MgDeviceManagementDetectedAppManagedDevice utilizing the ID for every app report we obtained from the earlier step.
- Contained in the foreach loop, the script selects the required properties from the consequence and constructs a customized object.
- The script then makes use of Kind-Object to kind the output in accordance with your wants.
- Lastly, the script shows the information utilizing Out-GridView. You may also use one other cmdlet like Export-Csv to output to a CSV file.
Get Checklist of Functions for Managed Apps
We will use Get-MgDeviceAppManagementManagedAppRegistration to fetch MAM registration info (determine 3). Registration info means the apps registered in Intune MAM.
Nevertheless, some information that this cmdlet returns is probably not in a significant format, as illustrated in Determine 4. Outcome information doesn’t embody the appliance identify and outputs an object kind identify. You could want so as to add logic to deal with this type of conditions to acquire the underlying information. For instance, attempt to use Choose-Object -ExpandProperty to develop the information or create customized objects as a part of your PowerShell script.
In keeping with the Microsoft’s documentation, the app identifier ought to present the appliance’s ID, like com.microsoft.workplace.outlook.ios. But it surely’s not exhibiting wanted information, as an alternative it’s exhibiting object kind names like Microsoft.Graph.PowerShell.Fashions.MicrosoftGraphMobileAppIdentifier, and this makes us unable to make good use of the information returned.
Additional Processing the Knowledge
PowerShell consists of some useful methods to mix information. I all the time like to make use of the Be a part of-Object cmdlet to mix information units to reinforce the report. For instance, Get-MgDeviceAppManagementManagedAppRegistration returns UserId which suggests nothing to our customers. We will then use Get-MgUser to get an inventory of licensed customers and mix utilizing UserId. I often use Be a part of-Object to do SQL-like JOIN operations, because it’s utilizing LINQ behind the scenes so it performs a lot sooner when a dataset is giant. Word that Be a part of-Object will not be a built-in cmdlet, you must use Set up-Module Be a part of-Object to put in it first. Particulars concerning the Be a part of-Object cmdlet can be found right here. After that, you need to use script like beneath to mix information:
$customers=Get-MgUser -All -Filter "assignedLicenses/`$rely ne 0 and userType eq 'Member'" $mam=Get-MgDeviceAppManagementManagedAppRegistration -All Be a part of-Object -Left $mam -Proper $customers -LeftJoinProperty "UserId" -RightJoinProperty "Id" -ExcludeLeftProperties "CreatedDateTime","AdditionalProperties" -RightProperties "DisplayName" | Out-GridView
The script above performs the next:
- Will get the licensed consumer checklist from Get-MgUsers and shops in variable.
- Will get the Intune MAM registration info utilizing Get-MgDeviceAppManagementManagedAppRegistration and shops in variable.
- Makes use of Be a part of-Object cmdlet to do a SQL-like be part of with UserId properties and solely consists of wanted area Show Namse from information collected in step 1.
- Shows the lead to Out-GridView
Limitless Prospects for Graph Reporting
With the assistance of Be a part of-Object cmdlet, you possibly can simply mix information retrieved utilizing completely different PowerShell cmdlets as an alternative of exporting information to CSV and utilizing Excel to do the massaging. However observe that processing like Be a part of-Object occurs in reminiscence, so be sure to have sufficient free reminiscence. You possibly can verify the free reminiscence info by taking a look at Job Supervisor and see how a lot reminiscence is consumed by pwsh.exe and the way a lot free reminiscence is out there in your system.
+ There are no comments
Add yours