What is this recent torrent of Intune gibberish coming from this foul-mouthed idiot? Is he some sort of “expert”? Bah! Nope! I’m just working with it a bit more lately, so I figured I’d brain-dump on it while I can (and to help me recall things if I step away from it for a few months).
Background and Setup
The inventory data for Intune-managed Windows 10 devices is stored in Azure and exposed through the Graph API. And while it can seem challenging to find good examples for accessing it with PowerShell, there is in fact a very nice repository of example scripts on the Microsoft GitHub site at https://github.com/microsoftgraph/powershell-intune-samples
Given that I’m still learning my way around Intune, and Graph, the first thing I found helpful were the examples ManagedDevices_Get.ps1, and ManagedDevices_Apps_Get.ps1, under the ManagedDevices folder. Both of these were very helpful and I was able to pull the data I needed.
However, since I needed to query 1800+ devices, I noticed the default “page” limit returns only the first 1000 records (devices). Then I found they also posted a nice example ManagedDevices_Get_Paging.ps1, which I merged with the ManagedDevices_Get.ps1, and was able to pull all of the devices at one time. The make part that needs help are lines 179 to 187 (below)…
$DevicesNextLink = $DevicesResponse."@odata.nextLink"
while ($DevicesNextLink -ne $null){
$DevicesResponse = (Invoke-RestMethod -Uri $DevicesNextLink -Headers $authToken -Method Get)
$DevicesNextLink = $DevicesResponse."@odata.nextLink"
$Devices += $DevicesResponse.value
}After that, I added the 2 or 3 lines of code to query the installed applications and add those to an output object (a master set of data for each device, including hardware, operating system and applications). I added this to a new function (below) to return the data for further processing.
function Get-DsIntuneDeviceData {
[CmdletBinding()]
param(
[parameter(Mandatory)][string] $UserName,
[parameter()][switch] $ShowProgress,
[parameter()][switch] $Detailed
)
Get-DsIntuneAuth -UserName $UserName
$Devices = Get-ManagedDevices
Write-Host "returned $($Devices.Count) managed devices"
if ($Devices){
$dx = 1
$dcount = $Devices.Count
foreach ($Device in $Devices){
if ($ShowProgress) {
Write-Progress -Activity "Found $dcount" -Status "$dx of $dcount" -PercentComplete $(($dx/$dcount)*100) -id 1
}
$DeviceID = $Device.id
$uri = "https://graph.microsoft.com/beta/deviceManagement/manageddevices('$DeviceID')?`$expand=detectedApps"
$DetectedApps = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).detectedApps
$dx++
if ($Detailed) {
$disksize = [math]::Round(($Device.totalStorageSpaceInBytes / 1GB),2)
$freespace = [math]::Round(($Device.freeStorageSpaceInBytes / 1GB),2)
$mem = [math]::Round(($Device.physicalMemoryInBytes / 1GB),2)
[pscustomobject]@{
DeviceName = $Device.DeviceName
DeviceID = $DeviceID
Manufacturer = $Device.manufacturer
Model = $Device.model
MemoryGB = $mem
DiskSizeGB = $disksize
FreeSpaceGB = $freespace
SerialNumber = $Device.serialNumber
OSName = $Device.operatingSystem
OSVersion = $Device.osVersion
Ownership = $Device.ownerType
Category = $Device.deviceCategoryDisplayName
Apps = $DetectedApps
}
}
else {
$disksize = [math]::Round(($Device.totalStorageSpaceInBytes / 1GB),2)
$freespace = [math]::Round(($Device.freeStorageSpaceInBytes / 1GB),2)
[pscustomobject]@{
DeviceName = $Device.DeviceName
DeviceID = $DeviceID
OSName = $Device.operatingSystem
OSVersion = $Device.osVersion
Apps = $DetectedApps
}
}
}
}
else {
Write-Host "No Intune Managed Devices found..." -f green
Write-Host
}
}The full trainwreck can be safely viewed here. Be sure to wear rubber gloves while handling it.
With that, I decided to drop it into a new module to make it easier to access and reuse. I also added a few more functions, with the help of examples from Matthew Dowst and Eli Shlomo and some calls to PowerShell module ImportExcel, by Doug Finke. I named this module ds-intune.
Example
This example was tested on ds-intune 0.3.
Install-Module ds-intune
Get-Command -Module ds-intuneThe two functions I’ll use below are Get-DsIntuneDeviceData and Export-DsIntuneAppInventory.
$CustomerName = "Contoso"
$UserName = "<your_AzureAD_UserPrincipalName>"
Connect-AzureAD
# be patient, this step can take a while if you have more than 50 machines
$devices = Get-DsIntuneDeviceData -UserName "john.doe@contoso.com" -ShowProgress -Detailed
Export-DsIntuneAppInventory -DeviceData $devices -Title $CustomerName -UserName $user -Overwrite -Show -VerboseAs always: Please post comments or corrections, winning lottery numbers, tasteless jokes, and happy thoughts. Here or at the GitHub repo.
Tomorrow I’m off to Ft. Myers for 3 days of work. Wish me luck.
Cheers!