Close Menu
    Thursday, November 21

    Powershell script – Extract the device inventory data in Intune using Microsoft Graph

    Eswar KonetiBy 4 Mins Read Intune 3,030 Views

    In a modern organization, managing Windows devices can be a complex undertaking. Fortunately, Microsoft Intune offers a suite of powerful tools that streamline device management, ensuring your endpoints remain secure and compliant.

    However, the need often arises to retrieve specific data from Intune for a list of devices. For example, you might want to validate whether a set of devices exists in Intune, check their MDM status, assess disk space availability, or review their last interaction with Intune.

    While accessing this information for one or two devices can be done directly in the Intune portal, the process becomes tedious when dealing with a larger number of devices, each with various data requirements.

    In such scenarios, scripting with PowerShell, particularly using Microsoft Graph, becomes your gateway to unified data.

    If you're familiar with the Microsoft Graph PowerShell SDK, you'll know that it offers a wealth of PowerShell cmdlets for fetching data from Intune, covering a wide range of information, from device details to installed apps and more.

    For a complete list of these PowerShell cmdlets, you can refer to the Microsoft.Graph.DeviceManagement Module

    In this blog post, we'll explore how to use Microsoft Graph Powershell cmdlet Get-MgDeviceManagementManagedDevice  to gain insights into your managed devices and streamline your device management tasks.

    Before we explore the capabilities of the cmdlet, it's essential to ensure that you have the Microsoft Graph PowerShell module installed and that you are authenticated within your Microsoft Intune environment. Once this initial setup is complete, you're ready to delve into your managed devices with ease.

    What Can You Achieve with Get-MgDeviceManagementManagedDevice?

    1. Device Inventory: This cmdlet empowers you to retrieve a comprehensive list of managed devices. You can query various attributes, including device names, models, operating system versions, and more. This information is invaluable for effectively managing your device inventory and making data-driven decisions.
    2. Compliance Status: Ensure that your devices meet compliance requirements by checking their compliance state. With Get-MgDeviceManagementManagedDevice, you can effortlessly identify devices that require attention to maintain a secure and compliant environment.
    3. Custom Queries: For more in-depth analysis of specific device attributes, this cmdlet supports custom queries, allowing you to filter and sort devices based on your unique criteria. Whether you need to identify devices by location, user, or configuration, you have the flexibility to do so.

    Leveraging PowerShell for Automation

    To further streamline the process, a PowerShell script is available for download on GitHub. This script enables you to connect to Microsoft Graph and retrieve data for a list of devices provided in a text file. If a device is not found in Intune, the script clearly marks it as "not found." You can also customize the script to export the specific fields you require.

    Sample Fields Exported Include:

    • DeviceName
    • AzureAdDeviceId
    • AzureAdRegistered
    • ComplianceState
    • DeviceEnrollmentType
    • EmailAddress
    • UserPrincipalName
    • EnrolledDateTime
    • LastSyncDateTime
    • Manufacturer
    • Model
    • OSVersion
    • OperatingSystem
    • SerialNumber
    • TotalStorageSpaceInBytes
    • FreeStorageSpaceInBytes

    Please note that this script is a community-driven effort, and while it offers valuable functionality, no guarantees are provided. It's essential to thoroughly test the script before deploying it in your environment.

    Execution Steps for the Script:

    1. Download the script from GitHub.
    2. Ensure that the account you use for authentication has the necessary rights to connect to Microsoft Graph PowerShell applications in Azure/Enterprise, with at least the scoped permissions of DeviceManagementConfiguration.Read.All and DeviceManagementManagedDevices.Read.All (A forthcoming blog post will provide detailed guidance on how to grant these permissions).
    3. Create a text file named somedevices.txt in the same folder where the script is saved.
    4. Run the script, which connects to Graph for authentication, creates a folder with the current date, and generates a CSV file with the output data.

    Script output:

    image

    Hope it helps.

    Share.

    Related Posts

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.