Have you ever needed to extract a complete list of all Win32 applications in Microsoft Intune along with their properties, detection rules, and requirement rules?
Few years ago, I wrote a blog post about extracting SCCM application properties from XML files stored in SQL. Now, with Intune becoming the primary endpoint management solution, I had a similar requirement—exporting all Win32 apps with their full details, including:
✅ Install/Uninstall command lines
✅ Detection rules (Registry, File, MSI, Script)
✅ Requirement rules (Architecture, Scripts, Dependencies)
✅ Creation & last modified dates
✅ Dependencies (if any)
Since Intune doesn’t provide a built-in export feature for this data, we’ll use PowerShell + Microsoft Graph SDK to automate the process.
Current Limitations/issues:
1. No Native Export in Intune
- Unlike SCCM, Intune doesn’t offer a bulk export of app properties.
- Manually checking each app is time-consuming and error-prone.
2. Detection Rules Impact App Installations
- Many apps use MSI Product Code detection, which can break when vendors change GUIDs in updates.
- Registry-based detection can fail if uninstall registry key is being used since the product code is not consistent by the vendors.
- File-based detection (version checks) is the most reliable—this report helps identify apps that need updating.
3. Unexpected App Conflicts
- If an old version’s assignment isn’t removed while the new is targeted when MSI or registry is used, users may face failed installs or conflicts.
- This report helps audit and clean up outdated deployments.
Solution: PowerShell + Microsoft Graph SDK
We’ll use:
✔ Get-MgBetaDeviceAppManagementMobileApp – Retrieves all Win32 apps
✔ Custom parsing – Extracts detection & requirement rules
✔ CSV export – Generates a structured report
Step 1: Prerequisites
1. Install the Microsoft Graph PowerShell Module (taken care by the script)
Install-Module Microsoft.Graph.Beta.Devices.CorporateManagement -Force -Scope CurrentUser
2. Required Permissions
- Microsoft Graph Permission:
DeviceManagementApps.Read.All(Read-only access) - Admin Consent Required for Microsoft Graph powershell for above scoped permissions
Step 2: Run the Script
What the Script Does:
- Connects to Microsoft Graph
- Fetches all Win32 apps
- Extracts:
- Basic info (Name, Publisher, Version)
- Install/Uninstall commands
- Detection rules (MSI, Registry, File, Script)
- Requirement rules (OS, Architecture, Scripts)
- Dependencies
- Creation & modification dates
- Exports to CSV
PowerShell Script:
(Download PowerShell script from GitHub)
script output:
Conclusion
This PowerShell script provides a quick, automated way to audit all Win32 apps in Intune, helping you:
✔ Identify detection rule issues
✔ Optimize app deployments
✔ Avoid conflicts
Hope you enjoyed reading article!