Intune powershell get device properties. Manufacturer – The manufacturer of the device.



    • ● Intune powershell get device properties Replaces Azure Active Directory. But if you want to create automations it is helpful to be able to query this information with PowerShell. I can see in the Intune Admin Center webpage that there is definitely something in the Notes field but not when I query the device (Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. This value is used by AutoPilot, Apple Business Manager devices (aka DEP) and Android Fully Managed This repository of PowerShell sample scripts show how to access Intune service resources. This API is available in the In this article. Native PowerShell support for invoking Microsoft Intune Graph API to enable IT Pro scenario automation. If this property doesn't exist, then the device isn't auto-enrolled. Below is an example script that retrieves CPU, Memory, and Storage Search PowerShell packages: Get-IntuneGroupAssignments 1. Get-Mg Device Management Device Configuration -InputObject <IDeviceManagementIdentity> Microsoft. This can take several minutes, as the devices are processed by Intune as a background batch process. You can filter the ChromeOSDevices report using the following properties:. Wrapping Up. Without this switch, you will get all available properties. Below are the screenshots of Harware Inventory information for an android device from Intune Portal and Powershell. You The 'Operating system' and 'Operating system version' are returned when querying using Get-IntuneManagedDevice ,Get-MgUserManagedDevice, Get-MgDevices and Get-MgDeviceManagementManagedDevic, but none of those show the 'Operating system edition' or 'Operating system SKU'. We enter the script with the common parameters. write-host "AzureAD Powershell module not installed" -f Red write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow You could also probably speed up the time taken to get all the intune devices if you use a filter. The module can be installed on your machine by running the following command from an adminisrative PowerShell prompt; Install-Module -Name Microsoft. IntuneDeviceId; IMEI – The device’s International Mobile Equipment Identity. I hope this tutorial “How to Use PowerShell to Get a List of Devices from Microsoft Intune” has helped you learn how to use PowerShell to get a list of devices from Microsoft Intune. Product name – Shows the product name of the device, such as I want to add extension properties for device objects in Azure AD using Power-Shell. PowerShell. I just know that recently, get-devicemanagement_manageddevices returned device objects. Changing this name won't change the name on the device. ) If you are not that familiar A Microsoft Entra identity service that provides identity management and access control capabilities. write-host "AzureAD Powershell module not installed" -f Red write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow Device name - Is the actual name of the device. You can find the Intune Device ID in Microsoft Intune Admin center > Devices > All devices > select one device > Hard, and you can get DeviceCategory ID via PowerShell command Get-IntuneDeviceCategory. When you're doing a LIST on multiple managed devices, some properties are not returned in the LIST. ), REST APIs, and object models. We can also get group membership with PowerShell. DESCRIPTION The Get-AutopilotDevice cmdlet retrieves either the full list of devices registered with Windows Autopilot for the current Azure AD tenant, or a specific device if the ID of the device is specified. In this article, we will In this article. Microsoft doesn’t maintain the Intune PowerShell Powershell script - Get Azure groups of Intune devices filtered on a property r/PowerShell PowerShell is a cross-platform (Windows, Linux, and macOS) automation tool and configuration framework optimized for dealing with structured data (e. It loops through list of users reading from a CSV file and finds the devices for that user. ResourceText: String: This property contains the Response Text of the PinReset action. They help you target managed devices and apps based on specific properties, like device type or version. Sign in to the Intune admin center > Devices > Enrollment. Ms Graph is an interface from MS for accessing and controlling a variety of Microsoft cloud services. A screen capture of adding a corporate identifier in the Intune admin center. To obtain additional information about a device not provided out of the box, we can use Remediations scripts. For instance if you enable the Read action for the category Android for work this will add the following ID: Microsoft. Issue: PowerShell scripts do not run. IDeviceManagementIdentity. " Hello I am trying to get Intune device hardware data with Graph and I am not having any luck. Here is a PowerShell function I wrote Hi all, Looking for a bit of help with the Intune Powershell/graph interface. To use Intune device filters, To get a list of resource, for instance device, we will use the Get method. When I run the powershell command Get-IntuneManagedDevice -Filter "DeviceName eq 'my computer's name'" I can see the notes property field but it is empty. - mi For the purpose of this post we are going to talk about Autopilot devices using the Microsoft. In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. DESCRIPTION Function for getting device compliance status from Intune. Management name - This is the device name used only in the console. Delete: delete a resource To remove a specific resource, the method to use is Delete. Now, we need to code for said flexibility. You could use a PowerShell script (I know it isn't directly in Intune Portal but would do your job) and perform the filters you want, That way you can run the script one time and get the results you want. Important. com) The script is provided "AS IS" with no Filters improve flexibility and precision when assigning Intune policies and apps. Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported. MEID – The device’s mobile equipment identifier. PARAMETER id This repository of PowerShell sample scripts show how to access Intune service resources. I can see an associated Device object in Azure AD with the right Device ID but some attributes are not replicated from Intune (Compliant is one of them and shows N/A instead of the information available in the Intune console). I need to clean the devices list which contains thousands of Intune registered devices that have an enrolment date and no last-checking date (and therefore these would not be caught by the auto-purge). graph. - mi As mentioned in this answer you can use Get-CimInstance win32_PnPSignedDriver to get most information. If the answer is helpful, please click "Accept Answer" and kindly upvote it. Otherwise, in the Devices section, when viewing all devices, you should see an option to export inventory - just choose to include all data and see if it provides what you are looking for. Got the overview with Get-DeviceManagement_DeviceCompliancePolicies_DeviceSettingStateSummaries. I am looking to get a list of Intune devices serial information from graph using PowerShell or rest method. write-host "AzureAD Powershell module not installed" -f Red write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow Inputs. NOTES: NAME: Get-DeviceComplianceDetails #> Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities. However, CPU and RAM information are not visible in Intune/Graph API. Making sure that all devices are company owned refines management and identification, as well as enabling Intune to perform additional This repository of PowerShell sample scripts show how to access Intune service resources. When enrolling devices into Microsoft Intune using the Company Portal, the devices end up enrolling as personal owned. Hope this can be helpful. Management. I have seen a few pages on the learn. Read properties and relationships of the managedDevice object. When you create a filter, you enter the app or device properties to use in your filter. Read properties and relationships of the deviceCompliancePolicy object. In the service release Service release 2206 even the function to see the group members of a device was included. If the command contained the Username flag, we want to honor that usage. ResourceID: Unit32: This property contains the Resource ID of the mobile device. It perfectly works, however it doesn't give me Capacity of RAM (Always shows 0 for all devices) So it would be nice to think of something so macOS devices also could be added to a dynamic group and then auto assign a scope tag to those devices. I'm already an Intune administrator and am trying find standard information (such as groups a device is assigned to or applications assigned to a group), but this is proving at least very awkward or downright impossible in the Intune console (Microsoft Endpoint Manager Admin Permission type Permissions (from least to most privileged) Delegated (work or school account) DeviceManagementConfiguration. Keep in mind that it would be the last status the devices would've reported and not the actual situation - typically, when they're rarely online long enough. When I run the powershell command Get-IntuneManagedDevice -Filter “DeviceName eq ‘my computer’s name’” I can see the notes property field but it is empty. Intune PowerShell SDK. Models This function is used to get an AAD User Devices from the Graph API REST interface. I'm struggling a bit with the Intune Powershell cmdlets. - mi The number of users currently on this device, or null (default) if the value of this property cannot be determined. Now, it is returning four properties, with all the data crammed into the "value" property. g. This setting can be found in the Google Admin Console under Devices > Chrome Settings. If the required PowerShell This will save the list of devices to a CSV file in the specified location, Exporting Your Device Inventory from Microsoft Intune with PowerShell. - mi I have some devices where the Intune Device ID and the Azure AD Device ID are the same. We can export managed device details from the The first is the Intune PowerShell module; the second is the Microsoft Graph PowerShell SDK, which includes the device management and applications sub-modules. Also if you have more than 1k devices, you will need to use a foreach and get each 1k page of results, as Graph calls are paginated: powershell; microsoft-graph-api; intune; microsoft-graph-intune; or ask your own question. Recently I needed to get a list of devices in both Azure Active Directory and Intune and I found that using the online portals I could not filter devices by the parameters that I needed. Install the Intune PowerShell SDK with the command: Install-Module -Name Microsoft. This repository of PowerShell sample scripts show how to access Intune service resources. I've managed to figure out how to find the device I want to change using the Get-IntuneManagedDevice. ManagementObject#root\cimv2\Win32_NetworkAdapter Name MemberType Definition ---- ----- ----- PSComputerName AliasProperty PSComputerName = I don't think as already mentioned that this is something that you can configure out of the box and save for everyday use. Read. Search for the MDMDeviceWithAAD property. This command gets all the device objects in the device collection with the ID of XYZ0004B. I have search a lot but found examples for only User objects. To use it you have to add the id of the resource Your administrator can set up or restrict some features or control how the device can be used. Introduction. For a long time, not having this capability with The Get-AutoPilotDevice cmdlet retrieves either the full list of devices registered with Windows Autopilot for the current Azure AD tenant, or a specific device if the ID of the device is specified. Invoke sync to all Intune devices with Microsoft Graph Powershell SDK. The problem is the value of the property is not available to view in PowerShell or the Endpoint Manager portal. The first thing we check to see is if we used a username parameter. Note this property is currently supported only on devices running iOS 13. Is there a way to get the Notes information PowerShell is a cross-platform (Windows, Linux, and macOS) automation tool and configuration framework optimized for dealing with structured data (e. The following PowerShell function gets a list of all devices within ConfigMgr, After that it will loop through all the devices and per device loop through the agents (and their times). Install-Module IntuneStuff -Force Import-Module IntuneStuff -Force ### authenticate to Graph API Connect-MSGraph ### get all Intune policies directly and indirectly assigned to the selected account # (policies assigned to groups, this group is a member of will be included) # policies assigned to 'All Users' or 'All Devices' will be included too I have created Policy Script in Intune to get my Intune Enrolled Devices inventory using this command: Get-IntuneManagedDevice | Out-GridView Which gives me Manufacturer, Ram, ComputerName, CPU, SerialNumber. An account with permissions to administer the Intune Service; PowerShell v5. I can see in the Intune Admin Center webpage that there is definitely something in the Notes field but not when I query the device using Intune. ; Under the Windows tab, click on I'm trying to get a list of serial numbers of devices via PowerShell with the below command where the Serial Number isn't blank and the DeviceName and ManagedDeviceName don't have "MOB-" in them. In my last post, I walked through how to make Microsoft Graph calls in PowerShell and created a function that can be I have put information into the notes field of an Intune Enrolled device. Hardware includes many details about So today we will Get Intune Devices with PowerShell and Graph API. Give admin consent with: Connect-MSGraph Use Properties to assign a device category you create, and change ownership of the device to a personal device, or a corporate device. microsoft. Group-Object -Property TrustType: Groups the devices by the TrustType property, which indicates the type of join, You must be a Cloud Device Administrator, Intune Administrator, or Windows 365 Administrator to delete a device. We built an Azure Automation runbook that gets the most frequently signed-in user in the last 30 days of each device from Log Analytics (via KQL query embedded in the PowerShell script) and set that user as the primary user. After the devices have been added, the cmdlet will continue to check the status of the import process. You could certainly do something like that using PowerShell, but not in the GUI of MEM Intune. If the property exists, the device is auto-enrolled. The results are outputted in a CSV file, which must be specified when running the script. This script enables you to connect to Microsoft Graph and retrieve data for a list of devices provided in a text file. Once you get the list of all your devices, you can filter on all the properties of the objects When you create an app, compliance policy, or configuration profile, you assign that app or poli You can use filters on managed devices (devices enrolled in Intune) and managed apps (apps managed by Intune). In the earlier post, I talked about how to define a script and identify the API calls you would need to make. basically, get-Autopilotdevice and then pass the managedID to get the Intune device. As you may noticed each actions has its own ID. Filters improve flexibility and precision when assigning Intune policies and apps. I am able to get a list of all devices no problem, but I can not find the correct permissions to get the bitlocker keys. The Get-DeviceManagementScripts cmdlet downloads all or individual PowerShell scripts from Intune to a specified folder. Intune. 13 comments Michal See LICENSE in the project root for license information. The Microsoft Graph is a REST API that allows developers (or smart administrators!) access to the data stored in Hi everyone, I'm looking to use powershell to modify some Android device Management Names in Intune. Graph. 1. In this article. If a device is not found in Intune, the script clearly marks it as "not found. PowerShell is a cross-platform (Windows, Linux, and macOS) automation tool and configuration framework optimized for dealing with structured data (e. The appropriate part in Intune would be this one See LICENSE in the project root for license information. Hope this helps! You can also view the device ownership and other properties of the devices under Devices > All devices. Once all devices have been processed (successfully or not) the cmdlet will complete. Funny thing is I can use Powershell cmdlets to get this info. #Disconnects if we want it. Intune Thanks. . get-member or (gm) gets you all properties: PS C:\Users\bjorn> Get-WmiObject Win32_NetworkAdapter | gm TypeName: System. See LICENSE in the project root for license information. and the noncompliant devices with Get-DeviceManagement_DeviceCompliancePolicies_DeviceStatuses This repository of PowerShell sample scripts show how to access Intune service resources. Get-IntuneGroupAssignments. There is a device hardware object, but most of the properties are empty. 0 is a minimum requirement for the scripts to function correctly) We will use PowerShell module for Microsoft Intune Graph API to get Azure AD group members details. Get the properties and relationships of a device object. Get Device Hardware Info using PowerShell. The update frequency of this property is per-checkin. Filters can be customized to match various properties and applied You can also view the device ownership and other properties of the devices under Devices > All devices. Some enrollment methods will always be considered corporate enrollment because we trust devices enrolling through these methods are known devices. If you want additional properties added to your output, those need to be included in the [pscustomobject] expression, (not Intune) cannot In this post, we will explore how to obtain the hardware specifications of Intune devices using a Remediations script. A calling user in the Cloud Device Administrator role can only In this article. - mi Update the properties of a registered device. AUTHOR shonpt@outlook. Intune will provide customer the ability to run their Powershell Health scripts (remediation + detection) on the enrolled Over the course of the last two posts, we have been exploring how to create a PowerShell script to complete a task using Microsoft Graph. To further streamline the process, a PowerShell script is available for download on GitHub. We didn’t make this parameter mandatory to give the script flexibility. They demonstrate this by making HTTPS RESTful API requests to the Microsoft Graph API from PowerShell. Prerequisites. For Microsoft Intune, the capability to deploy applications which have more advanced setup installers such as MSI setups with multiple files and executable based installers, more commonly referred to as Win32 applications, has since it’s release been an enormous enabler for the modern management scenario. so my question now is where i get They are syncing properly in Intune, serial numbers are correct, but it doesn't care that I said "12345 serial number = corporate" when that device is registered and syncing. Command let In this blog post, I will show you how to use PowerShell to get a list of devices from Microsoft Intune. Manufacturer – The manufacturer of the device. - mi The intune devicemanagement graph api also has the primary user of the device along with the user that enrolled the device in intune, so it would be ideal if I could create a custom attribute in Intune for the asset number to have a directly Leveraging PowerShell for Automation. Get Intune Devices with PowerShell. write-host "AzureAD Powershell module not installed" -f Red write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow After that, run the following command to get the testing device information: Get-IntuneManagedDevice -managedDeviceId <Intune Device ID> After checking the device information, I find the value of the "Enrolled by" is The Get-DeviceManagementScripts cmdlet downloads all or individual PowerShell scripts from Intune to a specified folder. for the complete list see device Properties. In this blog post I will go into more detail on how you can use Graph in conjunction with Intune, what your options are and how it all works. Some script Iterate the list and get specific property: Now that you have list of devices, let’s choose a property and then populate its value to corresponding Entra device object’s extension attribute. It uses the Select-Object cmdlet to only display specific properties. First it collects all Devices in Intune that are “Windows” devices. First let’s check how to add a group tag to an Autopilot device manually. In the end, the results of the device name, agent name and agent time will be displayed in an Out-GridView. Performed a quick test with an account that has access to a limited set of devices and the api did stay within that scope. For example: •In your managed device filter, enter the device manufacturer so the policy only applies to Microsoft devices. I am using Powershell for 2 methods: one 5. I don't know when this started happening. Most of it comes back null Suggest this has flow on effects to all the other PowerShell modules. Everything looks normal in the Intune console. For more details on Intune hardware device details found in the admin console, see here to learn more. - microsoft/Intune-PowerShell-SDK I am looking to export all of our Intune applications and assignments etc, the idea is to be able see which applications are set as required applications already so I can determine if they are being assigned to users or devices (by group or the all devices/users options) Inputs. 4 and later, and is available only when Device Information access right is obtained. You'll need to do a GET on the specific managed Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers; Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand; OverflowAI GenAI features for Teams; OverflowAPI Train & fine-tune LLMs; Labs The future of collective knowledge sharing; About the company Visit the blog In this article. Add a Group tag to an Autopilot device Manually. If you have extra questions about this It is a convenient wrapper to handle the details. You can provide custom values into the directory schema in attributes called Extension Attributes, these are also often called Azure AD extensions. Under the Hardware properties i saw the "wiredIPv4address" which comes handy in this case, as seems to provide the latest IP address. SourceType There are many ways to export information from Intune. 0 or later on Windows 10 x64 (PowerShell v4. Phone number – The phone number assigned to the device. #Grabs all of the devices and simple common information. Hi all, I am trying to create a dynamic group to include all devices running a specific family of windows as I want to create a configuration profile applicable only to certain devices. Namespace: microsoft. Get Intune device information (Serial) I have been searching and reading for solutions to what I am looking for with no avail. Intune module getting the reason why a pc is not compliant in intune. However, since I’m trying to use HTTP calls in Logic App, this doesn’t work. IMicrosoftGraphDirectoryObject Get-IntuneManagedDevice -managedDeviceId 2b249a2b-XXXX-XXXX-XXXX-XXXXXXXXXXXXX | Select * But I don't think it is showing me the correct Primary user, because if I manually change the Primary User of the device in the Device Properties in Intune, the above command does not pull the changed user Learn how to use Microsoft Entra PowerShell to manage device identities and monitor related event information. Based on the JSON content, you can restore the members to the device group. As can be seen, there is new property PolicyType so you can easily distinguish and filter among these policies. For example, you can use Log Analytics, the Data Warehouse or the Graph API. "Unsupported device property" when querying SKU. In the $graphAPIVersion The PowerShell SDK for Intune Graph API helps IT professionals automate and manage their Microsoft Intune environment through PowerShell without going to the Endpoint Manager Admin Center. Now it’s time to Get Intune Devices with PowerShell. We explicitly assign a scope tag to a group of devices. I recently sat down with Scott Duffey (who brought us this amazing new feature) to dive Get all assigned Intune policies and apps from a Microsoft Entra group with the help of Powershell and Microsoft Graph. 0. md at master · microsoft/Intune-PowerShell-SDK I'm looking for a way to capture information from Device Properties from Devices within Intune For Education using a Powershell module or Microsoft Graph. I have a list of Azure DeviceIDs and want to delete them with the Powershell command Remove-AzureADDevice, but i can only delete them by the ObjectID of a device. If you want additional properties added to your output, those need to be included in the [pscustomobject] expression, (not Intune) cannot See LICENSE in the project root for license information. Documentation for Intune and Microsoft Graph can be found here Intune Graph Documentation. com site where I can see all the properties available for managed devices in Intune Extension Attributes make up part of the Azure Active Directory schema. When looking at the properties of these devices they only show the assigned Scope Tag, not the implied "Default" scope tag. All, DeviceManagementConfiguration Via the MEM UI in the device overview you can see all assignments of a certain device. The second notice here is that the parameter basicOverview is good, well, to get a basic overview of the policies, because just a subset of all properties will be returned. Unfortunately not, we either get full text search (which will also pull from other fields than device name) or filtering by category. To list all properties of a specific resources, like a device, we will use the get method and add the ID of this resource to the query. To get devices from Azure AD, we can use the following function, which I take no credit for as I have simply modified a function written by Dave. This can be useful if you want to automate the process of managing and tracking your devices, or if you need to generate You can view the hardware inventory data that Intune collects, Use the device hardware node to view detailed information about the hardware inventory that’s collected from client devices enrolled in Intune. Process Architecture – X64 or X32 Bit. In order to achieve this I created a PowerShell script with Intune Graph to auto assign a (department) category to the macOS Intune managed devices based on the users department property. EXAMPLE: Get-DeviceComplianceDetails: Returns all user devices registered in Intune MDM. I can do this with the below command: I have a security group with dynamic membership rules setup for autoenrollment which adds autopilot registered devices, then applies a few policies and powershell scripts. com) The script is provided "AS IS" with no function Get-IntuneDeviceComplianceStatus { < #. ps1 <#PSScriptInfo . SYNOPSIS Function for getting device compliance status from Intune. Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat. The schema is what defines the property value types, the rules for each property and how each property may be interacted with. . SMSID: String: This property contains the ID of the mobile device. Devices can be After that, run the following command to get the testing device information: Get-IntuneManagedDevice -managedDeviceId <Intune Device ID> After checking the device information, I find the value of the "Enrolled by" is Native PowerShell support for invoking Microsoft Intune Graph API to enable IT Pro scenario automation. If you want to get a list of all your devices, you better run this command: Get-IntuneManagedDevice | Get-MSGraphAllPages. These things don't get built until enough people ask for them. 1 - (2021-03-24) Script now uses the groupTag property instead of the depcreated OrderIdentifier property. Read properties and relationships of the mobileAppAssignment object. You could suggest it as a feature though. - mi Switched from Get-CimSession to Get-WmiObject to get device details from WMI. Outputs. The function below lets you pass either a device name or Azure AD Id and it will return the group and transitive group membership. What cmdlet will retreive the 'Operating system edition' from This repository of PowerShell sample scripts show how to access Intune service resources. Intune Administrator is the least privileged role supported for this operation. For example (with different chipset) Inputs. Filters can be customized to match various properties and applied This repository of PowerShell sample scripts show how to access Intune service resources. If you have not already installed PowerShell SDK for Microsoft Intune Graph API then follow the steps provided in this article to install the PowerShell module and connect with MSGraph API with admin consent for the first time. IUsersIdentity. Most have heard the term Microsoft Graph API before. I asked about the RBAC because the article mentioned the Intune administrator role. Models “The primary user property is used to map a licensed Intune user to their devices in: It retrieves all the Intune devices and reports the Primary User and all users that logged into it with their last logon date. List properties and relationships of the deviceCompliancePolicy objects. - mi This repository of PowerShell sample scripts show how to access Intune service resources. Collections. You can use filters to include or exclude devices or apps in specific groups according to your criteria. Model – The model of the device. This API is available in the following national cloud deployments. System. - Intune-PowerShell-SDK/README. The properties LastOSUpdateTime and LastRebootTime will only populate in the report when the OS Update Status setting is enabled in the Google Admin Console. After the laptop has been fully provisioned by the helpdesk, they are adding the word "Provisioned" to the group tag for that device. List properties and relationships of the managedDevice objects. I created deployed powershell script (which detects CPU 1. Get-CMDevice -CollectionID "XYZ0004B" | Select-Object Name, ClientVersion, DeviceOS, IsActive, LastActiveTime, LastClientCheckTime, LastDDR, Function Get-AutopilotDevice {<# . Initial Author: Oliver Kieselbach (oliverkieselbach. Managing Intune with PowerShell is possible by using the Intune PowerShell SDK which provides connection to the Microsoft Graph. The devices managed by Microsoft Intune are called Intune Managed Devices. Where this used to work, just days ago: Actually, this is pretty easy to do in PowerShell. I have been struggeling with the Microsoft. Luckily, Microsoft has been listening and have provided us with a better way to dynamically apply policies to devices with filters!. The following PowerShell snippet can be used to restore the members to the device group: In this article. SYNOPSIS Gets devices currently registered with Windows Autopilot. Just a quick one – Microsoft just added the Device group membership report to Endpoint Manager (service release 2206) which is pretty handy:. This can be changed manually on each device directly in the Intune portal after enrollment. Intune module. GUID ef633ce0-3bae-4f98-9d51-363cc9821a9e . Enter a string value for the device's full name (using -eq, -ne, -in, In Windows PowerShell, use the Get-WmiObject -Class Win32_OperatingSystem |select operatingsystemSKU command on a Windows device to return the SKU number. Intune_AndroidSync_Read If we go back to the list of enabled Examples Example 1: Get devices by collection ID. JSON, CSV, XML, etc. DESCRIPTION: The function connects to the Graph API Interface and gets a users devices registered with Intune MDM. but I can not find the correct permissions to get the bitlocker keys. For your example you would then need to select a description containing the text you are interested in. So I turned to Microsoft Graph to get the data instead. VERSION 1. But if you want to export several thousand devices or apps via Graph, it can In both scenarios, the script selects the owned devices that are Intune managed, where the log-in time was within the last 29 days and has the provided operating system. Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant. Possible resolutions: I have a powershell script that uses the Microsoft Graph API. Models. 1. As you can see, not all Syntax Get-Mg Device Management [-ExpandProperty <String[]>] [-Property <String[]>] [-ResponseHeadersVariable <String>] [-Headers <IDictionary>] [-ProgressAction . com Get all Intune group assignments for policy targets [included/excluded] Published: 4 Jul 2021 File under: Automation, Graph, Intune, PowerShell As I’ve said before, working with dynamic groups in Intune isn’t my favourite thing. This works fine in the UI, for myself with rights to all This property contains the time of the latest status change and is stored in the WMI time format. IDictionary. It's not a huge deal as we only have a few problem devices but I'd like this extra layer of control to make sure only the devices I want are registered as corporate in Intune. Also removed the code section that attempted to perform an Autopilot sync operation Uses by default the 'Microsoft Intune PowerShell' service principal I'm looking for a way to capture information from Device Properties from Devices within Intune For Education using a Powershell module or Microsoft Graph. I am trying to get a list of all devices from Intune and their associated bitlocker keys, if there is one. The account that makes the API calls requires the following permissions on a collection that contains the target device: To set properties: Modify Resource To view properties: Read Resource To remove properties: Delete Resource Set properties via UI In this article. I have written a script and its successful for User Objects but am not be able to set extension properties for Device. I'm trying to manipulate Intune Device Categories via Powershell, so that I can firstly correct devices that were placed into the wrong category during enrollment, and secondly, I'm in the middle of moving from Hybrid SCCM/Intune to Azure Intune and where we're not using Device Categories for Using the Microsoft Graph APIs to configure Intune controls and policies requires an Intune license. Microsoft. Is there a way to see what processor all enrolled windows devices are using within Intune/Endpoint Manager? I've seen you can generate a report by going to Endpoint Manager > Reports > Endpoint analytics > Work from Anywhere. Enable Windows 10 automatic enrollment includes the steps to configure automatic enrollment in Intune. Second it collects all sign in logs where the “application” is “Windows Sign In” Then it loops and processes every device and: Sign in logs are used to determine who has logged on to the device the most times in the last 30 days; Device object are used to get the Hello, I am collecting hardware information from Intune for our inventory system. 0 . Hardware To get a list of resource, for instance device, we will use the Get method. write-host "AzureAD Powershell module not installed" -f Red write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow Read properties and relationships of the iosCertificateProfile object. I may sound silly, but I'm trying to gather a list of all the devices in Intune and their IP address. I could easily retrieve the list of devices where the users had left our Azure AD by running this command: deviceName (Device Name): Create a filter rule based on the Intune device name property. I have a powershell script that uses the Microsoft Graph API. mxut vvslnzhq hyt nhci cymwek gphj kfsubs rtcworz ekvm xwbt