Use PowerShell and Microsoft Graph to access data in Microsoft Intune

This week a short blog about using PowerShell to access data in Microsoft Intune. This can be achieved by using Microsoft Graph. A couple of weeks ago there was a blog post on the Microsoft Intune Support Team Blog about Using the Microsoft Graph API to access data in Microsoft Intune. That post triggered me to look at the PowerShell possibilities, as the Microsoft Graph has an API and an API can be used with PowerShell.

In this blog post I’ll provide the high-level prerequisites for connecting to the Microsoft Graph API and I’ll provide a few examples for querying Microsoft Intune data.

Prerequisites

This blog post is really focused on the queries to the Microsoft Intune data. However, to successfully connect with the Microsoft Graph API there are a few prerequisites that should be in place.

Examples

Now let’s have a look at the PowerShell versions of the published Microsoft Graph Explorer commands and the results of them. I’ll go through all of them and provide the required input and show an example result

User

The first example is to get data related to a single user. This requires a user principal name (UPN), in my case pvanderwoude@petervanderwoude.nl, and the token as input.

Invoke-RestMethod https://graph.microsoft.com/v1.0/users/$UPN ` -Method Get ` -Headers @{"Authorization" = "Bearer $accessToken"}

userUPN

Owned devices

The second example is to get data related to the devices of a single user. Thee information is about the compliance state of the devices of the user. This requires a user principal name (UPN), in my case pvanderwoude@petervanderwoude.nl, and the token as input. The returned information is stored in a hash table.

Invoke-RestMethod https://graph.microsoft.com/v1.0/users/$UPN/ownedDevices ` -Method Get ` -Headers @{"Authorization" = "Bearer $accessToken"}

registeredDevices

Registered owners

The third example is to get the owners of a device. This requires a device GUID and the token as input. The returned information is stored in a hash table.

Invoke-RestMethod https://graph.microsoft.com/v1.0/devices/$GUID/registeredOwners ` -Method Get ` -Headers @{"Authorization" = "Bearer $accessToken"}

registeredOwners

Registered users

The fourth example is to get the users of a device. This requires a device GUID and the token as input. The returned information is stored in a hash table.

Invoke-RestMethod https://graph.microsoft.com/v1.0/devices/$GUID/registeredUsers ` -Method Get ` -Headers @{"Authorization" = "Bearer $accessToken"}

registeredUsers

Applications

The fifth example is to get a list of uploaded applications in Microsoft Intune. This requires the token as input and the returned information is stored in a hash table. However, based on the returned  information, it currently seems to return the applications registered in Azure AD.

Invoke-RestMethod https://graph.microsoft.com/beta/applications ` -Method Get ` -Headers @{"Authorization" = "Bearer $accessToken"}

petervanderwoude.nl

More information

Fore more information about the Microsoft Graph API, in combination with Microsoft Intune and the different tokens, please refer to:

3 thoughts on “Use PowerShell and Microsoft Graph to access data in Microsoft Intune”

  1. Hi Peter,

    Interesting article although I am still unclear as to what to create & how it ties in with Powershell. With automation in mind, do you see PowerShell or PowerBI as the way forward with Graph APi?

    Ideally, i would love for an automated PowerShell script to run a query against all of our managed tenants & pipe out the reports to a chosen location or even email. There is a lot of discussion with Microsoft on Power BI but wondering what the best strategy is for automation.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.