public/Get-StaleIntuneDevice.ps1
|
function Get-StaleIntuneDevice { <# .SYNOPSIS Returns Intune managed devices that are Autopilot-enrolled and stale by LastSyncDateTime. .PARAMETER InactiveDays Days since last sync to consider stale. Default 30. .EXAMPLE Get-StaleIntuneDevice -InactiveDays 60 #> [CmdletBinding()] param( [ValidateRange(1, 3650)] [int]$InactiveDays = 30 ) $cutoff = (Get-Date).AddDays(-$InactiveDays) $autopilot = Get-MgDeviceManagementWindowsAutopilotDeviceIdentity -All -ErrorAction Stop $managed = Get-MgDeviceManagementManagedDevice -All -ErrorAction Stop $apSerials = $autopilot | Where-Object SerialNumber | Select-Object -ExpandProperty SerialNumber -Unique $managed | Where-Object { $_.SerialNumber -and ($_.SerialNumber -in $apSerials) } | Where-Object { -not $_.LastSyncDateTime -or ([datetime]$_.LastSyncDateTime -lt $cutoff) } | Select-Object *, @{n = 'Cutoff'; e = { $cutoff } } } |