getintuneapps.ps1
$maximumfunctioncount = 32768 <#PSScriptInfo .VERSION 2.2 .GUID 729ebf90-26fe-4795-92dc-ca8f570cdd22 .AUTHOR AndrewTaylor .DESCRIPTION Display an Intune applist in a grid to find more details .COMPANYNAME .COPYRIGHT GPL .TAGS az azure AVD WVD environment .LICENSEURI https://github.com/andrew-s-taylor/public/blob/main/LICENSE .PROJECTURI https://github.com/andrew-s-taylor/public .ICONURI .EXTERNALMODULEDEPENDENCIES azureAD .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .SYNOPSIS Displays List of apps from Intune .DESCRIPTION Display an Intune applist in a grid to find more details .INPUTS None required .OUTPUTS GridView .NOTES Version: 2.2 Author: Andrew Taylor Twitter: @AndrewTaylor_2 WWW: andrewstaylor.com Creation Date: 11/06/2021 Modified: 29/10/2022 Purpose/Change: Initial script development Change: Switched from AAD Auth to Graph auth to avoid issues when module deprecated .EXAMPLE N/A #> ##Install Module #Install MS Graph if not available if (Get-Module -ListAvailable -Name Microsoft.Graph) { Write-Host "Microsoft Graph Already Installed" } else { try { Install-Module -Name Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force } catch [Exception] { $_.message exit } } import-module microsoft.graph.intune Function Connect-ToGraph { <# .SYNOPSIS Authenticates to the Graph API via the Microsoft.Graph.Authentication module. .DESCRIPTION The Connect-ToGraph cmdlet is a wrapper cmdlet that helps authenticate to the Intune Graph API using the Microsoft.Graph.Authentication module. It leverages an Azure AD app ID and app secret for authentication or user-based auth. .PARAMETER Tenant Specifies the tenant (e.g. contoso.onmicrosoft.com) to which to authenticate. .PARAMETER AppId Specifies the Azure AD app ID (GUID) for the application that will be used to authenticate. .PARAMETER AppSecret Specifies the Azure AD app secret corresponding to the app ID that will be used to authenticate. .PARAMETER Scopes Specifies the user scopes for interactive authentication. .EXAMPLE Connect-ToGraph -TenantId $tenantID -AppId $app -AppSecret $secret -#> [cmdletbinding()] param ( [Parameter(Mandatory = $false)] [string]$Tenant, [Parameter(Mandatory = $false)] [string]$AppId, [Parameter(Mandatory = $false)] [string]$AppSecret, [Parameter(Mandatory = $false)] [string]$scopes ) Process { Import-Module Microsoft.Graph.Authentication $version = (get-module microsoft.graph.authentication | Select-Object -expandproperty Version).major if ($AppId -ne "") { $body = @{ grant_type = "client_credentials"; client_id = $AppId; client_secret = $AppSecret; scope = "https://graph.microsoft.com/.default"; } $response = Invoke-RestMethod -Method Post -Uri https://login.microsoftonline.com/$Tenant/oauth2/v2.0/token -Body $body $accessToken = $response.access_token $accessToken if ($version -eq 2) { write-host "Version 2 module detected" $accesstokenfinal = ConvertTo-SecureString -String $accessToken -AsPlainText -Force } else { write-host "Version 1 Module Detected" Select-MgProfile -Name Beta $accesstokenfinal = $accessToken } $graph = Connect-MgGraph -AccessToken $accesstokenfinal Write-Host "Connected to Intune tenant $TenantId using app-based authentication (Azure AD authentication not supported)" } else { if ($version -eq 2) { write-host "Version 2 module detected" } else { write-host "Version 1 Module Detected" Select-MgProfile -Name Beta } $graph = Connect-MgGraph -scopes $scopes Write-Host "Connected to Intune tenant $($graph.TenantId)" } } } ##Authenticate Connect-ToGraph -Scopes "DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, openid, profile, email, offline_access" Function Get-ScriptVersion(){ <# .SYNOPSIS This function is used to check if the running script is the latest version .DESCRIPTION This function checks GitHub and compares the 'live' version with the one running .EXAMPLE Get-ScriptVersion Returns a warning and URL if outdated .NOTES NAME: Get-ScriptVersion #> [cmdletbinding()] param ( $liveuri ) $contentheaderraw = (Invoke-WebRequest -Uri $liveuri -Method Get) $contentheader = $contentheaderraw.Content.Split([Environment]::NewLine) $liveversion = (($contentheader | Select-String 'Version:') -replace '[^0-9.]','') | Select-Object -First 1 $currentversion = ((Get-Content -Path $PSCommandPath | Select-String -Pattern "Version: *") -replace '[^0-9.]','') | Select-Object -First 1 if ($liveversion -ne $currentversion) { write-host "Script has been updated, please download the latest version from $liveuri" -ForegroundColor Red } } Get-ScriptVersion -liveuri "https://raw.githubusercontent.com/andrew-s-taylor/public/main/Powershell%20Scripts/Intune/get-intune-apps.ps1" #################################################### Function Get-IntuneApplication(){ <# .SYNOPSIS This function is used to get applications from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any applications added .EXAMPLE Get-IntuneApplication Returns any applications configured in Intune .NOTES NAME: Get-IntuneApplication #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps" try { if($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value | Where-Object { ($_.'displayName').contains("$Name") -and (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value | Where-Object { (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } #################################################### Function Get-ApplicationAssignment(){ <# .SYNOPSIS This function is used to get an application assignment from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets an application assignment .EXAMPLE Get-ApplicationAssignment Returns an Application Assignment configured in Intune .NOTES NAME: Get-ApplicationAssignment #> [cmdletbinding()] param ( $ApplicationId ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps/$ApplicationId/assignments" try { if(!$ApplicationId){ write-host "No Application Id specified, specify a valid Application Id" -f Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } #################################################### Function Get-AADGroup(){ <# .SYNOPSIS This function is used to get AAD Groups from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any Groups registered with AAD .EXAMPLE Get-AADGroup Returns all users registered with Azure AD .NOTES NAME: Get-AADGroup #> [cmdletbinding()] param ( $GroupName, $id, [switch]$Members ) # Defining Variables $graphApiVersion = "v1.0" $Group_resource = "groups" try { if($id){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=id eq '$id'" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } elseif($GroupName -eq "" -or $GroupName -eq $null){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } else { if(!$Members){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } elseif($Members){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" $Group = (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value if($Group){ $GID = $Group.id $Group.displayName write-host $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)/$GID/Members" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } #################################################### $Intune_Apps = Get-IntuneApplication | Select-Object displayName,id | Out-GridView -Title "Intune Applications" -passthru | ForEach-Object { $thisapp = get-intuneapplication -Name $_.displayName $apptype = switch($thisapp.'@odata.type') { "#microsoft.graph.win32LobApp" {"Win32 App"; break} "#microsoft.graph.microsoftStoreForBusinessApp" {"Store for Business App"; break} "#microsoft.graph.officeSuiteApp" {"M365 App"; break} "#microsoft.graph.windowsMicrosoftEdgeApp" {"Microsoft Edge"; break} "#microsoft.graph.windowsUniversalAppX" {"MSIX Package"; break} } $appname = $thisapp.displayName $appid = $thisapp.id $apptyef = $apptype $App_Assignment = Get-ApplicationAssignment -ApplicationId $_.id if($App_Assignment){ $assignedtype = "Application Assigned" foreach($Assignment in $App_Assignment){ $assignedgroup = (Get-AADGroup -id $Assignment.target.GroupId).displayName $intent = $Assignment.intent } } else { $assignedtype = "No Application Assignment" } Write-Host $Appoutput = @" Name: $appname ID: $appid AppType: $apptype Assigned: $assignedtype Assigned Group(s): $assignedgroup Assigned Intent: $intent "@ [System.Windows.MessageBox]::Show($Appoutput) } |