M365-Assess

1.0.1

Intune/Get-ConfigProfileReport.ps1

                                <#

.SYNOPSIS

    Lists all Intune device configuration profiles with platform and metadata.

.DESCRIPTION

    Queries Microsoft Graph for all device configuration profiles in Intune and

    returns key details including display name, platform, creation and modification

    dates, and version. The platform is derived from the @odata.type property of

    each profile. Useful for configuration drift reviews, tenant documentation,

    and security baseline audits for clients.

    Requires Microsoft.Graph.DeviceManagement module and

    DeviceManagementConfiguration.Read.All permission.

.PARAMETER OutputPath

    Optional path to export results as CSV. If not specified, results are returned

    to the pipeline.

.EXAMPLE

    PS> . .\Common\Connect-Service.ps1

    PS> Connect-Service -Service Graph -Scopes 'DeviceManagementConfiguration.Read.All'

    PS> .\Intune\Get-ConfigProfileReport.ps1

    Lists all device configuration profiles with their platform and metadata.

.EXAMPLE

    PS> .\Intune\Get-ConfigProfileReport.ps1 -OutputPath '.\config-profiles.csv'

    Exports all configuration profiles to CSV for client documentation.

.EXAMPLE

    PS> .\Intune\Get-ConfigProfileReport.ps1 -Verbose

    Lists all configuration profiles with verbose progress messages.

#>

[CmdletBinding()]

param(

    [Parameter()]

    [ValidateNotNullOrEmpty()]

    [string]$OutputPath

)

$ErrorActionPreference = 'Stop'

# Verify Graph connection

if (-not (Assert-GraphConnection)) { return }

# Ensure required Graph submodule is loaded (PS 7.x does not auto-import)

Import-Module -Name Microsoft.Graph.DeviceManagement -ErrorAction Stop

# Map @odata.type to friendly platform names

$platformMap = @{

    '#microsoft.graph.windows10GeneralConfiguration'         = 'Windows 10'

    '#microsoft.graph.windows10CustomConfiguration'          = 'Windows 10 (Custom)'

    '#microsoft.graph.windows10EndpointProtectionConfiguration' = 'Windows 10 (Endpoint Protection)'

    '#microsoft.graph.windowsUpdateForBusinessConfiguration' = 'Windows Update for Business'

    '#microsoft.graph.windows81GeneralConfiguration'         = 'Windows 8.1'

    '#microsoft.graph.windowsPhone81GeneralConfiguration'    = 'Windows Phone 8.1'

    '#microsoft.graph.iosGeneralDeviceConfiguration'         = 'iOS'

    '#microsoft.graph.iosCustomConfiguration'                = 'iOS (Custom)'

    '#microsoft.graph.androidGeneralDeviceConfiguration'     = 'Android'

    '#microsoft.graph.androidCustomConfiguration'            = 'Android (Custom)'

    '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' = 'Android Work Profile'

    '#microsoft.graph.macOSGeneralDeviceConfiguration'       = 'macOS'

    '#microsoft.graph.macOSCustomConfiguration'              = 'macOS (Custom)'

    '#microsoft.graph.editionUpgradeConfiguration'           = 'Windows Edition Upgrade'

    '#microsoft.graph.sharedPCConfiguration'                 = 'Windows Shared PC'

    '#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration' = 'Windows Defender ATP'

}

Write-Verbose "Retrieving all Intune device configuration profiles..."

try {

    $profiles = Get-MgDeviceManagementDeviceConfiguration -All -ErrorAction Stop

}

catch {

    Write-Warning "Could not retrieve Intune configuration profiles. Ensure Intune is licensed and permissions are granted: $($_.Exception.Message)"

    return

}

if (-not $profiles -or $profiles.Count -eq 0) {

    Write-Warning "No configuration profiles found. Intune may not be configured or no profiles have been created."

    Write-Output @()

    return

}

Write-Verbose "Processing $($profiles.Count) configuration profiles..."

$results = foreach ($configProfile in $profiles) {

    $odataType = $configProfile.AdditionalProperties.'@odata.type'

    $platform = $platformMap[$odataType]

    if (-not $platform) {

        $platform = $odataType

    }

    [PSCustomObject]@{

        DisplayName          = $configProfile.DisplayName

        Id                   = $configProfile.Id

        CreatedDateTime      = $configProfile.CreatedDateTime

        LastModifiedDateTime = $configProfile.LastModifiedDateTime

        Platform             = $platform

        Version              = $configProfile.Version

        Description          = $configProfile.Description

    }

}

$results = @($results) | Sort-Object -Property DisplayName

Write-Verbose "Total configuration profiles: $($results.Count)"

if ($OutputPath) {

    $results | Export-Csv -Path $OutputPath -NoTypeInformation -Encoding UTF8

    Write-Output "Exported $($results.Count) configuration profiles to $OutputPath"

}

else {

    Write-Output $results

}