M365-Assess

1.0.1

Intune/Get-DeviceSummary.ps1

                                <#

.SYNOPSIS

    Lists all Intune managed devices with key properties.

.DESCRIPTION

    Queries Microsoft Graph for all Intune managed devices and returns a summary

    of each device including hardware details, compliance state, enrollment info,

    and management agent. Useful for inventory audits, onboarding reviews, and

    generating device fleet reports for clients.

    Requires Microsoft.Graph.DeviceManagement module and

    DeviceManagementManagedDevices.Read.All permission.

.PARAMETER OutputPath

    Optional path to export results as CSV. If not specified, results are returned

    to the pipeline.

.EXAMPLE

    PS> . .\Common\Connect-Service.ps1

    PS> Connect-Service -Service Graph -Scopes 'DeviceManagementManagedDevices.Read.All'

    PS> .\Intune\Get-DeviceSummary.ps1

    Lists all managed devices with key properties including compliance state and hardware info.

.EXAMPLE

    PS> .\Intune\Get-DeviceSummary.ps1 -OutputPath '.\device-summary.csv'

    Exports the full device inventory to CSV for client reporting.

.EXAMPLE

    PS> .\Intune\Get-DeviceSummary.ps1 -Verbose

    Lists all managed devices with verbose progress messages.

#>

[CmdletBinding()]

param(

    [Parameter()]

    [ValidateNotNullOrEmpty()]

    [string]$OutputPath

)

$ErrorActionPreference = 'Stop'

# Verify Graph connection

if (-not (Assert-GraphConnection)) { return }

# Ensure required Graph submodule is loaded (PS 7.x does not auto-import)

Import-Module -Name Microsoft.Graph.DeviceManagement -ErrorAction Stop

Write-Verbose "Retrieving all Intune managed devices..."

try {

    $devices = Get-MgDeviceManagementManagedDevice -All -ErrorAction Stop

}

catch {

    Write-Warning "Could not retrieve Intune managed devices. Ensure Intune is licensed and permissions are granted: $($_.Exception.Message)"

    return

}

if (-not $devices -or $devices.Count -eq 0) {

    Write-Warning "No managed devices found. Intune may not be configured or no devices are enrolled."

    Write-Output @()

    return

}

Write-Verbose "Processing $($devices.Count) managed devices..."

$results = foreach ($device in $devices) {

    [PSCustomObject]@{

        DeviceName        = $device.DeviceName

        UserDisplayName   = $device.UserDisplayName

        UserPrincipalName = $device.UserPrincipalName

        OperatingSystem   = $device.OperatingSystem

        OsVersion         = $device.OsVersion

        ComplianceState   = $device.ComplianceState

        ManagementAgent   = $device.ManagementAgent

        EnrolledDateTime  = $device.EnrolledDateTime

        LastSyncDateTime  = $device.LastSyncDateTime

        Model             = $device.Model

        Manufacturer      = $device.Manufacturer

        SerialNumber      = $device.SerialNumber

    }

}

$results = @($results) | Sort-Object -Property DeviceName

Write-Verbose "Total devices: $($results.Count)"

if ($OutputPath) {

    $results | Export-Csv -Path $OutputPath -NoTypeInformation -Encoding UTF8

    Write-Output "Exported $($results.Count) devices to $OutputPath"

}

else {

    Write-Output $results

}