Functions/Get-IntuneRemediationScriptAssignmentReport.ps1
|
function Get-IntuneRemediationScriptAssignmentReport { [CmdletBinding()] param ( ) $AssignmentFilters = (Invoke-GraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/assignmentFilters").value $deviceHealthScripts = (Invoke-GraphRequest -Uri "https://graph.microsoft.com/beta/devicemanagement/deviceHealthScripts").value | Sort-Object displayName $Assignments = @() $i = 0 foreach ($a in $deviceHealthScripts) { $i++ if ($deviceHealthScripts.count) { # Write-Progress -Activity "Processing apps" -CurrentOperation "$($a.displayName) ($($i) / $($deviceHealthScripts.count))" -PercentComplete ( ($i / ($deviceHealthScripts.count) * 100) ) } $AppAssignments = (Invoke-GraphRequest -Uri "https://graph.microsoft.com/beta/devicemanagement/deviceHealthScripts/$($a.id)/assignments").value $AppAssignments | ForEach-Object { $Properties = [PSCustomObject]@{ AssignmentId = $_.id ScriptId = $a.id AadGroup = $_.target.groupId type = $_.target.'@odata.type' FilterId = $_.target.deviceAndAppManagementAssignmentFilterId FilterType = $_.target.deviceAndAppManagementAssignmentFilterType runSchedule = ($_.runSchedule.'@odata.type').Replace("#microsoft.graph.deviceHealthScript", "") interval = $_.runSchedule.interval useUtc = $_.runSchedule.useUtc time = $_.runSchedule.time } $Assignments += $Properties } } # 123 # $Assignments | fl # # $Assignments.id # 456 $AadGroups = @() $Assignments.AadGroup | Select-Object -Unique | ForEach-Object { # try { # $AadGroups += Get-AzureADGroup -ObjectId $_ -ea 0 $AadGroups += Get-MgGroup -GroupId $_ -ea 0 # } # catch { } } $AadGroups = $AadGroups | Sort-Object DisplayName $Output = @() foreach ($d in $deviceHealthScripts) { $Properties = [ordered]@{ displayName = $d.displayName id = $d.id AllUsers = $null AllDevices = $null } foreach ($ag in $AadGroups) { $Properties.Add($ag.DisplayName, $null) } $ThisAssignment = $Assignments | Where-Object ScriptId -EQ $d.id # $ThisAssignment | ft foreach ($aa in $ThisAssignment) { if ($aa.FilterId -ne "00000000-0000-0000-0000-000000000000") { $ThisFilter = $AssignmentFilters | Where-Object id -EQ $aa.FilterId $FilterTxt = " / Filter: $($aa.FilterType): '$($ThisFilter.displayName)'" } else { Clear-Variable FilterTxt -ea 0 } $ScheduleTxt = " / $($aa.runSchedule)" if ($aa.runSchedule -ne "RunOnceSchedule") { $ScheduleTxt += " - freq: $($aa.interval)" } if ($aa.time) { if ($aa.runSchedule -eq "RunOnceSchedule") { $time = Get-Date -Date ([datetime]$aa.time) -Format "yyyy-MM-dd HH.mm" } else { $time = Get-Date -Date ([datetime]$aa.time) -Format "HH.mm" } $ScheduleTxt += " - $($time)h" if ($aa.useUtc -eq $true) { $ScheduleTxt += " (utc)" } $ScheduleTxt += "" } # Write-Host "$($d.displayName) $($aa.AadGroup) $($aa.Type)" if ($aa.AadGroup) { $TargetGroup = $AadGroups | Where-Object Id -EQ $aa.AadGroup if ($TargetGroup) { if ($aa.type -eq "#microsoft.graph.exclusionGroupAssignmentTarget") { $CurrentIntent = "excluded" } else { $CurrentIntent = "included" } if ($Properties[$TargetGroup.DisplayName]) { $Properties[$TargetGroup.DisplayName] += " / " } $Properties[$TargetGroup.DisplayName] += "$($CurrentIntent)$($FilterTxt)$($ScheduleTxt)" } } else { # $aa if ($aa.type -eq "#microsoft.graph.allLicensedUsersAssignmentTarget") { $Properties["AllUsers"] = "included$($FilterTxt)$($ScheduleTxt)" } if ($aa.type -eq "#microsoft.graph.allDevicesAssignmentTarget") { $Properties["AllDevices"] = "included$($FilterTxt)$($ScheduleTxt)" } } } $Output += New-Object -TypeName psobject -Property $Properties } return $Output } |