Public/Get-UserDeviceStatus.ps1
|
<#
.COPYRIGHT Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. See https://github.com/microsoftgraph/powershell-intune-samples/blob/master/LICENSE for license information. #> Function Get-UserDeviceStatus() { [cmdletbinding()] param ( [switch]$Analyze ) Write-Host "Getting User Devices..." -ForegroundColor Yellow $UserDevices = Get-AADUserDevices -UserID $UserID if ($UserDevices) { write-host "-------------------------------------------------------------------" foreach ($UserDevice in $UserDevices) { $UserDeviceId = $UserDevice.id $UserDeviceName = $UserDevice.deviceName $UserDeviceAADDeviceId = $UserDevice.azureActiveDirectoryDeviceId $UserDeviceComplianceState = $UserDevice.complianceState write-host "Device Name:" $UserDevice.deviceName -f Cyan Write-Host "Device Id:" $UserDevice.id write-host "Owner Type:" $UserDevice.ownerType write-host "Last Sync Date:" $UserDevice.lastSyncDateTime write-host "OS:" $UserDevice.operatingSystem write-host "OS Version:" $UserDevice.osVersion if ($UserDevice.easActivated -eq $false) { write-host "EAS Activated:" $UserDevice.easActivated -ForegroundColor Red } else { write-host "EAS Activated:" $UserDevice.easActivated } Write-Host "EAS DeviceId:" $UserDevice.easDeviceId if ($UserDevice.aadRegistered -eq $false) { write-host "AAD Registered:" $UserDevice.aadRegistered -ForegroundColor Red } else { write-host "AAD Registered:" $UserDevice.aadRegistered } write-host "Enrollment Type:" $UserDevice.enrollmentType write-host "Management State:" $UserDevice.managementState if ($UserDevice.complianceState -eq "noncompliant") { write-host "Compliance State:" $UserDevice.complianceState -f Red $uri = "https://graph.microsoft.com/beta/managedDevices/$UserDeviceId/deviceCompliancePolicyStates" $deviceCompliancePolicyStates = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value foreach ($DCPS in $deviceCompliancePolicyStates) { if ($DCPS.State -ne "notApplicable") { Write-Host "Non Compliant Policy for device $UserDeviceName" -ForegroundColor Yellow write-host "Display Name:" $DCPS.displayName $SettingStatesId = $DCPS.id.split("_")[2] $uri = "https://graph.microsoft.com/beta/managedDevices/$UserDeviceId/deviceCompliancePolicyStates/$SettingStatesId/settingStates" $SettingStates = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value foreach ($SS in $SettingStates) { if ($SS.state -eq "nonCompliant") { Write-Host "Setting:" $SS.setting Write-Host "State:" $SS.state -ForegroundColor Red } } } } # Getting AAD Device using azureActiveDirectoryDeviceId property $uri = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$UserDeviceAADDeviceId'" $AADDevice = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value $AAD_Compliant = $AADDevice.isCompliant # Checking if AAD Device and Intune ManagedDevice state are the same value Write-Host "Compliance State - AAD and ManagedDevices" -ForegroundColor Yellow Write-Host "AAD Compliance State:" $AAD_Compliant Write-Host "Intune Managed Device State:" $UserDeviceComplianceState } else { write-host "Compliance State:" $UserDevice.complianceState -f Green # Getting AAD Device using azureActiveDirectoryDeviceId property $uri = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$UserDeviceAADDeviceId'" $AADDevice = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value $AAD_Compliant = $AADDevice.isCompliant # Checking if AAD Device and Intune ManagedDevice state are the same value Write-Host "Compliance State - AAD and ManagedDevices" -ForegroundColor Yellow Write-Host "AAD Compliance State:" $AAD_Compliant Write-Host "Intune Managed Device State:" $UserDeviceComplianceState } write-host "-------------------------------------------------------------------" } } else { #write-host "User Devices:" -f Yellow write-host "User has no devices" } } |