Intune-ComplianceReport

1.0.0

Public/Invoke-IntuneComplianceAudit.ps1

                                function Invoke-IntuneComplianceAudit {

    <#

    .SYNOPSIS

        Runs a full Intune compliance audit and generates an HTML dashboard.

    .DESCRIPTION

        Orchestrates all audit functions — device compliance, app inventory, policy assignments,

        and Autopilot status — then compiles results into a single HTML report.

    .PARAMETER OutputPath

        Directory for the HTML report. Defaults to current directory.

    .PARAMETER StaleDays

        Number of days since last check-in before a device is considered stale. Defaults to 30.

    .PARAMETER SkipAutopilot

        Skip Autopilot status check (useful if Autopilot is not in use).

    .EXAMPLE

        Invoke-IntuneComplianceAudit -OutputPath C:\Reports -StaleDays 14

    #>

    [CmdletBinding()]

    param(

        [Parameter()]

        [string]$OutputPath = (Get-Location).Path,

        [Parameter()]

        [ValidateRange(1, 180)]

        [int]$StaleDays = 30,

        [Parameter()]

        [switch]$SkipAutopilot

    )

    begin {

        Test-GraphConnection

        $timestamp = Get-Date -Format 'yyyyMMdd-HHmmss'

        $reportFile = Join-Path $OutputPath "Intune-ComplianceReport-$timestamp.html"

        $sections = @()

    }

    process {

        Write-Host "`n=== Intune Compliance Audit ===" -ForegroundColor Cyan

        Write-Host "Audit started at $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')`n"

        # --- Device Compliance ---

        Write-Host "[1/4] Auditing device compliance status..." -ForegroundColor Yellow

        $devices = Get-IntuneDeviceComplianceReport -StaleDays $StaleDays

        $sections += @{

            Title   = 'Device Compliance'

            Data    = $devices

            Summary = "$($devices.Count) managed devices evaluated"

        }

        # --- App Inventory ---

        Write-Host "[2/4] Auditing application inventory..." -ForegroundColor Yellow

        $apps = Get-IntuneAppInventory

        $sections += @{

            Title   = 'Application Inventory'

            Data    = $apps

            Summary = "$($apps.Count) managed applications reviewed"

        }

        # --- Policy Assignments ---

        Write-Host "[3/4] Reviewing policy assignments..." -ForegroundColor Yellow

        $policies = Get-IntunePolicyAssignmentReview

        $sections += @{

            Title   = 'Policy Assignment Review'

            Data    = $policies

            Summary = "$($policies.Count) policies reviewed"

        }

        # --- Autopilot ---

        if (-not $SkipAutopilot) {

            Write-Host "[4/4] Checking Autopilot status..." -ForegroundColor Yellow

            $autopilot = Get-IntuneAutopilotStatus

            $sections += @{

                Title   = 'Autopilot Deployment Status'

                Data    = $autopilot

                Summary = "$($autopilot.Count) Autopilot devices reviewed"

            }

        }

        else {

            Write-Host "[4/4] Skipping Autopilot check (SkipAutopilot specified)" -ForegroundColor DarkGray

        }

    }

    end {

        Write-Host "`nGenerating HTML report..." -ForegroundColor Yellow

        New-HtmlDashboard -Sections $sections -OutputFile $reportFile -ReportTitle 'Intune Compliance Audit'

        Write-Host "`n=== Audit Complete ===" -ForegroundColor Green

        Write-Host "Report saved to: $reportFile"

        Write-Host ""

        foreach ($s in $sections) {

            Write-Host "  $($s.Title): $($s.Summary)"

        }

        Get-Item $reportFile

    }

}