get-intune-apps.ps1
|
$maximumfunctioncount = 32768 <#PSScriptInfo .VERSION 2.0 .GUID 729ebf90-26fe-4795-92dc-ca8f570cdd22 .AUTHOR AndrewTaylor .DESCRIPTION Display an Intune applist in a grid to find more details .COMPANYNAME .COPYRIGHT GPL .TAGS az azure AVD WVD environment .LICENSEURI https://github.com/andrew-s-taylor/public/blob/main/LICENSE .PROJECTURI https://github.com/andrew-s-taylor/public .ICONURI .EXTERNALMODULEDEPENDENCIES azureAD .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .SYNOPSIS Displays List of apps from Intune .DESCRIPTION Display an Intune applist in a grid to find more details .INPUTS None required .OUTPUTS GridView .NOTES Version: 2.0 Author: Andrew Taylor Twitter: @AndrewTaylor_2 WWW: andrewstaylor.com Creation Date: 11/06/2021 Modified: 29/10/2022 Purpose/Change: Initial script development Change: Switched from AAD Auth to Graph auth to avoid issues when module deprecated .EXAMPLE N/A #> ##Install Module #Install MS Graph if not available if (Get-Module -ListAvailable -Name Microsoft.Graph) { Write-Host "Microsoft Graph Already Installed" } else { try { Install-Module -Name Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force } catch [Exception] { $_.message exit } } import-module microsoft.graph.intune ##Authenticate Select-MgProfile -Name Beta Connect-MgGraph -Scopes DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, openid, profile, email, offline_access #################################################### Function Get-IntuneApplication(){ <# .SYNOPSIS This function is used to get applications from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any applications added .EXAMPLE Get-IntuneApplication Returns any applications configured in Intune .NOTES NAME: Get-IntuneApplication #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps" try { if($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value | Where-Object { ($_.'displayName').contains("$Name") -and (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value | Where-Object { (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } #################################################### Function Get-ApplicationAssignment(){ <# .SYNOPSIS This function is used to get an application assignment from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets an application assignment .EXAMPLE Get-ApplicationAssignment Returns an Application Assignment configured in Intune .NOTES NAME: Get-ApplicationAssignment #> [cmdletbinding()] param ( $ApplicationId ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps/$ApplicationId/assignments" try { if(!$ApplicationId){ write-host "No Application Id specified, specify a valid Application Id" -f Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } #################################################### Function Get-AADGroup(){ <# .SYNOPSIS This function is used to get AAD Groups from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any Groups registered with AAD .EXAMPLE Get-AADGroup Returns all users registered with Azure AD .NOTES NAME: Get-AADGroup #> [cmdletbinding()] param ( $GroupName, $id, [switch]$Members ) # Defining Variables $graphApiVersion = "v1.0" $Group_resource = "groups" try { if($id){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=id eq '$id'" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } elseif($GroupName -eq "" -or $GroupName -eq $null){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } else { if(!$Members){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } elseif($Members){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" $Group = (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value if($Group){ $GID = $Group.id $Group.displayName write-host $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)/$GID/Members" (Invoke-MgGraphRequest -Uri $uri -Method Get -OutputType PSObject).Value } } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } #################################################### $Intune_Apps = Get-IntuneApplication | Select-Object displayName,id | Out-GridView -Title "Intune Applications" -passthru | ForEach-Object { $thisapp = get-intuneapplication -Name $_.displayName $apptype = switch($thisapp.'@odata.type') { "#microsoft.graph.win32LobApp" {"Win32 App"; break} "#microsoft.graph.microsoftStoreForBusinessApp" {"Store for Business App"; break} "#microsoft.graph.officeSuiteApp" {"M365 App"; break} "#microsoft.graph.windowsMicrosoftEdgeApp" {"Microsoft Edge"; break} "#microsoft.graph.windowsUniversalAppX" {"MSIX Package"; break} } $appname = $thisapp.displayName $appid = $thisapp.id $apptyef = $apptype $App_Assignment = Get-ApplicationAssignment -ApplicationId $_.id if($App_Assignment){ $assignedtype = "Application Assigned" foreach($Assignment in $App_Assignment){ $assignedgroup = (Get-AADGroup -id $Assignment.target.GroupId).displayName $intent = $Assignment.intent } } else { $assignedtype = "No Application Assignment" } Write-Host $Appoutput = @" Name: $appname ID: $appid AppType: $apptype Assigned: $assignedtype Assigned Group(s): $assignedgroup Assigned Intent: $intent "@ [System.Windows.MessageBox]::Show($Appoutput) } |