Skip to content
/ IntuneDeviceExport Public

A PowerShell script to connect to Microsoft Intune via Microsoft Graph API, retrieve managed device data, and export it in JSON and CSV format.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tim-atkinson/IntuneDeviceExport

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
Export-IntuneManagedDevices.ps1
Export-IntuneManagedDevices.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Export-IntuneManagedDevices

PSScriptAnalyzer

Overview

This script connects to Microsoft Intune using the Microsoft Graph API to retrieve managed device information and export it in both JSON and CSV formats. The script is designed for IT professionals managing Intune environments, providing an easy way to automate device data retrieval.

Features

  • Connects to Microsoft Intune via Microsoft Graph API.
  • Supports both interactive user login and service principal (client secure credentials) authentication.
  • Retrieves detailed information about managed devices in your Intune environment.
  • Exports device data to JSON and CSV formats for further processing and analysis.
  • Includes logging for transparency and troubleshooting.

Requirements

  • Microsoft Graph SDK Installation: Install the Microsoft Graph SDK by using the following command:

    Install-Module Microsoft.Graph -Scope CurrentUser

    This will provide the necessary cmdlets to interact with Microsoft Graph.

  • Azure AD Application Setup:

    1. Create an App Registration: In Azure Portal, navigate to Azure Active Directory > App registrations > New registration. Register a new application with an appropriate name.
    2. API Permissions: After registering the application, navigate to API Permissions.
      • Click on Add a permission.
      • Select Microsoft Graph.
      • Choose Application permissions (not delegated).
      • Search for and add the DeviceManagementManagedDevices.Read.All permission.
    3. Grant Admin Consent: Ensure to click Grant admin consent for [your organization] so that the app can run without requiring individual user consent.
    4. Create a Client Secret: Go to Certificates & secrets and create a new client secret. This secret will be used in the script for authentication.

  • PowerShell version 5.1 or later.

  • Microsoft Graph PowerShell Module: Ensure the module is installed. You can install it with:

    Install-Module Microsoft.Graph -Scope CurrentUser

  • Azure AD Application: If using service principal authentication, ensure you have an Azure AD application with permissions to access Intune data (DeviceManagementManagedDevices.Read.All).

  • Create the credential file, execute:

      $ClientSecretCredential = Get-Credential -Credential "<YourClientId>"
  Enter <YourSecretId>
  $ClientSecretCredential | Export-Clixml -Path "<PathToCredentialFile>"

Warning

The Export-Clixml cmdlet encrypts credential objects by using the Windows Data Protection API. The encryption ensures that only your user account on only that computer can decrypt the contents of the credential object. The exported CLIXML file can't be used on a different computer or by a different user.

Parameters

  • -TenantId: The Tenant ID of the Azure AD application.
  • -Path: The file path to the secure credential file containing the client secret credentials.
  • -UseInteractiveLogin: Use this switch for interactive user login instead of client credentials.
  • -LogPath: The file path where logs should be written. Default is IntuneDeviceSync.log in the script's root directory.
  • -OutputDirectory: Directory where output files (JSON and CSV) will be saved. Default is the script's root directory.

Usage

Example 1: Using Service Principal Authentication

.\Export-IntuneManagedDevices.ps1 -TenantId "<YourTenantId>" -Path "<PathToCredentialFile>"

This command will use the specified Client ID, Tenant ID, and Client Secret to authenticate and retrieve device information, exporting it to JSON and CSV.

Example 2: Using Interactive User Login

.\Export-IntuneManagedDevices.ps1 -UseInteractiveLogin

This command will prompt you to log in interactively using your user credentials.

Script Details

  • Logging: The script logs all activities, including authentication attempts, data retrieval, and export status, in a log file (IntuneDeviceSync.log). This helps in auditing and troubleshooting issues.
  • Data Filtering: The script filters out devices that do not have a deviceName property set.
  • Export: The retrieved data is exported in two formats:
    • JSON: Contains device details such as deviceName, id, model, and lastSyncDateTime.
    • CSV: Contains similar information to the JSON output for easy viewing and processing.

Error Handling

  • The script includes comprehensive error handling. Errors during authentication, data retrieval, or export are logged with details, including the full exception information for troubleshooting purposes.

Important Notes

  • Ensure that the Azure AD application has the appropriate API permissions (DeviceManagementManagedDevices.Read.All) and that admin consent is granted.
  • The script attempts to disconnect from any previous Microsoft Graph session before initiating a new connection to ensure proper session management.

About

A PowerShell script to connect to Microsoft Intune via Microsoft Graph API, retrieve managed device data, and export it in JSON and CSV format.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages