Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script

This guide will help you automate the Microsoft Intune Device Non-Compliance Report using PowerShell Script. This article will teach us how to get Microsoft Intune Device Non-Compliance devices using PowerShell Script. This method is limited to devices enrolled in Microsoft Intune. Let’s learn together..!

You have likely automated numerous day-to-day Intune tasks using PowerShell and the Microsoft Graph API. If you have not yet begun automating tasks within Intune, this may serve as an excellent starting point.

Microsoft Graph, a RESTful web API, facilitates access to Microsoft Cloud service resources. It lets you access data, intelligence, and insights from Microsoft 365 and other Microsoft Cloud services through a single endpoint, including data from Microsoft 365, Windows, and Enterprise Mobility + Security.

Many readers would have already used Graph Explorer for the Microsoft Graph API calls. Graph Explorer is a handy browser-based tool for running your Graph calls; it doesn’t need any module or set-up file to be installed on your local machine. However, Installing the Microsoft Graph PowerShell SDK is necessary to automate Microsoft Graph tasks using PowerShell.

Patch My PC

Before you get started

Before you begin, make sure to install the Microsoft Graph PowerShell Modules. Microsoft has published the Microsoft Graph PowerShell SDK on the PowerShell Gallery. The SDK includes two modules, Microsoft. Graph and Microsoft.Graph.Beta are called the Microsoft Graph REST API v1.0 and Microsoft Graph REST API beta.

Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script Fig.1
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script. Fig.01

To install the Microsoft Graph PowerShell SDK, your PowerShell version should be at least 5.1 or later. However, Microsoft recommends having PowerShell 7 or later. As per Microsoft, no additional prerequisites are required to use the SDK with PowerShell 7 or later.

Adaptiva
Read More : Best Guide to Install Microsoft Graph PowerShell Modules

You should have .NET Framework 4.7.2 or later installed on your machine before installing Microsoft Graph PowerShell modules. Microsoft suggests updating PowerShellGet to the latest version using the command Install-Module PowerShellGet. Also, the PowerShell script execution policy must be set to remote signed or less restrictive.

Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script

Well, we discussed enough before we start coding.! Let’s write the PowerShell Script to get Microsoft Intune Non-Compliance Devices. We have already installed the Microsoft Graph PowerShell SDK on my local machine

You must Sign in using Connect-MgGraph command each time to automate your daily tasks

  • Open the PowerShell as an Administrator.
  • Type Connect-MgGraph and hit enter
  • The PowerShell prompt you to enter the credentials to authenticate Microsoft Graph.
NOTE! To grant more permissions, you can repeat the Connect-MgGraph command with the new permission scopes added.

In this example, we need the below permissions to get Microsoft Intune Non-Compliance Devices using the PowerShell script.

NameDescription
DeviceManagementManagedDevices.Read.AllRead Intune managed devices
DeviceManagementManagedDevices.ReadWrite.AllRead and Write Intune-managed devices
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script. Table. 01

Kindly repeat the Connect-MgGraph cmdlet with the new permission scopes added using the below command.

Connect-MGGraph -Scopes DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script . Fig.02
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script . Fig.02

PowerShell Script

I have successfully connected to MgGraph with the necessary permissions. In this instance, I am utilizing the following script to assess all devices managed by Intune. The objective is to identify and display only those devices that are considered non-compliant.

###########################################################################

#Get-IntuneManagedNonComplianceDevices.ps1

#Scope : This script will retrive Microsoft Intune Non-Compliance Devices 

#Author : Sujin Nelladath

#LinkedIn : https://www.linkedin.com/in/sujin-nelladath-8911968a/

############################################################################

# Connect to Microsoft Graph API with required permission

Connect-MGGraph -Scopes DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All

# Define the API endpoint for Intune devices

$endpoint = 'https://graph.microsoft.com/v1.0/deviceManagement/managedDevices'

# Get all managed devices

$devices = Invoke-MgGraphRequest -Uri $endpoint -Method GET

# Filter non-compliant devices

$nonCompliantDevices = $devices.value | Where-Object { $_.complianceState -eq "noncompliant" }

# Create a PS Object


$pSObject = [PSCustomObject]@{
    DeviceName = $nonCompliantDevices.deviceName
    ComplianceState = $nonCompliantDevices.complianceState
}

# List of Non-Compliant Devices
$nonCompliantDeviceDetails = @()
for ($i = 0; $i -lt $pSObject.DeviceName.Count; $i++) {
    $nonCompliantDeviceDetails += [PSCustomObject]@{
        DeviceName = $pSObject.DeviceName[$i]
        ComplianceState = $pSObject.ComplianceState[$i]
    }
}

#Display the Non-Compliant Devices

$nonCompliantDeviceDetails
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script. Fig.03
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script . Fig.03

Please click the green play button in the PowerShell ISE window to execute the script. This code is designed to identify Microsoft Intune-managed devices that are non-compliant within your organization. The output will be presented in PSCustomObject format and organized in a tabular structure for clarity.

Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script . Fig.04
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script. Fig.04

Export PowerShell output to CSV format

Let’s see how to export the PowerShell output to CSV (Comma-Separated Value ) format easily. The variable $nonCompliantDeviceDetails contains the entire script output in tabular form. This can be achieved simply by using the Export-Csv cmdlet.

$nonCompliantDeviceDetails | Export-Csv -Path C:\temp\IntuneNonComplaintDevices.csv -NoTypeInformation 
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script. Fig.05
Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script. Fig.05
  • Be sure to include the -NoTypeInformation parameter, as it removes the information header from the output.

I trust that this article will greatly benefit you and your organization. Thank you for your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

About the Author: Sujin Nelladath, Microsoft Graph MVP with over 10 years of experience in SCCM device management and Automation solutions, writes and shares his experiences with Microsoft device management technologies, Azure, DevOps and PowerShell automation.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.