Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts

Let’s discuss how to Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts. Now, Microsoft Graph API is the buzzword. How can Microsoft Graph API fetch the details from Azure Active Directory (Azure AD/AAD) and Microsoft Intune? And a list of Intune PowerShell Scripts samples. I won’t provide any Graph API scripts to fetch details in this post.

APIs have always been an alien term for me. The rest of the API was everywhere; now it’s Graph API. Have you ever tried Facebook Graph API? So, the entire industry is taking the path of Graph API!

In one of our articles, we provide a detailed guide on using Microsoft Graph Explorer, emphasizing its utility for beginners. This tool is pivotal for understanding Graph API queries, particularly for those starting. We walk users through the initial steps of accessing and utilizing the Graph Explorer, focusing on its simplicity and user-friendly interface.

The blog post “Configuring Intune Bitlocker grace period illustrates a real-world example of using Intune Graph Explorer. This scenario involves setting up a grace period for BitLocker, a feature not configurable through the MEM Admin Center portal.

Patch My PC

Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts

Microsoft Graph is a versatile Application Programming Interface (API) offering a unified endpoint, https://graph.microsoft.com, to access a wealth of data, intelligence, and insights across Microsoft 365 and other Microsoft Cloud services.

Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts - Fig.1
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts – Fig.1

NOTE! – Intune PowerShell Script Samples with Microsoft Graph – https://github.com/microsoftgraph/powershell-intune-samples

In this post, I would like to help by providing basic details of the Microsoft Graph API. I will explain how to start using Graph API graphically (not programmatically) and how Graph API would be helpful for IT Pros in their day-to-day lives. Microsoft Intune admins can analyze a device’s or user’s details from Graph API.

We can only get limited details of objects from the Azure AD portal; however, loads of more information can be fetched from Graph API via Web browsers. You can perform all the GET and other supported operations from the following URL. Remember to sign in to the tenant.

Adaptiva

Intune Graph API Query | Sample Queries | Easiest Method | Tips | Tricks

This video guide teaches you how to use Intune Graph Query and some sample queries. It’s a beginner’s guide, so it starts with the basics. Microsoft Graph Explorer is a special tool for system admins and developers. With it, you can talk to Intune and ask it to fetch, change, or remove information.

Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts – Video 1

Microsoft Graph

Graph Explorer is one way to fetch, change, or remove data or configurations from Intune services. You can quickly sign in to the graph—microsoft portal with Intune Admin credentials.

Launch Microsoft Graph - URL --> https://graph.microsoft.io/en-us/graph-explorer

https://developer.microsoft.com/en-us/graph/graph-explorer
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts - Fig.2
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts – Fig.2

When you sign in for the first time, you need to agree to give Graph Explorer the following permissions. Click on the Agree button to proceed.

Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts - Fig.3
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts – Fig.3

There are two versions of Graph Explorer available at the moment: 1.0 and Beta. I was having a hard time connecting to the Graph API, but it was okay when I wanted to retrieve my user information.

But when I tried to fetch the details for the entire tenant, it was asked to agree or accept new Admin consent, as you can see in the following paragraph.

This query requires additional permissions. If you are an administrator, you can click here to grant them for your entire organization. You can also try the same request against your tenant by creating a free Office 365 developer account.

When I tried to click on the “HERE” button to accept the consent, it gave me an odd error: “AADSTS90002: No service namespace named ‘organizations‘ was found in the data store.” Ryan and Panu helped me get rid of this error.

To accept this admin consent, you don’t have to create manual applications or run any PowerShell scripts! It’s already available in your enterprise applications blade in the Azure console.

Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts - Fig.4
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts – Fig.4

The following are some samples of graph API GET queries to retrieve details from Intune and Azure Active Directory (AAD). Graph API also allows for the following three types of actions: POST, PATCH, and DELETE.  

  • https://graph.microsoft.com/beta/users/[email protected]/ownedDeviceshttps://graph.microsoft.com/beta/deviceAppManagement/mobileAppshttps://graph.microsoft.com/beta/users/https://graph.microsoft.com/beta/applications   Following is some of the extracts of device management mobile app.
  • WhatsApp is one of the applications at “https://graph.microsoft.com/beta/deviceAppManagement/mobileApps.” Similarly, we can retrieve a user’s owned devices and device status through Graph API GET commands. Some of these details are available ONLY through Graph API. This will be an excellent help for Intune admins when troubleshooting issues.
Graph AP Actions
POST
PATCH
DELETE
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts – Table 1
cache-control: private
content-type: application/json;odata.metadata=minimal;odata.streaming=true;
request-id: 604557b1-409b-4749-8w32d-d754844b2181
client-request-id: 6se357b1-409b-4349-864d-d754844b2181
Status Code: 200
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceAppManagement/mobileApps",
"value": [
{
"@odata.type": "#microsoft.graph.iosStoreApp",
"id": "ab8a5364-887d-44e7-a6cd-9684d2f279c3",
"displayName": "WhatsApp Messenger",
"description": "WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone's Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. \n\nWHY USE WHATSAPP:  \n\n• NO FEES: WhatsApp uses your phone's
"publisher": "WhatsApp Inc.",
"largeIcon": null,
"createdDateTime": "2017-01-22T06:40:24.696692Z",
"lastModifiedDateTime": "2017-01-22T06:40:24.696692Z",
"isFeatured": false,
"privacyInformationUrl": null,
"informationUrl": null,
"owner": "",
"developer": "",
"notes": "",
"uploadState": 1,
"installSummary": null,
"bundleId": "net.whatsapp.WhatsApp",
"appStoreUrl": "https://itunes.apple.com/us/app/whatsapp-messenger/id310633997?mt=8&uo=4",
"applicableDeviceType": {
"iPad": false,
"iPhoneAndIPod": true
},
"minimumSupportedOperatingSystem": {
"v8_0": true,
"v9_0": false,
"v10_0": false
}
}, 
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts - Fig.5
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts – Fig.5

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.