Let’s discuss how to Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts. Now, Microsoft Graph API is the buzzword. How can Microsoft Graph API fetch the details from Azure Active Directory (Azure AD/AAD) and Microsoft Intune? And a list of Intune PowerShell Scripts samples. I won’t provide any Graph API scripts to fetch details in this post.
APIs have always been an alien term for me. The rest of the API was everywhere; now it’s Graph API. Have you ever tried Facebook Graph API? So, the entire industry is taking the path of Graph API!
In one of our articles, we provide a detailed guide on using Microsoft Graph Explorer, emphasizing its utility for beginners. This tool is pivotal for understanding Graph API queries, particularly for those starting. We walk users through the initial steps of accessing and utilizing the Graph Explorer, focusing on its simplicity and user-friendly interface.
The blog post “Configuring Intune Bitlocker grace period“ illustrates a real-world example of using Intune Graph Explorer. This scenario involves setting up a grace period for BitLocker, a feature not configurable through the MEM Admin Center portal.
- Best Guide to Install Microsoft Graph PowerShell Modules
- Intune Graph Query Samples Starters Guide
- Best Guide to Restart Intune Devices Remotely using Microsoft Graph API and PowerShell
- Intune Policy Assignment Classification Easy Secrets of using Graph API with PowerShell
- Manage Intune Tasks with PowerShell Part 1
- Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period
- Intune Graph Query Samples Starters Guide
Table of Contents
Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts
Microsoft Graph is a versatile Application Programming Interface (API) offering a unified endpoint, https://graph.microsoft.com, to access a wealth of data, intelligence, and insights across Microsoft 365 and other Microsoft Cloud services.
NOTE! – Intune PowerShell Script Samples with Microsoft Graph – https://github.com/microsoftgraph/powershell-intune-samples
In this post, I would like to help by providing basic details of the Microsoft Graph API. I will explain how to start using Graph API graphically (not programmatically) and how Graph API would be helpful for IT Pros in their day-to-day lives. Microsoft Intune admins can analyze a device’s or user’s details from Graph API.
We can only get limited details of objects from the Azure AD portal; however, loads of more information can be fetched from Graph API via Web browsers. You can perform all the GET and other supported operations from the following URL. Remember to sign in to the tenant.
Intune Graph API Query | Sample Queries | Easiest Method | Tips | Tricks
This video guide teaches you how to use Intune Graph Query and some sample queries. It’s a beginner’s guide, so it starts with the basics. Microsoft Graph Explorer is a special tool for system admins and developers. With it, you can talk to Intune and ask it to fetch, change, or remove information.
Microsoft Graph
Graph Explorer is one way to fetch, change, or remove data or configurations from Intune services. You can quickly sign in to the graph—microsoft portal with Intune Admin credentials.
Launch Microsoft Graph - URL --> https://graph.microsoft.io/en-us/graph-explorer
https://developer.microsoft.com/en-us/graph/graph-explorer
When you sign in for the first time, you need to agree to give Graph Explorer the following permissions. Click on the Agree button to proceed.
There are two versions of Graph Explorer available at the moment: 1.0 and Beta. I was having a hard time connecting to the Graph API, but it was okay when I wanted to retrieve my user information.
But when I tried to fetch the details for the entire tenant, it was asked to agree or accept new Admin consent, as you can see in the following paragraph.
This query requires additional permissions. If you are an administrator, you can click here to grant them for your entire organization. You can also try the same request against your tenant by creating a free Office 365 developer account.
When I tried to click on the “HERE” button to accept the consent, it gave me an odd error: “AADSTS90002: No service namespace named ‘organizations‘ was found in the data store.” Ryan and Panu helped me get rid of this error.
To accept this admin consent, you don’t have to create manual applications or run any PowerShell scripts! It’s already available in your enterprise applications blade in the Azure console.
The following are some samples of graph API GET queries to retrieve details from Intune and Azure Active Directory (AAD). Graph API also allows for the following three types of actions: POST, PATCH, and DELETE.
- https://graph.microsoft.com/beta/users/[email protected]/ownedDeviceshttps://graph.microsoft.com/beta/deviceAppManagement/mobileAppshttps://graph.microsoft.com/beta/users/https://graph.microsoft.com/beta/applications Following is some of the extracts of device management mobile app.
- WhatsApp is one of the applications at “https://graph.microsoft.com/beta/deviceAppManagement/mobileApps.” Similarly, we can retrieve a user’s owned devices and device status through Graph API GET commands. Some of these details are available ONLY through Graph API. This will be an excellent help for Intune admins when troubleshooting issues.
Graph AP Actions |
---|
POST |
PATCH |
DELETE |
cache-control: private
content-type: application/json;odata.metadata=minimal;odata.streaming=true;
request-id: 604557b1-409b-4749-8w32d-d754844b2181
client-request-id: 6se357b1-409b-4349-864d-d754844b2181
Status Code: 200
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceAppManagement/mobileApps",
"value": [
{
"@odata.type": "#microsoft.graph.iosStoreApp",
"id": "ab8a5364-887d-44e7-a6cd-9684d2f279c3",
"displayName": "WhatsApp Messenger",
"description": "WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone's Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. \n\nWHY USE WHATSAPP: \n\n• NO FEES: WhatsApp uses your phone's
"publisher": "WhatsApp Inc.",
"largeIcon": null,
"createdDateTime": "2017-01-22T06:40:24.696692Z",
"lastModifiedDateTime": "2017-01-22T06:40:24.696692Z",
"isFeatured": false,
"privacyInformationUrl": null,
"informationUrl": null,
"owner": "",
"developer": "",
"notes": "",
"uploadState": 1,
"installSummary": null,
"bundleId": "net.whatsapp.WhatsApp",
"appStoreUrl": "https://itunes.apple.com/us/app/whatsapp-messenger/id310633997?mt=8&uo=4",
"applicableDeviceType": {
"iPad": false,
"iPhoneAndIPod": true
},
"minimumSupportedOperatingSystem": {
"v8_0": true,
"v9_0": false,
"v10_0": false
}
},
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.