Fetch Intune Azure AD Details from Graph API Intune PowerShell Scripts

Intune Graph API provides ability to access to Intune information programmatically from your tenant. This Graph API could perform the same Intune operations which are available in the Azure Portal.  

0

Now, Microsoft Graph API is the buzz word. How to use Microsoft Graph API to fetch the details from Azure Active Directory (Azure AD/AAD) and Microsoft Intune? And a list of Intune PowerShell Scripts sample. I’m not going to provide any Graph API scripts to fetch details in this post.

NOTE! – Intune PowerShell Script Samples with Microsoft Graph – https://github.com/microsoftgraph/powershell-intune-samples

APIs have always been an alien term for me. Rest API was everywhere and now it’s Graph API. What is the difference between Rest API and Graph API? Here are the details. Have your ever tried to Facebook Graph API? So the entire industry is taking the path of Graph API!

More detailed explanation in the above video or you can click here

Fetch Intune Azure AD Details from  Graph API Intune PowerShell Scripts 1

In this post, I would like to help by providing basic details of Microsoft Graph API. How to start using Graph API graphically (Not programmatically) and how Graph API would be helpful for IT Pros in their day to day life. Microsoft Intune admins can analyse the details of a device or user from Graph API. We can get only limited details of objects from Azure AD portal, however loads of details can be fetched from Graph API via Web browsers. You can perform all the GET and other supported operations from the following URL. Remember to sign in to tenant.

Launch Microsoft Graph – URL –-> https://graph.microsoft.io/en-us/graph-explorer

https://developer.microsoft.com/en-us/graph/graph-explorer
Intune PowerShell Scripts sample
Intune PowerShell Scripts sample

When you sign in for the first time you need to agree to provide the following permissions to Graph explorer. Click on Agree button to proceed further.

Intune PowerShell Scripts sample
Intune PowerShell Scripts sample

There are two versions of Graph explorer available at the moment. The version 1.0 and Beta. I was having hard time to connect to Graph API. It was ok when I wanted to retrieve my user information. But when I tried to fetch the details for entire tenant, it was asking to agree or accept new Admin consent as you can see in the following paragraph.

This query requires additional permissions. If you are an administrator, you can click here to grant them on behalf of your entire organization. Or, you can try the same request against your own tenant by creating a free Office 365 developer account.

When I tried to click on “HERE” button to accept the consent, it was giving me odd error as follows :- “AADSTS90002: No service namespace named ‘organizations’ was found in the data store.” Ryan and Panu helped me to get rid of this error mentioned above. To accept this admin consent, you don’t have to create any manual applications or run any PowerShell scripts! It’s out of box setting now in your enterprise applications blade in Azure console.

Intune PowerShell Scripts sample
Intune PowerShell Scripts sample

Following are the some of the samples of graph API GET queries to retrieve details from Intune and Azure Active Directory (AAD). Other 3 types of actions are possible with Graph API and those are POST, PATCH and DELETE.  

https://graph.microsoft.com/beta/users/anp@SCZ.onmicrosoft.com/ownedDeviceshttps://graph.microsoft.com/beta/deviceAppManagement/mobileAppshttps://graph.microsoft.com/beta/users/https://graph.microsoft.com/beta/applications   Following is some of the extracts of device management mobile app.

WhatsApp is one of the applications “https://graph.microsoft.com/beta/deviceAppManagement/mobileApps“. Similarly, we can retrieve the owned devices of a user and the status of a device through Graph API GET commands. Some of these details are only available ONLY through Graph API. This will great help for Intune admins at the time of troubleshooting issues.

Intune PowerShell Scripts sample
Intune PowerShell Scripts sample

cache-control: private
content-type: application/json;odata.metadata=minimal;odata.streaming=true;
request-id: 604557b1-409b-4749-8w32d-d754844b2181
client-request-id: 6se357b1-409b-4349-864d-d754844b2181
Status Code: 200
{
“@odata.context”: “https://graph.microsoft.com/beta/$metadata#deviceAppManagement/mobileApps”,
“value”: [
{
“@odata.type”: “#microsoft.graph.iosStoreApp”,
“id”: “ab8a5364-887d-44e7-a6cd-9684d2f279c3”,
“displayName”: “WhatsApp Messenger”,
“description”: “WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone’s Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, and Voice Messages. \n\nWHY USE WHATSAPP:  \n\n• NO FEES: WhatsApp uses your phone’s
“publisher”: “WhatsApp Inc.”,
“largeIcon”: null,
“createdDateTime”: “2017-01-22T06:40:24.696692Z”,
“lastModifiedDateTime”: “2017-01-22T06:40:24.696692Z”,
“isFeatured”: false,
“privacyInformationUrl”: null,
“informationUrl”: null,
“owner”: “”,
“developer”: “”,
“notes”: “”,
“uploadState”: 1,
“installSummary”: null,
“bundleId”: “net.whatsapp.WhatsApp”,
“appStoreUrl”: “https://itunes.apple.com/us/app/whatsapp-messenger/id310633997?mt=8&uo=4”,
“applicableDeviceType”: {
“iPad”: false,
“iPhoneAndIPod”: true
},
“minimumSupportedOperatingSystem”: {
“v8_0”: true,
“v9_0”: false,
“v10_0”: false
}
}, 

Reference Links Intune PowerShell Scripts sample

  • Intune Graph API Reference – here
  • Azure AD Graph API reference – here
  • Quickstart for the Azure AD Graph API – here

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.