Manage Intune Tasks with PowerShell Part 1

In this article, let’s discuss the best ways to Manage Intune Tasks with PowerShell Commands. This discourse aims to provide a comprehensive guide on Intune automation using PowerShell.

As an enthusiast of automation, I was eager to explore the capabilities of managing Intune through PowerShell commands. This approach can offer a powerful means of automating tasks and streamlining workflows. Have you had the opportunity to delve into this area yet?

As the number of devices utilized in organizations continues to increase, managing these devices becomes increasingly complex. It is crucial to seek contemporary solutions that can effectively manage these modern devices, streamline workflows, and reduce the administrative burden. Automating device management is a pivotal feature that any mobile device management (MDM) solution should possess.

To address this challenge, organizations must seek modern solutions that can support the effective management of these devices. The adoption of MDM solutions can provide a streamlined approach to device management, reducing the administrative burden associated with managing these devices. A key feature in any MDM solution lies in its capability to automate device management, a feature that can significantly simplify the process and improve overall efficiency.

• Best way to Deploy Shell Scripts using Intune
• Run Remediation Script on-demand for Windows Devices using Intune
• PowerShell Script to Create a Local Admin Account using Intune

Why is Automation Essential?

The implementation of automation is a crucial aspect for businesses to consider. It can aid in the reduction of costs, increase efficiency, and save time. By automating repetitive tasks, companies can allocate their employees to focus on more significant work, such as developing new products or enhancing customer service.

Automation can also assist businesses in reducing errors and improving accuracy, which can lead to better-quality products and services. In today’s fast-paced business environment, automation is no longer a luxury but a necessity for companies that aspire to remain competitive and achieve long-term success. The automation of device management is a complex process that requires careful consideration of the tasks and workflows that can be automated. While automation can increase efficiency and reduce workload, certain tasks require human intervention and cannot be automated. Therefore, it is essential to identify the tasks that can be automated and those that are best left to MDM admins. The most significant challenge in this regard is to differentiate between the two categories of tasks.

It is imperative to strike a balance between automation and human intervention to ensure that the device management process is efficient and effective. The identification of tasks that can be automated requires a thorough understanding of the device management process and the specific workflows involved. Once these tasks have been identified, they can be automated using appropriate tools and technologies.

On the other hand, tasks that require human intervention must be handled by MDM admins who possess the necessary skills and expertise. These tasks may include troubleshooting, problem-solving, and decision-making, which require human judgment and critical thinking.

• Intune Proactive Remediation Scripts Vs PowerShell Scripts
• How to Trigger SCCM Client Agent Actions Using PowerShell Script

Manage Intune Tasks with PowerShell

Now let us discuss the module required to use PowerShell to manage Intune and also the most common cmdlets used to Manage Intune. How can we connect the PowerShell cmdlet?

Install the Microsoft.Graph.Intune Module

It is highly probable that a considerable proportion of my readership is not acquainted with PowerShell. As such, I am responsible for initiating a comprehensive exposition of the rudimentary principles of PowerShell. Let us delve into the fundamental aspects of PowerShell to equip you with the necessary knowledge.

Prior to initiating the management of Intune via PowerShell commands, it is important to ensure that your PowerShell interface is equipped with the Intune module. This requires due preparation and installation of the requisite module, which will enable you to execute commands and instructions related to Intune management efficiently. Hence, it is recommended that you initiate the installation of the Intune module before embarking on any Intune management activities via PowerShell commands.

A PowerShell module is a self-contained unit of code that can be reused across different PowerShell sessions and scripts. Modules contain a set of related functions, cmdlets, variables, and other resources that can be imported into a PowerShell session or script to extend its functionality. PowerShell modules are stored in directories called module directories and can be loaded into a PowerShell session using the Import-Module cmdlet. This allows you to easily manage and share code across different scripts and systems, making it a powerful tool for automation and administration tasks. Let’s start with Installing the Microsoft.Graph.Intune module. This is going to be a one-time setup on your machine.

• Open the PowerShell as an Administrator.
• Install the Microsoft.Graph.Intune the module from PowerShell Gallery by executing the below command

Install-Module -Name Microsoft.Graph.Intune -Force -Confirm:$false

You may get the below message when the installation is complete, and the box will disappear automatically.

Connect to Intune using PowerShell Commands

It is important to note that the installation of the PowerShell module is a one-time process. However, in order to utilize PowerShell commands to connect to Intune, it is necessary to log in using the Connect-MSGraph command each time.

• Open the PowerShell as an Administrator.
• Type Connect-MSGraph and hit enter
• The PowerShell prompt you to enter the credentials to authenticate Microsoft Graph

You can indeed use Read-Host to prompt for input from the user and store the result in a variable. This can be useful when you need to collect user input for a script. The syntax for use Read-Host is as follows:

$variableName = Read-Host "Enter the input here"

This will prompt the user to enter their input and store the result in the variable named “variableName“. You can then use this variable later in your script as needed. I have developed a small script below that will ask you for the Username and Password as input. The password will be stored as SecureString.  This makes it easy to pass the object into any cmdlet that requires a PSCredential object without having to enter the credentials again. 

####################################################

# Script: Connect-Intune.ps1

# Scope: The below script will login to Intune using supplied PSCredential

# Author: Sujin Nelladath

 ####################################################

$UserName = Read-Host  "Enter the email ID to login" 
$Password = Read-Host  "Enter password " -AsSecureString 

#Create the PSCredential object

$creds = New-Object System.Management.Automation.PSCredential ($UserName, $Password)

#Log in with the credentials

Connect-MSGraph -PSCredential $creds

How to get the full list of Intune cmdlets

We have established a connection with Microsoft Intune through the provided cmdlets. With this, you can have complete control over your Intune environment and manage it through the available cmdlets.

Before starting to work on automation for Intune, it is recommended to have a basic understanding of the Intune cmdlets. Knowing the cmdlets will help in creating efficient and effective scripts for automating Intune tasks. It is also important to stay up-to-date with the latest changes in Intune and its cmdlets to ensure that your automation remains accurate and effective.

• Open the PowerShell as an Administrator.
• Type Get-Command -Module Microsoft.Graph.Intune and hit enter.

Upon hitting enter, a comprehensive list of commands will be presented to you, which can be leveraged to manage your Intune. These commands are designed to streamline your Intune management process, allowing you to manage your resources more effectively.

Learn More About a Particular Intune Cmdlet

The Get-Command -Module Microsoft.Graph.Intune cmdlet had given you the list of cmdlet. We should learn more about the commands before writing efficient and effective scripts for automating Intune. It’s always recommended to refer to the Microsoft documentation to learn more about any PowerShell cmdlet. You could get detailed documentation from the internet by simply pasting the cmdlet in a Google search.

In PowerShell, you can easily access the detailed documentation of each cmdlet by using the Get-Help command followed by the name of the cmdlet you want to learn more about. This will display a comprehensive guide that includes the syntax, parameters, examples, and other useful information about the cmdlet. Additionally, you can use the -Online parameter to open the online documentation in your web browser for even more detailed information. Let’s learn how to use Get-Help command.

• Open the PowerShell as an Administrator
• Authenticate using Connect-MSGraph cmdlet
• Type Get-Help <cmdlet name> and hit enter

Cmdlet	Format
Get-Help	Get-Help <cmdlet name>

In this example, I will show you the details of Get-IntuneManagedDevice cmdlet

• Type Get-Help Get-IntuneManagedDevice and hit enter

PS C:\WINDOWS\system32>  Get-Help Get-IntuneManagedDevice

NAME
    Get-DeviceManagement_ManagedDevices

SYNOPSIS
    Retrieves "microsoft.graph.managedDevice" objects.


SYNTAX
    Get-DeviceManagement_ManagedDevices -managedDeviceId <string> [-Expand <string[]>] [-Select <string[]>] [<CommonParameters>]

    Get-DeviceManagement_ManagedDevices [-Expand <string[]>] [-Filter <string>] [-MaxPageSize <int>] [-OrderBy <string[]>] [-Search <string>] [-Select <string[]>] [-Skip <int>] [-Top <int>] [<CommonParameters>]


DESCRIPTION
    Retrieves "microsoft.graph.managedDevice" objects in the "managedDevices" collection.

    The list of managed devices.

    Graph call: GET ~/deviceManagement/managedDevices


RELATED LINKS
    GitHub Repository https://github.com/Microsoft/Intune-PowerShell-SDK

REMARKS
    To see the examples, type: "get-help Get-DeviceManagement_ManagedDevices -examples".
    For more information, type: "get-help Get-DeviceManagement_ManagedDevices -detailed".
    For technical information, type: "get-help Get-DeviceManagement_ManagedDevices -full".
    For online help, type: "get-help Get-DeviceManagement_ManagedDevices -online"

Script to Display the Registration Status and Last Sync Details of Intune Devices

We possess all the essential information requisite to commence the automation of Intune tasks. The preliminary step towards this end would be to produce a basic script. I have devised a script that exhibits all the devices’ registration statuses and the latest synchronization details.

• Open the PowerShell as an Administrator
• Authenticate using Connect-MSGraph cmdlet
• Paste the code below and execute it

####################################################

# Script: Get-deviceRegistrationState.ps1

# Scope: The below script will display the registration status and last sync date and time of all the devices

# Author: Sujin Nelladath

 ####################################################

#Please authenticate with Intune using Connect-MSGraph
#I have already authenticated with Intune, so there's no need to use the Connect-MSGraph cmdlets. 


$IntuneDevices = Get-IntuneManagedDevice


$output =  foreach($Device in $IntuneDevices)
{
 
$prop = 

@{

   DeviceRegistrationState = $Device.deviceRegistrationState 
   Devicename = $Device.deviceName
   LastSyncDateTime = $Device.lastSyncDateTime

 
}
  
   New-Object -TypeName psobject -Property $prop
 
 
}

$output 

$output variable will have the script output, it should look like below. You can convert the output to a .csv file using ConvertTo-Csv cmdlet.

To obtain the output in the Gridview format, the recommended approach is to employ the Out-GridView command. This command enables the user to display the output in a tabular form with the option to sort, filter, and group the data for improved data analysis. The Gridview format provides a user-friendly interface for viewing and manipulating data, which is particularly useful in business and academic settings where data analysis is a critical component. By utilizing the Out-GridView command, users can streamline data analysis processes and improve the efficiency of their workflow.

The Out-GridView the output should look like the below

That’s it for this week. I’ll discuss more about other Intune cmdlet in the next post. Thank you for your patience in reading this post. See you in the next post. Keep supporting the HTMD Community.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here – HTMD WhatsApp.

Author

About Author – Sujin Nelladath has over 10 years of experience in device management technologies and Automation solutions. He writes and shares his experiences related to Microsoft device management technologies, Azure, and PowerShell automation.