Today, I would like to explain how to track all Intune Policy and App Assignments for users, devices and Entra ID groups with Assignment Checker. Intune Assignment Checker can manage app access by including or excluding user groups. Set the assignment type to decide if the app is available, required, or to be uninstalled. This allows you to target specific groups effectively.
Keeping track of Intune assignments can be a challenge. Ugur_Koc, a Copper Contributor, has published a helpful script for managing Intune assignments. The Intune Assignment Checker script simplifies this process by providing a comprehensive overview of assigned Intune Configuration Profiles, Compliance Policies, and Applications for users, groups, and devices.
The Intune Assignment Checker script helps administrators easily see which policies and apps target specific entities, improving management and troubleshooting. He also added an option to list all Assignments to all users and all devices.
Through this blog post, I will explain briefly how to the Intune Assignment Checker works and what are the Features, Prerequisites and Usage. I hope, this will help you to checks which users, groups or devices are assigned to specific Intune policies.
Table of Contents
What are the Features Intune Assignment Checker?
Intune Assignment Checker simplifies user, group, and device assignment management, offering a thorough view of All User and All Device assignments. It supports secure certificate-based authentication and stays up-to-date with built-in auto-updates.
Detailed reporting, including interactive HTML reports with charts and filterable tables, provides valuable insights into Configuration Profiles, Compliance Policies, and Applications.
Track All Intune Policy and App Assignments for Users Devices and Entra ID Groups with Assignment Checker
Ugur Koc, a Copper Contributor, demonstrated the Intune Assignment Checker, a tool for efficient Intune management. It began by checking and installing PowerShell 7 if necessary.
Note: Install PowerShell 7 using the command line with winget install -id Microsoft.Powershell
After installing the Intune Assignment Checker script from the PowerShell Gallery, the script was executed in a new PowerShell 7 session connected to the Intune tenant. The demonstration included generating an HTML report that retrieves tenant configurations and applications, providing an overview of the Intune environment with graphs and filterable tables for assigned and unassigned policies.
Intallation Methods Intune Assignment Checker Script
We can install Intune Assignment Checker Script with 2 methods like Install from PowerShell Gallery (Recommended) and Manual Installation.
Method 1 Install the Intune Assignment Checker script from the PowerShell Gallery
To install the Intune Assignment Checker script, begin using the `Install-Module -Name IntuneAssignmentChecker` command from the PowerShell Gallery. Next, add the path of the PowerShell script to your session with `$env:Path += “;C:\Path\To\Your\Script”`. After that, execute the script and troubleshoot any installation issues if necessary. When prompted, connect to your Intune tenant.
Install from PowerShell Gallery
Install-PSResource IntuneAssignmentChecker
Open a new PowerShell 7 session to run the script with
IntuneAssignmentChecker
If you encounter any issues during installation, try reinstalling:
Install-PSResource IntuneAssignmentChecker -Reinstall
To update to the latest version:
Update-PSResource IntuneAssignmentChecker
To generate an HTML report, select option 7 from the menu, and the script will start fetching configurations and applications from your tenant. Please note that the report generation time may vary based on your tenant’s configuration size. Finally, once the report is generated, you can open the HTML file to view its contents.
The Final Report
The report offers several features designed to enhance data analysis, including graphs, tables, and filtering options, such as assignments for all users, all devices, or unassigned policies. Additionally, the final HTML report is a single file, which makes it easy to share with others when needed.
- Intune Exam MD 102 Study Guide Starter Kit – Microsoft Intune Certification
- Microsoft Intune Introduces New AI Powered Support Assistant for Issue Resolution
- MDM Lifecycle Management with Microsoft Intune From Enrollment to Retirement
Method 2: Manual Installation
To start with the Microsoft Graph PowerShell SDK, you can install it by executing the following command:
Install Microsoft Graph PowerShell SDK
Install-Module Microsoft.Graph.Authentication -Scope CurrentUser
Once the installation is complete, download the script and run it using this command:
# Download and run the script
.\IntuneAssignmentChecker_v3.ps1
Prerequisites
The Intune Assignment Checker script makes it easier to see what Intune Configuration Profiles, Compliance Policies, and Applications are assigned to users, groups, and devices. Before running this script, you will need some prerequisites, which are given below for you to review.
| Powershell Version | PowerShell Modules | Permissions |
|---|---|---|
| This script requires PowerShell 7.0 or higher. You can check your version by running $PSVersionTable.PSVersion. | Microsoft Graph PowerShell SDK You can install it using: Install-Module Microsoft.Graph -Scope CurrentUser | Entra ID application registration requires the following permissions: – User.Read.All– Group.Read.All– Device.Read.All– DeviceManagementApps.Read.All– DeviceManagementConfiguration.Read.All– DeviceManagementManagedDevices.Read.All |
Usage
The Intune Assignment Checker script features a user-friendly menu interface with options such as Assignment Checks, Policy Overview, Advanced Options, and System Options. The following table briefly describes each option’s features.
| Assignment Checks | Policy Overview | Advanced Options | System Options |
|---|---|---|---|
| This tool offers comprehensive assignment checks for users, groups, and devices. For users, it displays all assigned policies and apps, including direct and group-based assignments, with support for multiple user lookups. Group assignment checks show all assigned policies and apps, including assignment types (Include/Exclude), and support numerous group lookups. Device assignment checks reveal all assigned policies and apps, including inherited assignments from device groups, and support multiple device lookups. | This tool provides an overview of all Intune policies, grouped by type and platform, and includes detailed assignment information. It also offers dedicated views for All Users and All Devices assignments. The All Users view lists policies assigned to all users, including apps and configurations, helping identify broad-scope policies. Similarly, the All Devices view lists policies assigned to all devices, showing platform-specific assignments and identifying universal device policies. | The reporting features include generating interactive HTML reports with charts, graphs, filterable tables, search functionality, and dark/light mode. These reports can be exported to Excel or CSV. The tool also helps identify unassigned policies, grouped by type, to facilitate cleanup. Furthermore, it can check for assignments to empty groups, highlighting potentially ineffective policies, and offers CSV export of these findings. | The tool can be safely closed using the Exit (0) command, and any bugs can be reported by using the Report Bug (99) command, which opens the GitHub issues page. |
Resources
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.