Base script
# You need an appProfile with intune permissions
$tenantId = 'xxxxxxxxxxxx' # You Tenant ID
$appId = 'xxxxxxxxxxxxx' # Application (client) ID
$appSecret = 'xxxxxxxxxxxxxx' #Value
$body = @{
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/.default"
client_id = $appId
client_secret = $appSecret
}
$response = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Method Post -Body $body -ContentType "application/x-www-form-urlencoded"
$token = $response.access_token
# connecting as the application with the permission on the service
Connect-MgGraph -AccessToken ($Token |ConvertTo-SecureString -AsPlainText -Force)
#disConnect-MgGraph
# (get-mgcontext).Scopes
# (get-mgcontext)
if (get-mgcontext) {write-host "Connected to O365" -ForegroundColor Green}
else { write-host "Disconnected from O365"
break}
# Retrieve all mobile apps
$Allapps = Get-MgDeviceAppManagementMobileApp
$Allapps.Count
# Filter apps where the installCommandLine contains ".exe"
$exeApps = $Allapps | Where-Object {
$_.AdditionalProperties['installCommandLine'] -match '\.exe'
}
# Display the filtered apps
$exeApps | ForEach-Object {
$formattedDate = if ($_.LastModifiedDateTime -ne $null) { $($_.LastModifiedDateTime).ToString("yyyy-MM-dd") }
else { "N/A" }
Write-Host "DisplayName;$($_.DisplayName);LastMod;$formattedDate;CommandLine;$($_.AdditionalProperties['installCommandLine']);AppID;$($_.Id)"
}
List of Azure (Entra) AD Groups used for deployment
# Retrieve assignments for each app
$assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $_.Id
# Extract group display names from assignments
$groupNames = $assignments | ForEach-Object {
# Check if the target is a group
if ($_.Target.GroupId -ne $null) {
# Retrieve group details
$group = Get-MgGroup -GroupId $_.Target.GroupId
$group.DisplayName
}
} | Sort-Object | Get-Unique
# Format the list of group names
$groupNamesFormatted = if ($groupNames -ne $null) {
$groupNames -join ", "
} else {
"No groups assigned"
}
# Format the last modified date
$formattedDate = if ($_.LastModifiedDateTime -ne $null) {
($_.LastModifiedDateTime).ToString("yyyy-MM-dd")
} else {
"N/A"
}
# Output the information
Write-Host "DisplayName;$($_.DisplayName);LastMod;$formattedDate;AppID;$($_.Id);Groups;$groupNamesFormatted"
}
Get the groups names out too
# Function to get group name from group ID
function Get-GroupNameFromId($groupId) {
try {
$group = Get-MgGroup -GroupId $groupId
return $group.DisplayName
} catch {
return "Unknown Group"
}
}
# Loop through each app
$exeApps | ForEach-Object {
# Retrieve assignments for each app
$assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $_.Id
# Prepare to store group and assignment type information
$assignmentInfo = @()
# Loop through each assignment and gather necessary details
$assignments | ForEach-Object {
$assignmentDetails = "Assignment ID: $($_.Id); Intent: $($_.Intent)"
# Check if the target is present and add its properties to details
if ($_.Target -ne $null) {
$groupId = $_.Target.AdditionalProperties["groupId"]
$groupName = Get-GroupNameFromId -groupId $groupId
$assignmentDetails += "; Group Name: $groupName"
} else { $assignmentDetails += "; No target details available." }
# Add the collected details to the main assignment info array
$assignmentInfo += $assignmentDetails
}
# Format the list of assignment information
$assignmentInfoFormatted = if ($assignmentInfo.Count -gt 0) {
$assignmentInfo -join " | "
} else { "No assignments" }
# Format the last modified date
$formattedDate = if ($_.LastModifiedDateTime -ne $null) {
($_.LastModifiedDateTime).ToString("yyyy-MM-dd")
} else { "N/A" }
# Output the information in a single line
Write-Host "DisplayName: $($_.DisplayName); Assignments: $assignmentInfoFormatted "# ;LastMod: $formattedDate; AppID: $($_.Id)"
}
No comments:
Post a Comment