One of the critical tasks for administrators is managing and fetching assignments for various profiles in Intune—whether for device configurations, application deployments, or security policies. In this post, we’ll walk through a PowerShell script designed to efficiently retrieve assignments for all your created configuration profiles, compliance policies, applications, scripts, and more within Microsoft Intune.
This script proves especially valuable when cleaning up unused or test profiles and applications. Maintaining a clean and organized Intune environment is crucial for ensuring efficiency and preventing issues related to obsolete or unnecessary configurations.
The inspiration for this script came from a request asking for an easy way to identify and retrieve assignments for all the resources created within Intune. The goal was to simplify the process of locating and managing stale profiles or configurations, making it easier to maintain a streamlined setup.
Fetching assignment data is essential for confirming that your device configurations and app profiles are correctly deployed and assigned to the right users or groups. Administrators may need to perform audits, generate reports, troubleshoot issues, or clean up unnecessary assignments. Whether managing a small set of devices or a large enterprise environment, automating this task can save considerable time and ensure greater accuracy in your management efforts.
Table of Contents
What Assignments will be fetched?
While I plan to continuously improve and expand this script to cover even more assignments within Intune, the current version is designed to fetch the following assignments:
- Configuration Profiles
- Compliance Policies
- Applications
- Remediation Scripts
- Platform Scripts
The script is structured in a way that allows for easy extension, so additional functionality to retrieve assignments for other Intune settings can be added with minimal effort.
Now that we’ve outlined what the script will fetch, let’s not waste any more time—let’s dive into the script itself!
GitHub Page
Find the script on my GitHub page, where documentation and the script’s requirements are available.
Script Logic
This PowerShell script is designed to automate the retrieval of assignments for Intune resources, including configuration profiles, compliance policies, applications, remediation scripts, platform scripts, macOS shell scripts, and app protection policies.
The script begins by checking if the Microsoft.Graph module is already installed. If not, it automatically installs the module using the Install-Module cmdlet. This ensures that the script runs smoothly on any machine, whether or not the module is already present. Once the module is confirmed to be installed, it is imported to allow the script to interact with the Microsoft Graph API.
Next, the script authenticates to Microsoft Graph using the Connect-MgGraph cmdlet, specifying the necessary permissions for accessing Intune resources and group information. If authentication is successful, a confirmation message is shown. If there’s an issue with the authentication process, an error message is displayed, and the script halts.
After successfully authenticating, the script retrieves data from multiple Microsoft Graph API endpoints that cover various Intune resources. Each resource—such as configuration profiles, compliance policies, and applications—is processed individually, where the script fetches relevant assignments and groups. It specifically handles built-in groups like “All Devices” and “All Users” by interpreting the special identifiers used by Microsoft Graph. The results are then formatted into a user-friendly format, showing the resource name, assigned group(s), and type.
This automated workflow eliminates the need for manual querying of Intune resources, making the process more efficient and reliable. It also outputs the results in an easy-to-read format, providing valuable insights into how various Intune resources are assigned across different groups.
Other Interesting Posts