forked from timmyit/Intune
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-IntuneAssignmentsforEntraIDGroup
136 lines (99 loc) · 6.48 KB
/
Get-IntuneAssignmentsforEntraIDGroup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#requires -Modules Microsoft.Graph.DeviceManagement,Microsoft.Graph.Groups
Connect-MgGraph -Scopes Group.Read.All, DeviceManagementManagedDevices.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementApps.Read.All -NoWelcome
#Group Name
$groupName = 'All-Windows'
#Graph API version
$graphApiVersion = 'Beta'
### Get Azure AD Group
$group = Get-MgGroup -Filter "DisplayName eq '$groupName'"
# Applications
$resource = 'deviceAppManagement/mobileApps'
$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)?`$expand=Assignments"
$applicationAssignments = (Invoke-MgGraphRequest -Method GET -Uri $uri).Value | Where-Object { $_.assignments.target.groupId -match $group.id }
Write-Host "The following applications have been assigned to: $($group.DisplayName)" -ForegroundColor Cyan
foreach ($assignment in $applicationAssignments) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
# Application Configurations (App Configs)
$resource = 'deviceAppManagement/targetedManagedAppConfigurations'
$uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)?`$expand=Assignments"
$applicationConfigurationAssignments = (Invoke-MgGraphRequest -Method GET -Uri $uri).Value | Where-Object { $_.assignments.target.groupId -match $group.id }
Write-Host "The following App Configurations have been assigned to: $($group.DisplayName)" -ForegroundColor Cyan
foreach ($assignment in $applicationConfigurationAssignments) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
## App protection policies
$applicationProtectionEndpoints = @{
iosManagedAppProtections = 'deviceAppManagement/iosManagedAppProtections'
androidManagedAppProtections = 'deviceAppManagement/androidManagedAppProtections'
windowsManagedAppProtections = 'deviceAppManagement/windowsManagedAppProtections'
mdmWindowsInformationProtectionPolicies = 'deviceAppManagement/mdmWindowsInformationProtectionPolicies'
}
foreach ($endpoint in $applicationProtectionEndpoints.GetEnumerator()) {
$applicationProtectionAssignments = (Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/$($endpoint.Value)?`$expand=Assignments").Value | Where-Object { $_.assignments.target.groupId -match $group.id }
Write-Host 'The following App Protection / '$($endpoint.Value)" have been assigned to: $($group.DisplayName)" -ForegroundColor Cyan
foreach ($assignment in $applicationProtectionAssignments) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
}
### Device Compliance Policy
$resource = 'deviceManagement/deviceCompliancePolicies'
$uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)?`$expand=Assignments"
$deviceComplianceAssignments = (Invoke-MgGraphRequest -Method GET -Uri $uri).Value | Where-Object { $_.assignments.target.groupId -match $Group.id }
Write-Host "The following Device Compliance Policies have been assigned to: $($Group.DisplayName)" -ForegroundColor Cyan
foreach ($assignment in $deviceComplianceAssignments) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
# Device Configuration
$deviceConfigurationEndpoints = @{
ConfigurationPolicies = 'deviceManagement/configurationPolicies'
DeviceConfigurations = 'deviceManagement/deviceConfigurations'
GroupPolicyConfigurations = 'deviceManagement/groupPolicyConfigurations'
MobileAppConfigurations = 'deviceAppManagement/mobileAppConfigurations'
}
foreach ($endpoint in $deviceConfigurationEndpoints.GetEnumerator()) {
$uri = "https://graph.microsoft.com/$graphApiVersion/$($endpoint.Value)?`$expand=Assignments"
$deviceConfigurationAssignments = (Invoke-MgGraphRequest -Method GET -Uri $uri).Value | Where-Object { $_.assignments.target.groupId -match $Group.id }
Write-Host 'The following Device Configuration / '$($endpoint.Value)" have been assigned to: $($Group.DisplayName)" -ForegroundColor Cyan
foreach ($assignment in $deviceConfigurationAssignments) {
if ($($null -ne $assignment.displayName)) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
else {
Write-Host "$($assignment.Name)" -ForegroundColor Yellow
}
}
}
### Platform Scrips / Device Management
$resource = 'deviceManagement/deviceManagementScripts'
$uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)"
$allPlatformScripts = Invoke-MgGraphRequest -Method GET -Uri $uri
Write-Host "The following Platform Scripts / Device Management scripts have been assigned to: $($group.DisplayName)" -ForegroundColor cyan
foreach ($script in $allPlatformScripts) {
$scriptAssignments = (Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$($script.Id)?`$expand=assignments").Value | Where-Object { $_.assignments.target.groupId -match $group.id }
foreach ($assignment in $scriptAssignments) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
}
### Remediation scripts
$uri = 'https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts'
$allRemediationScripts = Invoke-MgGraphRequest -Method GET -Uri $uri
Write-Host "The following Remediation Scripts have been assigned to: $($group.DisplayName)" -ForegroundColor Cyan
foreach ($script in $allRemediationScripts) {
$scriptAssignments = (Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/$($script.Id)?`$expand=Assignments").Value | Where-Object { $_.assignments.target.groupId -match $group.id }
foreach ($assignment in $scriptAssignments) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
}
### Windows Autopilot profiles
$resource = 'deviceManagement/windowsAutopilotDeploymentProfiles'
$uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)"
$allWindowsAutoPilotProfiles = Invoke-MgGraphRequest -Method GET -Uri $uri
Write-Host "Following Autopilot Profiles have been assigned to: $($group.DisplayName)" -ForegroundColor Cyan
foreach ($profile in $allWindowsAutoPilotProfiles) {
$windowsAutoPilotProfileAssignments = (Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$($profile.Id)?`$expand=Assignments").value | Where-Object { $_.target.groupId -match $group.id }
foreach ($assignment in $windowsAutoPilotProfileAssignments) {
Write-Host "$($assignment.DisplayName)" -ForegroundColor Yellow
}
}
Disconnect-MgGraph