Skip to content

Commit

Permalink
Update GetIntuneAppsWithAssignedGroups.ps1
Browse files Browse the repository at this point in the history
  • Loading branch information
@ashisharya65
ashisharya65 authored Jan 19, 2024
1 parent a3e0fd7 commit 1059c65
Showing 1 changed file with 351 additions and 0 deletions.
351 changes: 351 additions & 0 deletions Intune_Scripts/Apps/GetIntuneAppsWithAssignedGroups.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,351 @@
<#
.SYNOPSIS
PowerShell Script to get all Intune applications deployed to an Azure AD Group.
.DESCRIPTION
WIth this Powershell script, one can easily get all the Intune applications where an Azure AD group is assigned.
.NOTES
Author : Ashish Arya
Date : 06 April 2023
#>

#Function for Setting Environment Variables
Function Set-EnvtVariables {
<#
.SYNOPSIS
Function set the environment variables in user context.
.DESCRIPTION
This script will help you to create the user environment variables on the device where you are executing this script.
This script will ask you to provide the Clientid, ClientSecret and Tenantid from your Azure AD app created for PowerShell-Graph API integration.
.EXAMPLE
Set-EnvtVariables
.NOTES
Name: Set-EnvtVariables
#>
[cmdletbinding()]
param(
[Parameter(Mandatory)]
[string] $ClientId,
[Parameter(Mandatory)]
[string] $ClientSecret,
[Parameter(Mandatory)]
[string] $TenantId
)

$EnvtVariables = @(
[PSCustomObject]@{
Name = "AZURE_CLIENT_ID"
Value = $ClientId
},
[PSCustomObject]@{
Name = "AZURE_CLIENT_SECRET"
Value = $ClientSecret
},
[PSCustomObject]@{
Name = "AZURE_TENANT_ID"
Value = $TenantId
}
)

Foreach ($EnvtVar in $EnvtVariables) {

Try {
[System.Environment]::SetEnvironmentVariable($EnvtVar.Name, $EnvtVar.Value, [System.EnvironmentVariableTarget]::User)
Write-Host "The $EnvtVar was created successfully." -ForegroundColor 'Green'
}
Catch {
Write-Host "Unable to set the $($EnvtVar.Name) environment value. So please set the Environment variables for your Azure AD registered app in order to execute this script successfully." -ForegroundColor 'Red'
}

}
}

#Function To get the access token
Function Get-AuthToken {
<#
.SYNOPSIS
This function uses the Azure AD app details which in turn will help to get the access token to interact with Microsoft Graph API.
.DESCRIPTION
This function uses the Azure AD app details which in turn will help to get the access token to interact with Microsoft Graph API.
As a prerequisite for executing this script, you will require the MSAL.PS powershell module for authenticating to the API.
#>

# Checking if the MSAL.PS Powershell module is installed or not. If not then it will be installed.
$MSALPSModule = Get-Module -Name 'MSAL.PS' -ListAvailable

if ($null -eq $MSALPSModule) {
Write-Host "MSAL.PS PowerShell module is required to be installed on this machine in order to connect to MS Graph API. Hence installing it" -ForegroundColor 'Yellow'
Install-Module -name 'MSAL.PS' -Scope CurrentUser -Force
}

# Azure AD app details
$authparams = @{
ClientId = [System.Environment]::GetEnvironmentVariable("AZURE_CLIENT_ID")
TenantId = [System.Environment]::GetEnvironmentVariable("AZURE_TENANT_ID")
ClientSecret = ([System.Environment]::GetEnvironmentVariable("AZURE_CLIENT_SECRET") | ConvertTo-SecureString -AsPlainText -Force)
}
$auth = Get-MsalToken @authParams

$authorizationHeader = @{
Authorization = $auth.CreateAuthorizationHeader()
}

return $authorizationHeader

}

#Function to get all Intune app
Function Get-IntuneApp() {

<#
.SYNOPSIS
This function is used to get applications from the Graph API REST interface
.DESCRIPTION
The function connects to the Graph API Interface and gets any applications added
.EXAMPLE
Get-IntuneApplication
Returns any applications configured in Intune
.NOTES
NAME: Get-IntuneApplication
#>

[cmdletbinding()]

$graphApiVersion = "Beta"
$Resource = "deviceAppManagement/mobileApps"

try {

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
(Invoke-RestMethod -Uri $uri –Headers $authToken –Method Get).Value | ? { (!($_.'@odata.type').Contains("managed")) }

}

catch {

$ex = $_.Exception
Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Host "Response content:`n$responseBody" -f Red
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
write-host
break

}

}

#Function to get all the assignment details associated with an Intune app
Function Get-IntuneAppAssignment() {

<#
.SYNOPSIS
This function is used to get an application assignment from the Graph API REST interface
.DESCRIPTION
The function connects to the Graph API Interface and gets an application assignment
.EXAMPLE
Get-ApplicationAssignment
Returns an Application Assignment configured in Intune
.NOTES
NAME: Get-ApplicationAssignment
#>

[cmdletbinding()]

param
(
$ApplicationId
)

$graphApiVersion = "Beta"
$Resource = "deviceAppManagement/mobileApps/$ApplicationId/?`$expand=categories,assignments"

try {

if (!$ApplicationId) {

write-host "No Application Id specified, specify a valid Application Id" -f Red
break

}

else {

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
(Invoke-RestMethod -Uri $uri –Headers $authToken –Method Get)

}

}

catch {

$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Host "Response content:`n$responseBody" -f Red
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
write-host
break

}

}

# Getting all the Azure AD group details
Function Get-AADGroup() {

<#
.SYNOPSIS
This function is used to get AAD Groups from the Graph API REST interface
.DESCRIPTION
The function connects to the Graph API Interface and gets any Groups registered with AAD
.EXAMPLE
Get-AADGroup
Returns all users registered with Azure AD
.NOTES
NAME: Get-AADGroup
#>

[cmdletbinding()]

param
(
$GroupName,
$id,
[switch]$Members
)

# Defining Variables
$graphApiVersion = "v1.0"
$Group_resource = "groups"

try {

if ($id) {

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=id eq '$id'"
(Invoke-RestMethod -Uri $uri –Headers $authToken –Method Get).Value

}

elseif ($GroupName -eq "" -or $null -eq $GroupName) {

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)"
(Invoke-RestMethod -Uri $uri –Headers $authToken –Method Get).Value

}

else {

if (!$Members) {

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'"
(Invoke-RestMethod -Uri $uri –Headers $authToken –Method Get).Value

}

elseif ($Members) {

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'"
$Group = (Invoke-RestMethod -Uri $uri –Headers $authToken –Method Get).Value

if ($Group) {

$GID = $Group.id

$Group.displayName
write-host

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)/$GID/Members"
(Invoke-RestMethod -Uri $uri –Headers $authToken –Method Get).Value

}

}

}

}

catch {

$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Host "Response content:`n$responseBody" -f Red
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
write-host
break

}

}
####################################################################################

#Checking if the environment variables for the Azure AD app are created or not
if ($null -eq (Get-ChildItem env: | Where-Object { $_.Name -like "Azure_*" })) {

Write-Host "`nThe environment variables for Azure AD app are not created. Hence creating..." -ForegroundColor "Yellow"

Set-EnvtVariables
}

# Access token for authenticating to MS Graph
$authToken = Get-AuthToken

# Getting all the Intune applications details
$AllApps = Get-IntuneApp | Where-Object { ($_.displayName -like 'Vnext*') -or ($_.id -eq '496f0651-a965-47d9-b6d6-5e2fa912e4dd') `
-or ($_.id -eq '931f5abe-b519-471f-8187-e98a8cb12f8d') -or ($_.displayName -eq 'MicrosoftInfoPath2013_15.0.4753.1001_v1.0') } | `
Select-object displayName, id

# Prompt for enter the Group name
$GroupName = Read-Host -prompt "`nEnter the group name associated to the apps"

# Azure AD Group Object id
$Groupid = (Get-AADGroup -GroupName $GroupName).id

# Looping through all the apps to get those apps which has the group in the assignment section
Write-Host "`Checking if the $GroupName group is assigned to any app or not" -ForegroundColor 'Yellow' -NoNewLine
1..5 | Foreach {
Write-Host "." -F "Yellow" -NoNewLine
Start-Sleep $_
}

$Applist = @()
Foreach ($App in $AllApps) {

$AssigedGroupId = ((Get-IntuneAppAssignment -applicationId $App.Id).assignments.target | Select-Object @{n='GroupId';e={$_.groupId}}).GroupId

If ($AssigedGroupId -eq $Groupid) {
$Applist += $App.displayName
}
}

If ([string]::IsNullOrEmpty($Applist)){
Write-Host ("`nThe $GroupName group is not assigned to any app.") -ForegroundColor "Yellow"
}
Else{
Write-Host "Collating all the applications details" -F "Yellow" -NoNewLine
1..5 | Foreach {
Write-Host "." -F "Yellow" -NoNewLine
Start-Sleep $_
}
Write-Host -ForegroundColor Cyan "`n---------------------------------"
Write-Host -ForegroundColor Cyan "| Application Names |"
Write-Host -ForegroundColor Cyan "---------------------------------"

#Writing all the Application names to the console
Write-Host -ForegroundColor "Cyan" "$Applist"
}

Write-Host

0 comments on commit 1059c65

Please sign in to comment.