Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (2024)

This guide will help you automate theMicrosoft Intune Device Non-Compliance Report using PowerShell Script. This article will teach us how to get Microsoft Intune Device Non-Compliance devices using PowerShell Script. This method is limited to devices enrolled inMicrosoft Intune. Let’s learn together..!

You have likely automated numerous day-to-day Intune tasks using PowerShell and the Microsoft Graph API. If you have not yet begun automating tasks within Intune, this may serve as an excellent starting point.

Microsoft Graph, a RESTful web API, facilitates access to Microsoft Cloud service resources. It lets you access data, intelligence, and insights fromMicrosoft 365and other Microsoft Cloud services through a single endpoint, including data from Microsoft 365, Windows, and Enterprise Mobility + Security.

Many readers would have already used Graph Explorer for the Microsoft Graph API calls. Graph Explorer is a handy browser-based tool for running your Graph calls; it doesn’t need any module or set-up file to be installed on your local machine. However, Installing the Microsoft Graph PowerShell SDK is necessary to automate Microsoft Graph tasks using PowerShell.

Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (1)

Table of Contents

Before you get started

Before you begin, make sure to install the Microsoft Graph PowerShell Modules. Microsoft has published the Microsoft Graph PowerShell SDK on the PowerShell Gallery. The SDK includes two modules, Microsoft. Graph and Microsoft.Graph.Beta are called the Microsoft Graph REST API v1.0 and Microsoft Graph REST API beta.

Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (2)

To install the Microsoft Graph PowerShell SDK, your PowerShell version should be at least 5.1 or later. However, Microsoft recommends having PowerShell 7 or later. As per Microsoft, no additional prerequisites are required to use the SDK with PowerShell 7 or later.

Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (3)

Read More : Best Guide to Install Microsoft Graph PowerShell Modules

You should have .NET Framework 4.7.2 or later installed on your machine before installing Microsoft Graph PowerShell modules. Microsoft suggests updatingPowerShellGetto the latest version usingthe command Install-Module PowerShellGet. Also, the PowerShell script execution policy must be set toremote signedorless restrictive.

  • Best Guide to Restart Intune Devices Remotely using Microsoft Graph API and PowerShell
  • Intune Policy Assignment Classification Easy Secrets of using Graph API with PowerShell
  • Manage Intune Tasks with PowerShell
  • Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period

Automate Microsoft Intune Device Non-Compliance Report using PowerShell Script

Well, we discussed enough before we start coding.! Let’s write the PowerShell Script to get Microsoft Intune Non-Compliance Devices. We have already installed theMicrosoft Graph PowerShell SDKon my local machine

You must Sign in usingConnect-MgGraphcommand each time to automate your daily tasks

  • Open thePowerShellas anAdministrator.
  • TypeConnect-MgGraphand hit enter
  • ThePowerShellprompt you to enter thecredentialsto authenticateMicrosoft Graph.
NOTE! To grant more permissions, you can repeat the Connect-MgGraph command with the new permission scopes added.

In this example, we need the below permissions to get Microsoft Intune Non-Compliance Devices using the PowerShell script.

NameDescription
DeviceManagementManagedDevices.Read.AllRead Intune managed devices
DeviceManagementManagedDevices.ReadWrite.AllRead and Write Intune-managed devices

Kindly repeat theConnect-MgGraphcmdlet with the new permission scopes added using the below command.

Connect-MGGraph -Scopes DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All
Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (4)

PowerShell Script

I have successfully connected to MgGraph with the necessary permissions. In this instance, I am utilizing the following script to assess all devices managed by Intune. The objective is to identify and display only those devices that are considered non-compliant.

############################################################################Get-IntuneManagedNonComplianceDevices.ps1#Scope : This script will retrive Microsoft Intune Non-Compliance Devices #Author : Sujin Nelladath#LinkedIn : https://www.linkedin.com/in/sujin-nelladath-8911968a/############################################################################# Connect to Microsoft Graph API with required permissionConnect-MGGraph -Scopes DeviceManagementManagedDevices.Read.All, DeviceManagementManagedDevices.ReadWrite.All# Define the API endpoint for Intune devices$endpoint = 'https://graph.microsoft.com/v1.0/deviceManagement/managedDevices'# Get all managed devices$devices = Invoke-MgGraphRequest -Uri $endpoint -Method GET# Filter non-compliant devices$nonCompliantDevices = $devices.value | Where-Object { $_.complianceState -eq "noncompliant" }# Create a PS Object$pSObject = [PSCustomObject]@{ DeviceName = $nonCompliantDevices.deviceName ComplianceState = $nonCompliantDevices.complianceState}# List of Non-Compliant Devices$nonCompliantDeviceDetails = @()for ($i = 0; $i -lt $pSObject.DeviceName.Count; $i++) { $nonCompliantDeviceDetails += [PSCustomObject]@{ DeviceName = $pSObject.DeviceName[$i] ComplianceState = $pSObject.ComplianceState[$i] }}#Display the Non-Compliant Devices$nonCompliantDeviceDetails
  • Time to use Microsoft Graph Device Management PS Module Instead of MS GraphIntuneModule
  • Run Remediation Script on-demand for Windows Devices using Intune
  • PowerShell Script to Create a Local Admin Account using Intune
Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (5)

Please click thegreenplay button in the PowerShell ISE window to execute the script. This code is designed to identify Microsoft Intune-managed devices that are non-compliant within your organization. The output will be presented inPSCustomObjectformat and organized in atabularstructure for clarity.

Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (6)

Export PowerShell output to CSV format

Let’s see how to export the PowerShell output toCSV(Comma-Separated Value ) format easily. The variable $nonCompliantDeviceDetails contains the entire script output in tabular form. This can be achieved simply by using the Export-Csv cmdlet.

$nonCompliantDeviceDetails | Export-Csv -Path C:\temp\IntuneNonComplaintDevices.csv -NoTypeInformation 
Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (7)
  • Be sure to include the -NoTypeInformationparameter, as it removes the information header from the output.

I trust that this article will greatly benefit you and your organization. Thank you for your patience in reading this post. I look forward to seeing you in the next post. Keep supporting theHTMD Community.

  • How to Retrieve PowerShell Scripts from Intune using Microsoft Graph
  • Explore Kusto Query Language (KQL) and Intune Device Query
  • Best Guide to Restart Intune Devices Remotely using Microsoft Graph API and PowerShell

Need Further Assistance or Have Technical Questions?

Join theLinkedIn PageandTelegram groupto get the latest step-by-step guides and news updates. Join ourMeetup Pageto participate in User group meetings. Also, Join theWhatsApp Communityto get the latest news on Microsoft Technologies. We are there onRedditas well.

Author

About the Author:Sujin Nelladath, aMicrosoft Graph MVPwith over 10 years of experience in SCCM device management and Automation solutions, writes and shares his experiences with Microsoft device management technologies, Azure, DevOps and PowerShell automation.

Automate Microsoft Intune Device Non-Compliance Report Using PowerShell Script HTMD Blog (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Carlyn Walter

Last Updated:

Views: 6389

Rating: 5 / 5 (70 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Carlyn Walter

Birthday: 1996-01-03

Address: Suite 452 40815 Denyse Extensions, Sengermouth, OR 42374

Phone: +8501809515404

Job: Manufacturing Technician

Hobby: Table tennis, Archery, Vacation, Metal detecting, Yo-yoing, Crocheting, Creative writing

Introduction: My name is Carlyn Walter, I am a lively, glamorous, healthy, clean, powerful, calm, combative person who loves writing and wants to share my knowledge and understanding with you.