Last active
July 13, 2023 20:58
-
-
Save SMSAgentSoftware/0e6fff650d4c668002393d2cc03af384 to your computer and use it in GitHub Desktop.
Retrieves the Intune remediation scripts statuses for one or more managed devices
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Get-IntuneDeviceRemediationsStatus { | |
[CmdletBinding()] | |
Param | |
( | |
[Parameter(Mandatory=$true)] | |
[ValidateNotNull()] | |
[ValidateNotNullOrEmpty()] | |
[string[]] | |
$Computername | |
) | |
# Requires the Intune PowerShell SDK (Microsoft.Graph.Intune) | |
# MS Graph required permissions (delegated) | |
# DeviceManagementManagedDevices.Read.All | |
# DeviceManagementConfiguration.Read.All | |
Begin | |
{ | |
$script:GraphToken = Connect-MSGraph -PassThru | |
$ProgressPreference = 'SilentlyContinue' | |
Function script:Invoke-LocalGraphRequest { | |
Param ($URL,$Headers,$Method) | |
try | |
{ | |
$WebRequest = Invoke-WebRequest -Uri $URL -Method $Method -Headers $Headers -UseBasicParsing | |
} | |
catch | |
{ | |
$Response = $_ | |
$WebRequest = [PSCustomObject]@{ | |
Message = $response.Exception.Message | |
StatusCode = $response.Exception.Response.StatusCode | |
StatusDescription = $response.Exception.Response.StatusDescription | |
} | |
} | |
Return $WebRequest | |
} | |
Function Get-IntuneManagedDevices { | |
param($DeviceName) | |
$URL = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=deviceName eq '$DeviceName'" | |
$headers = @{'Authorization'="Bearer " + $GraphToken} | |
$GraphRequest = Invoke-LocalGraphRequest -URL $URL -Headers $headers -Method GET | |
return $GraphRequest | |
} | |
Function Get-IntuneSingleDeviceRemediationStatus | |
{ | |
param($DeviceId,$URL) | |
If ($null -eq $URL) | |
{ | |
$URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices('$DeviceID')/deviceHealthScriptStates" | |
} | |
$headers = @{'Authorization'="Bearer " + $GraphToken} | |
$GraphRequest = Invoke-LocalGraphRequest -URL $URL -Headers $headers -Method GET | |
return $GraphRequest | |
} | |
} | |
Process | |
{ | |
foreach ($Computer in $Computername) | |
{ | |
# Find managed device in Graph | |
$result = Get-IntuneManagedDevices -DeviceName "$Computer" | |
if ($result.StatusCode -ne 200) | |
{ | |
Write-Error $result | |
continue | |
} | |
# Make sure only 1 result returned | |
$Device = $result.Content | ConvertFrom-Json | Select -ExpandProperty value | |
if ($null -eq $Device) | |
{ | |
Write-Error "Device not found" | |
continue | |
} | |
if ($Device.Count -gt 1) | |
{ | |
Write-Error "Multiple devices found with the name '$Computer'. Device names must be unique." | |
continue | |
} | |
# Get the remediations status | |
$result = Get-IntuneSingleDeviceRemediationStatus -DeviceID $Device.id | |
if ($result.StatusCode -ne 200) | |
{ | |
Write-Error $result | |
continue | |
} | |
# Do paging | |
$Content = $result.Content | ConvertFrom-Json | |
$Statuses = [System.Collections.Generic.List[Object]]::new() | |
$Statuses.AddRange($Content.value) | |
If ($null -ne $Content.'@odata.nextLink') | |
{ | |
do | |
{ | |
$result = Get-IntuneSingleDeviceRemediationStatus -URL $Content.'@odata.nextLink' | |
if ($result.StatusCode -ne 200) | |
{ | |
Write-Error $result | |
continue | |
} | |
$Content = $result.Content | ConvertFrom-Json | |
$Statuses.AddRange($Content.value) | |
} | |
until ($null -eq $Content.'@odata.nextLink') | |
} | |
# Select only the desired properties | |
if ($Statuses.Count -lt 1) | |
{ | |
Write-Warning "No remediations status found for '$Computer'" | |
continue | |
} | |
$Statuses = $Statuses | Select -Property * -Unique | |
$Properties = @("deviceName","policyName","userName","lastStateUpdateDateTime","detectionState","remediationState","preRemediationDetectionScriptOutput","preRemediationDetectionScriptError","remediationScriptError","postRemediationDetectionScriptOutput","postRemediationDetectionScriptError") | |
($Statuses | Select -Property $Properties | Sort policyName) | |
} | |
} | |
End | |
{ | |
} | |
} | |
# Example usage | |
Get-IntuneDeviceRemediationsStatus -Computername "PC001","PC002" | Out-GridView |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment