SMSAgentSoftware/Get-IntuneDeviceRemediationsStatus.ps1

## Get-IntuneDeviceRemediationsStatus.ps1
Function Get-IntuneDeviceRemediationsStatus {
    [CmdletBinding()]
    Param
    (
        [Parameter(Mandatory=$true)]
        [ValidateNotNull()]
        [ValidateNotNullOrEmpty()]
        [string[]]
        $Computername
    )

    # Requires the Intune PowerShell SDK (Microsoft.Graph.Intune)
    # MS Graph required permissions (delegated)
    # DeviceManagementManagedDevices.Read.All
    # DeviceManagementConfiguration.Read.All

    Begin
    {
        $script:GraphToken = Connect-MSGraph -PassThru
        $ProgressPreference = 'SilentlyContinue'

        Function script:Invoke-LocalGraphRequest {
            Param ($URL,$Headers,$Method)
            try
            {
                $WebRequest = Invoke-WebRequest -Uri $URL -Method $Method -Headers $Headers -UseBasicParsing
            }
            catch
            {
                $Response = $_
                $WebRequest = [PSCustomObject]@{
                    Message = $response.Exception.Message
                    StatusCode = $response.Exception.Response.StatusCode
                    StatusDescription = $response.Exception.Response.StatusDescription
                }
            }
            Return $WebRequest
        }

        Function Get-IntuneManagedDevices {
            param($DeviceName)
            $URL = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=deviceName eq '$DeviceName'"
            $headers = @{'Authorization'="Bearer " + $GraphToken}
            $GraphRequest = Invoke-LocalGraphRequest -URL $URL -Headers $headers -Method GET
            return $GraphRequest
        }

        Function Get-IntuneSingleDeviceRemediationStatus
        {
            param($DeviceId,$URL)
            If ($null -eq $URL)
            {
                $URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices('$DeviceID')/deviceHealthScriptStates"
            }
            $headers = @{'Authorization'="Bearer " + $GraphToken}
            $GraphRequest = Invoke-LocalGraphRequest -URL $URL -Headers $headers -Method GET
            return $GraphRequest
        }
    }
    Process
    {
        foreach ($Computer in $Computername)
        {
            # Find managed device in Graph
            $result = Get-IntuneManagedDevices -DeviceName "$Computer"
            if ($result.StatusCode -ne 200)
            {
                Write-Error $result
                continue
            }

            # Make sure only 1 result returned
            $Device = $result.Content | ConvertFrom-Json | Select -ExpandProperty value
            if ($null -eq $Device)
            {
                Write-Error "Device not found"
                continue
            }
            if ($Device.Count -gt 1)
            {
                Write-Error "Multiple devices found with the name '$Computer'. Device names must be unique."
                continue
            }

            # Get the remediations status
            $result = Get-IntuneSingleDeviceRemediationStatus -DeviceID $Device.id
            if ($result.StatusCode -ne 200)
            {
                Write-Error $result
                continue
            }

            # Do paging
            $Content = $result.Content | ConvertFrom-Json
            $Statuses = [System.Collections.Generic.List[Object]]::new()
            $Statuses.AddRange($Content.value)
            If ($null -ne $Content.'@odata.nextLink')
            {
                do
                {
                    $result = Get-IntuneSingleDeviceRemediationStatus -URL $Content.'@odata.nextLink'
                    if ($result.StatusCode -ne 200)
                    {
                        Write-Error $result
                        continue
                    }
                    $Content = $result.Content | ConvertFrom-Json
                    $Statuses.AddRange($Content.value)
                }
                until ($null -eq $Content.'@odata.nextLink')
            }

            # Select only the desired properties
            if ($Statuses.Count -lt 1)
            {
                Write-Warning "No remediations status found for '$Computer'"
                continue
            }
            $Statuses = $Statuses | Select -Property * -Unique
            $Properties = @("deviceName","policyName","userName","lastStateUpdateDateTime","detectionState","remediationState","preRemediationDetectionScriptOutput","preRemediationDetectionScriptError","remediationScriptError","postRemediationDetectionScriptOutput","postRemediationDetectionScriptError")
            ($Statuses | Select -Property $Properties |  Sort policyName)
        }
    }
    End
    {
    }
}

# Example usage
Get-IntuneDeviceRemediationsStatus -Computername "PC001","PC002" | Out-GridView
	Function Get-IntuneDeviceRemediationsStatus {
	[CmdletBinding()]
	Param
	(
	[Parameter(Mandatory=$true)]
	[ValidateNotNull()]
	[ValidateNotNullOrEmpty()]
	[string[]]
	$Computername
	)

	# Requires the Intune PowerShell SDK (Microsoft.Graph.Intune)
	# MS Graph required permissions (delegated)
	# DeviceManagementManagedDevices.Read.All
	# DeviceManagementConfiguration.Read.All

	Begin
	{
	$script:GraphToken = Connect-MSGraph -PassThru
	$ProgressPreference = 'SilentlyContinue'

	Function script:Invoke-LocalGraphRequest {
	Param ($URL,$Headers,$Method)
	try
	{
	$WebRequest = Invoke-WebRequest -Uri $URL -Method $Method -Headers $Headers -UseBasicParsing
	}
	catch
	{
	$Response = $_
	$WebRequest = [PSCustomObject]@{
	Message = $response.Exception.Message
	StatusCode = $response.Exception.Response.StatusCode
	StatusDescription = $response.Exception.Response.StatusDescription
	}
	}
	Return $WebRequest
	}

	Function Get-IntuneManagedDevices {
	param($DeviceName)
	$URL = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=deviceName eq '$DeviceName'"
	$headers = @{'Authorization'="Bearer " + $GraphToken}
	$GraphRequest = Invoke-LocalGraphRequest -URL $URL -Headers $headers -Method GET
	return $GraphRequest
	}

	Function Get-IntuneSingleDeviceRemediationStatus
	{
	param($DeviceId,$URL)
	If ($null -eq $URL)
	{
	$URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices('$DeviceID')/deviceHealthScriptStates"
	}
	$headers = @{'Authorization'="Bearer " + $GraphToken}
	$GraphRequest = Invoke-LocalGraphRequest -URL $URL -Headers $headers -Method GET
	return $GraphRequest
	}
	}
	Process
	{
	foreach ($Computer in $Computername)
	{
	# Find managed device in Graph
	$result = Get-IntuneManagedDevices -DeviceName "$Computer"
	if ($result.StatusCode -ne 200)
	{
	Write-Error $result
	continue
	}

	# Make sure only 1 result returned
	$Device = $result.Content \| ConvertFrom-Json \| Select -ExpandProperty value
	if ($null -eq $Device)
	{
	Write-Error "Device not found"
	continue
	}
	if ($Device.Count -gt 1)
	{
	Write-Error "Multiple devices found with the name '$Computer'. Device names must be unique."
	continue
	}

	# Get the remediations status
	$result = Get-IntuneSingleDeviceRemediationStatus -DeviceID $Device.id
	if ($result.StatusCode -ne 200)
	{
	Write-Error $result
	continue
	}

	# Do paging
	$Content = $result.Content \| ConvertFrom-Json
	$Statuses = [System.Collections.Generic.List[Object]]::new()
	$Statuses.AddRange($Content.value)
	If ($null -ne $Content.'@odata.nextLink')
	{
	do
	{
	$result = Get-IntuneSingleDeviceRemediationStatus -URL $Content.'@odata.nextLink'
	if ($result.StatusCode -ne 200)
	{
	Write-Error $result
	continue
	}
	$Content = $result.Content \| ConvertFrom-Json
	$Statuses.AddRange($Content.value)
	}
	until ($null -eq $Content.'@odata.nextLink')
	}

	# Select only the desired properties
	if ($Statuses.Count -lt 1)
	{
	Write-Warning "No remediations status found for '$Computer'"
	continue
	}
	$Statuses = $Statuses \| Select -Property * -Unique
	$Properties = @("deviceName","policyName","userName","lastStateUpdateDateTime","detectionState","remediationState","preRemediationDetectionScriptOutput","preRemediationDetectionScriptError","remediationScriptError","postRemediationDetectionScriptOutput","postRemediationDetectionScriptError")
	($Statuses \| Select -Property $Properties \| Sort policyName)
	}
	}
	End
	{
	}
	}

	# Example usage
	Get-IntuneDeviceRemediationsStatus -Computername "PC001","PC002" \| Out-GridView