Get all Intune policies using PowerShell and Graph API

Get all Intune policies using PowerShell and Graph API

Ondrej Sebela's photo
Ondrej Sebela
ยท

3 min read

Table of contents

For my new PowerShell function Search-IntuneAccountPolicyAssignment (for searching Intune policies assigned to selected account) I was in need to have a list of all these policies so I can search through them. For this reason, I have created a function Get-IntunePolicy and integrated it into my module IntuneStuff.

How to use the Get-IntunePolicy function?

To get assignable Intune policies, use the function Get-IntunePolicy from my module IntuneStuff like this ๐Ÿ‘‡ ๐Ÿ™‚

Install-Module IntuneStuff -Force
Import-Module IntuneStuff -Force

# connect to Graph API
Connect-MSGraph

# get all Intune policies
Get-IntunePolicy -verbose

# get just Apps and Compliance Intune policies
Get-IntunePolicy -policyType 'app', 'compliancePolicy'

# get just Apps and Compliance Intune policies with the subset of available properties (id, displayName, lastModifiedDateTime, assignments) for each policy
Get-IntunePolicy -policyType 'app', 'compliancePolicy' -basicOverview

And results can look similar to this ๐Ÿ‘‡ image.png

As you can see by default this function returns one object where property names are "policy sections" (app, AppConfigurationpolicy, CompliancePolicy,... ) and values are individual policies. If you don't like this, use the parameter flatOutput and you will get an array of all policies instead. image.png As can be seen, there is new property PolicyType so you can easily distinguish and filter among these policies.

The second notice here is that the parameter basicOverview is good, well, to get a basic overview of the policies, because just a subset of all properties will be returned. Without this switch, you will get all available properties. image.png

What kind of policies this function returns?

What policies does this function return? As I said, all assignable Intune policies. Right now the list consists of:

  • Apps
  • App Configuration policies
  • App Protection policies
  • Compliance policies
  • Configuration policies
    • Administrative Templates
    • Settings Catalog
    • Templates
  • MacOS Custom Attribute Shell Scripts
  • Device Enrollment Configurations
  • Device Management PowerShell scripts
  • Device Management Shell scripts
  • Endpoint Security
    • Account Protection policies
    • Antivirus policies
    • Attack Surface Reduction policies
    • Defender policies
    • Disk Encryption policies
    • Endpoint Detection and Response policies
    • Firewall policies
    • Security baselines
  • iOS App Provisioning profiles
  • iOS Update Configurations
  • Policy Sets
  • Remediation Scripts
  • S Mode Supplemental policies
  • Windows Autopilot Deployment profiles
  • Windows Feature Update profiles
  • Windows Quality Update profiles
  • Windows Update Rings

So hopefully I haven't forgotten anything.

Thanks to the function parameter PolicyType, you can easily customize policies that will be retrieved too. image.png

How did I find the correct Graph API URLs?

Because in my function I try to mimic Intune Web portal structure, I simply open the page with Intune policies, hit F12 to open Developer tools, refresh the page, filter 'graph', and find the correct GET request. image.png

Summary

I hope you will find this function useful. And if you find any bug, please let me know in comments or on my twitter @AndrewZtrhgf.

Did you find this article valuable?

Support Ondrej Sebela by becoming a sponsor. Any amount is appreciated!

Powershellintune
ย