Get all Intune policies using PowerShell and Graph API
For my new PowerShell function
Search-IntuneAccountPolicyAssignment (for searching Intune policies assigned to selected account) I was in need to have a list of all these policies so I can search through them. For this reason, I have created a function
Get-IntunePolicy and integrated it into my module IntuneStuff.
How to use the Get-IntunePolicy function?
To get assignable Intune policies, use the function
Get-IntunePolicy from my module IntuneStuff like this 👇 🙂
Install-Module IntuneStuff -Force
Import-Module IntuneStuff -Force
# connect to Graph API
# get all Intune policies
# get just Apps and Compliance Intune policies
Get-IntunePolicy -policyType 'app', 'compliancePolicy'
# get just Apps and Compliance Intune policies with the subset of available properties (id, displayName, lastModifiedDateTime, assignments) for each policy
Get-IntunePolicy -policyType 'app', 'compliancePolicy' -basicOverview
And results can look similar to this 👇
As you can see by default this function returns one object where property names are "policy sections" (app, AppConfigurationpolicy, CompliancePolicy,... ) and values are individual policies. If you don't like this, use the parameter
flatOutput and you will get an array of all policies instead.
As can be seen, there is new property
PolicyType so you can easily distinguish and filter among these policies.
The second notice here is that the parameter
basicOverview is good, well, to get a basic overview of the policies, because just a subset of all properties will be returned. Without this switch, you will get all available properties.
What kind of policies this function returns?
What policies does this function return? As I said, all assignable Intune policies. Right now the list consists of:
- App Configuration policies
- App Protection policies
- Compliance policies
- Configuration policies
- Administrative Templates
- Settings Catalog
- MacOS Custom Attribute Shell Scripts
- Device Enrollment Configurations
- Device Management PowerShell scripts
- Device Management Shell scripts
- Endpoint Security
- Account Protection policies
- Antivirus policies
- Attack Surface Reduction policies
- Defender policies
- Disk Encryption policies
- Endpoint Detection and Response policies
- Firewall policies
- Security baselines
- iOS App Provisioning profiles
- iOS Update Configurations
- Policy Sets
- Remediation Scripts
- S Mode Supplemental policies
- Windows Autopilot Deployment profiles
- Windows Feature Update profiles
- Windows Quality Update profiles
- Windows Update Rings
So hopefully I haven't forgotten anything.
Thanks to the function parameter
PolicyType, you can easily customize policies that will be retrieved too.
How did I find the correct Graph API URLs?
Because in my function I try to mimic Intune Web portal structure, I simply open the page with Intune policies, hit F12 to open Developer tools, refresh the page, filter 'graph', and find the correct GET request.
I hope you will find this function useful. And if you find any bug, please let me know in comments or on my twitter @AndrewZtrhgf.