Creating a Intune Application Deployment Overview – Part 2

Standard

Last week I posted the first version of my Intune Application Deployment Overview script. This script exported device deployment information from Intune through the Graph API to a CSV file and a HTML file. The CSV file contained all the device deployment details and the HTML contained a summary of the deployment status for all applications. You can find this first post here. This blogpost is build on top of this first blogpost, this blogpost describes the next version of this script. In this version I’ve added the user deployment information of Intune Application deployments. Before you continue I want to advise you to first read the first blogpost.

Before we continue with the actual scripts and the results I want to make note that: This blogpost is based on the beta Microsoft Graph API section of Intune. Be aware of using this in production environment since this is not supported by Microsoft at this moment. I’ve tested this script on my test environment and it’s not tested on a production environment yet.

The new version of the script has one additional parameter which is required to run the script. Based on this parameter the script will decide which information need to be exported:

  • User: Will export only the user deployment information;
  • Device: Will export only the device deployment information;
  • UserandDevice: Will export both the user and device deployment information;

In this new version of the script the user application deployment information from Intune will be exported and the number of users which have this application targeted based on the group assignments. To retrieve the number of users of these groups I created an function which will retrieve the number of users inside these groups. Currently this function only retrieves the members and the members of groups which are nested (1 level). In the next version I want to find a solution to support multiple nested groups. So allow your application created in the first blogpost to retrieve the group members data in AzureAD I had to add the following rights to this application in AzureAD:

The function to retrieve the group members is used by the following code:

if (($runtype -eq 'user') -or ($runtype -eq 'useranddevice')) {
   Write-Host "Retrieving user deployment data for application: $AppDisplayName ($appid)"   
   try {
     $Resource    = "deviceAppManagement/mobileApps/$AppId/userStatuses/"
     $uri         = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
     $appustatus = (Invoke-RestMethod -Uri $uri –Headers $AuthenticationHeader –Method Get).Value
   }

   catch {
     $ex = $_.Exception
     Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red
     $errorResponse = $ex.Response.GetResponseStream()
     $reader = New-Object System.IO.StreamReader($errorResponse)
     $reader.BaseStream.Position = 0
     $reader.DiscardBufferedData()
     $responseBody = $reader.ReadToEnd();
     Write-Host "Response content:`n$responseBody" -f Red
     Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
     write-host
     break
   }

   foreach($statusU in $appustatus) {
      $statusU | Add-Member -MemberType NoteProperty -Name 'AppName' -Value $AppDisplayName
      $statusU | Add-Member -MemberType NoteProperty -Name 'AppType' -Value $AppType
      $AppStatusUProcessed += $statusU
   }

   Write-Host "Exporting detailed data for application: $AppDisplayName ($appid) to $AppDepUStatus_csv"
   $AppStatusUProcessed | Where-Object { ($_.AppName -eq $AppDisplayName)} | select AppName, AppType, userPrincipalName, UserName, installedDeviceCount, failedDeviceCount, notInstalledDeviceCount | Export-Csv -Path $AppDepUStatus_csv -Delimiter "," -NoTypeInformation -Append

   Write-Host "Retrieving user group assignments for application: $AppDisplayName ($appid)"   
   try {
      $Resource    = "deviceAppManagement/mobileApps/$AppId/groupAssignments/"
      $uri         = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
      $appassing   = (Invoke-RestMethod -Uri $uri –Headers $AuthenticationHeader –Method Get).Value
   }

   catch {
      $ex = $_.Exception
      Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red
      $errorResponse = $ex.Response.GetResponseStream()
      $reader = New-Object System.IO.StreamReader($errorResponse)
      $reader.BaseStream.Position = 0
      $reader.DiscardBufferedData()
      $responseBody = $reader.ReadToEnd();
      Write-Host "Response content:`n$responseBody" -f Red
      Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
      write-host
      break
   }

   foreach($group in $appassing) {
      $GroupId   = $group.targetGroupId
      Write-Host "Retrieving Group Members of Group $GroupId" 
      $users += get_grp_member $GroupId         
   }
        
   Write-Host "Generating Device Deployment statistics for application: $AppDisplayName ($appid)"
   [int]$AppAssignedTotal           = (($AppStatusUProcessed | Where-Object { ($_.AppName -eq $AppDisplayName)}) | Measure-Object).Count

   if($AppAssignedTotal -gt 0) {
      $AppAssignedInstalled       = (($AppStatusUProcessed | Where-Object { ($_.AppName -eq $AppDisplayName)}) | Measure-Object -Property installedDeviceCount -Sum).Sum
      $AppAssignedFailed          = (($AppStatusUProcessed | Where-Object { ($_.AppName -eq $AppDisplayName)}) | Measure-Object -Property failedDeviceCount -Sum).Sum
      $AppAssignedNotIns          = (($AppStatusUProcessed | Where-Object { ($_.AppName -eq $AppDisplayName)}) | Measure-Object -Property notInstalledDeviceCount -Sum).Sum
   } else {
      $AppAssignedInstalled       = '-'
      $AppAssignedFailed          = '-'
      $AppAssignedNotIns          = '-'
  }
        
  $props = @{
      AppName                 = $AppDisplayName
      AppType                 = $AppType
      UserAssignments         = $users
      UserTotalDeployed       = $AppAssignedTotal
      UserTotalInstalled      = $AppAssignedInstalled
      UserTotalFailed         = $AppAssignedFailed
      UserTotalNotIns         = $AppAssignedNotIns
  }
  $ServiceObject = New-Object -TypeName PSObject -Property $props
  $AppDeplUStatistics += $ServiceObject
}

The above code will first retrieve for each application the user statuses and export these statuses to a CSV file. Next the script will retrieves the group assignments of an application and for each assigned group it will retrieve the group members. All the information will be retrieved through the Graph API. Finally, this information will be exported to same HTML file which contains the device application deployment information. The HTML file will contain all the summary information of Intune application deployments:

The updated script can be downloaded from my GitHub account: https://github.com/arjanvroege/GraphAPI/blob/master/Get-ApplicationDeploymentStatus.ps1.

Leave a Reply