If you’ve ever wanted to see all of your assigned items in Microsoft Intune in one place, my Intune Assignments report may be your friend 🙂 Using Azure automation, assigned items are exported from Microsoft Graph on a schedule and sent to an Azure storage account in CSV format. A Power BI report connects with this data to visualize your assignments in a single pane of glass.
With this report you can see your assignments, their display names, the item type (eg Win32 app, Compliance policy etc), the names of any Entra groups used as well as any assignment filters, and whether they are includes or excludes.
The report can help you identify whether an Entra group is being used in Intune, or how many assignments are using it etc – and the same for filters, or all assignments of a particular type etc.
I have included as many assignable item types as possible in the report, including:
- Apps
- Compliance policies
- Configuration policies
- Windows Autopilot deployment profiles
- Enrollment configurations
- Enrollment profiles
- Customization policies
- App protection policies
- App configuration policies
- Policy sets
- E-books
- S mode supplemental policies
- iOS app provisioning profiles
- Windows 365 provisioning policies
- Windows 365 user settings
- Scripts and remediations
- Windows Feature Update profiles
- Windows Quality Update profiles
- Windows Driver Update profiles
- eSIM cellular profiles
- Security baselines
- Endpoint security policies
- RBAC Roles
- Scope tags
- Multi admin approvals
- Terms and conditions
I have not included any of the following:
- Conditional access policies
- Organizational messages (the code is there but MS Graph doesn’t seem to fully support them yet)
- Anything unique to the Intune Suite
- Anything unique to Autopatch
To use the report, you’ll need an Azure automation account, an Azure storage account, and an account with the Global administrator or Application administrator Azure role for part of the process. Full instructions can be found here: https://docs.smsagent.blog/microsoft-endpoint-manager-reporting/intune-assignments-report
If I’ve missed any assignable items, or you want to add something new feel free to raise an issue on the GitHub repository (and suggest some code :))
really cool
anyway to share a non automated version of this
Not sure I understand…🤔
a script that could be run connecting to graph manually, without any of thr automation components.
Ah. You can still run the runbook script on your local machine by getting a Graph token in your user context. You will however need all the required permissions both to Graph and to the Azure Storage account.