List all Intune assignments of an Azure AD Group
All / Intune / Powershell

List All Intune Assignments of an Entra ID Group

jannikreinhard5 Comments

All assignments in Intune are based on Microsoft Entra ID (formerly Azure AD) groups. I think you also already had the problem that you wanted to find out to which Intune object a certain Microsoft Entra ID group is already assigned, but there is no way in the portal to find this out. To solve this problem I have written a script that gives you exactly this output.

List all Intune assignments of an Azure AD Group

How does it work

  • First we authenticate to Microsoft Entra ID to get an authentication token.
List all Intune assignments of an Azure AD Group
  • After that we read in the group we want to search for and check if it exists. If the group exists we get the group ID. If the input does not exist, we list all groups and ask until the input is correct.
List all Intune assignments of an Azure AD Group
  • After that we check all device configurations, ADMX, apps, compliance policies and scripts if there is an assignment or exclude for this group.
List all Intune assignments of an Azure AD Group

What you have to do

  • First you need to download my script from my GitHub repository.
  • Run the script and enter your UPN with sufficient permissions.
List all Intune assignments of an Azure AD Group
  • Enter the name of a Microsoft Entra ID group (if you want to list all groups press enter without content).
List all Intune assignments of an Azure AD Group
  • That is it. Now you get all assignments and excludes of the group listed.
List all Intune assignments of an Azure AD Group

Conclusion

I hope I could help you with this script if you are looking for the Intune assignment of a Microsoft Entra ID group in the future. If you are using the script in a larger environment it may take some time to run, as it has to go through all the objects and look at the assignments. If you are missing a category in the script then let me know so I can add it.

List all Intune assignments of an Azure AD Group

Stay healthy, Cheers
Jannik

Update 02.08.2022

You can also download my script from the PowerShell Gallery:

Install-Script -Name Get-AllAadGroupAssignments

5 thoughts on “List All Intune Assignments of an Entra ID Group

  1. Hi Jannik! Thank you for creating this!

    I have a couple of comments. The first is that i had to change line 29 and 30 to this to make the script run:
    Add-Type -Path $adal
    Add-Type -Path $adalforms

    Otherwise it would just throw exceptions, and not log me in.

    The second thing is that it seems your script only returns the first 100 groups in your ‘Get-GraphCall’ function when you populate $groups on line 156. I think you’ll need to do a ‘do while’-loop on the .nextlink from the Invoke-RestMethod to get a complete result in an environment with more than 100 groups.

    Other than that, great script, and thank you again for providing this! It’s gonna be awsome! :o)

    • Hey @Trond Kristiansen many thanks for your feedback.
      When I run the script I don’t get the exception but anyway I changed it then hopefully it runs stable for everyone.
      Regarding the limitation of 100 groups this I have fixed it now all groups are fetched.
      Sorry for the bug and thanks for the feedback.

  3. Great script but I think it is missing some areas:
    – Endpoint Security items like Security Baseline, Antivirus, Encryption, etc.
    – Settings Catalogs
    – Update rings
    – Feature updates

Comments are closed.