Welcome to my first blog as a Microsoft MVP! This blog will focus on a script I created in response to a request from a member of the community who asked how to efficiently export all errors in Intune. Instead of manually sifting through numerous reports to find errors, my script automates the process with just one click, similar to how I used the Graph Report API for Intune mass exports in a previous post. Not only does this make the task much more convenient, but it also allows you to run the script regularly to create a historical record or receive weekly error reports automatically, or use a similar approach like my Teams notification for the Top 5 apps with installation errors. Since this request can be helpful for several people within the community, I decided to create the script and blog about it.
How can you get the Script?
You can find the script in my GitHub repository. If you are also working with Intune assignments, you might also be interested in my new version of the Intune group assignment script.
What is the purpose of the script?
This PowerShell script retrieves all failed assignments for a tenant using the Microsoft Graph API and returns the results as a CSV file. For scenarios where you need to optimize multiple Graph requests, the Graph Batch Endpoint is also worth checking out.
How does the Script work?
It is really easy: you only have to execute the script, authenticate and then you will find in the same folder two reports:
- appInstallationErrors.csv (All failed app installations per device)
- configProfileErrors.csv (All failed configuration profile assignments)
How can I schedule the Report?
There are two scripts. One with User authentication to run locally on the pc and one for an Azure Automation. To schedule the report you can create a Azure Automation Runbook and authenticate via an App Registration. Then you can add the content of the “Get-AllAssignmentsErrorAppRegistration.ps1” to the runbook.
How to create the Automation?
Create an App Registration
- Search for Microsoft Entra ID
- Select App registration
- Select +New registration
- Enter a Name and click Register
- Click API permissions and +Add a permission
- Select Microsoft Graph
- Select Application permissions
- Search for DeviceManagementApps.Read.All & DeviceManagementConfiguration.Read.All &
Mail.Send
- Click Grant admin consent for *** and approve with Yes
- Select Certificates & secrets and click +New client secret
- Enter a Description and select a Expires time
- Click Add
- Copy and save the Value and the Secret ID
Create Automation Account
- Search for Automation Accounts
- Click + Create
- Select a Subscription and a Resource group
- Enter an account name and select a Region
- Click Next
- Click Next
- Click Next -> Next -> Create
Create the Runbook
- Open the Automation Account
- Navigate to Variables and click + Add a variable
- Add the Secret Value, TenantId, and the App ID as Variable
- Select Runbooks
- Click + Create a runbook
- Enter a Name
- Select PowerShell as Runbook type
- Select 5.1 as Runtime version
- Click Create
- Insert the Script from my GitHub repository
- Add the sender and receiver email in the script
- Save and test the script
- Click Publish
- Navigate to Schedules and click + Add a schedule
- Click Link to schedule and add the created schedule
Conclusion
I hope I could help you with this blog to make your Intune environment a bit more stable and error free. You can extend the script with more error sources and also send the result to teams instead of an email or put it into a blob.