Welcome to my first blog as a Microsoft MVP! This blog will focus on a script I created in response to a request from a member of the community who asked how to efficiently export all errors in Intune. Instead of manually sifting through numerous reports to find errors, my script automates the process with just one click. Not only does this make the task much more convenient, but it also allows you to run the script regularly to create a historical record or receive weekly error reports automatically. Since this request can be helpful for several people within the community I decided to create the script and blog about it.

How can you get the Script?

You can find the script in my GitHub repository

What is the purpose of the script?

This PowerShell script retrieves all failed assignments for a tenant using the Microsoft Graph API and returns the results as a csv file.

How does the Script work?

It is really easy you only have to execute the script, authenticate and than you will find in the same Folder two Reports:

• appInstallationErrors.csv (All failed appinstallations per Device)
• configProfileErrors.csv (All failed configuration Profile assignments)

How can I schedule the Report?

There are two scripts. One with User authentication to run locally on the pc and one for an Azure Automation. To schedule the report you can create a Azure Automation Runbook and authenticate via a App registration. Than you can add the content of the “Get-AllAssignmentsErrorAppRegistration.ps1” to the runbook.

How to create the Automation?

Create a App Registration

• Search for Azure Active Directory

• Select App registration

• Select +New registration

• Enter a Name and click Register

• Click API permissions and +Add a permission

• Select Microsoft Graph

• Select Application permissions

• Search for DeviceManagementApps.Read.All & DeviceManagementConfiguration.Read.All &
  Mail.Send

• Click Grant admin consent for *** and approve with Yes

• Select Certificates & secrets and click +New client secret

• Enter a Description and select a Expires time
• Click Add

• Copy and save the Value and the Secret ID

Create Automation Account

• Search for Automation Accounts

• Click + Create

• Select a Subscription and a Resource group
• Enter and account name and select a Region
• Click Next

• Click Next

• Click Next -> Next -> Create

Create the Runbook

• Open the Automation Account
• Navigate to Variables and click + Add a variable

• Add the Secret Value, TenantId, and the App ID as Variable

• Select Runbooks
• Click + Create a runbook

• Enter a Name
• Select PowerShell as Runbook type
• Select 5.1 as Runtime version
• Click Create

• Insert the Script from my Github repository
• Add the sender and receiver email in the script

• Save and test the script

• Click Publish

• Navigate to Schedules and click + Add a schedule

• Click Link to schedule and add the created schedule

Conclusion

I hope I could help you with this blog to make your Intune environment a bit more stable and error free. You can extend the script with more error sources and also send the result to teams instead of an email or put it into a blob.