This post introduces the new and Updated Intune Group Assignment Script. The original was useful but limited; the New version of the Intune Group Assignment Script supports dynamic groups, scope tags, exclusion assignments, and a much cleaner CLI for use in pipelines.
A few months ago I released a script which lists you all assignments of a Microsoft Entra ID group in intune. With this blog post I will release a new version of this script which includes more configuration objects and improves a lot of the code parts.
What is the purpose of the script
It is not possible via the UI or via a single graph call to get a list of all assignments of a specific Microsoft Entra ID group. For example if you are wondering if a group is still in use or if you want to troubleshoot a specific assignment. This script helps you to find exactly this out and get all configuration objects of a single group.
Which objects are included
The script currently supports:
- Device Configuration
- Administrative Templates
- Device Compliance Policies
- Mobile Applications
- Scripts
- Remediation Script
- Windows Autopilot deployment profiles
- Enrollment Status Page
- Security baselines
How to get the script
You can find the script in my github repository or in the powershell gallery:
Install-Script -Name Get-AllAadGroupAssignments
Get-AllAadGroupAssignmentsHow can I add new topics to the script
It is really easy. You only have to add this code block to end of the script:
Get-Topic -topicHeadline "Remediation Scripts" -groupId $group.id -uri "deviceManagement" -type "deviceHealthScripts" -uriAssignment "assignments"
Add the name of the topic and set the graph uri and the type. You can find this via the graph explorer:
Thanks for your work 🙂
I don’t know if it’s already done, but it can be good also to can filter with one specific user or one specific device to see all deployment they get for troubleshooting purpose. Thanks for your work
Hi, do we have a script to include filters in assignments?