Functions/Get-IntuneMobileAppAssignmentReport.ps1
|
function Get-IntuneMobileAppAssignmentReport { [CmdletBinding()] param ( [Parameter()] [ValidateSet("Windows", "iOS", "Android")] [string] $OS, [Parameter()] [switch] $IncludeDefaultIntuneApps ) $AppTypes = @{} $AppTypes.Windows = @( "#microsoft.graph.webApp" "#microsoft.graph.win32LobApp" "#microsoft.graph.windowsMicrosoftEdgeApp" "#microsoft.graph.windowsMobileMSI" "#microsoft.graph.officeSuiteApp" "#microsoft.graph.microsoftStoreForBusinessApp" ) $AppTypes.Android = @( "#microsoft.graph.androidManagedStoreApp" "#microsoft.graph.androidManagedStoreWebApp" "#microsoft.graph.webApp" ) $AppTypes.iOS = @( "#microsoft.graph.iosStoreApp" "#microsoft.graph.webApp" ) $AssignmentFilters = (Invoke-GraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/assignmentFilters").value # APP ASSIGNMENTS REPORT #$Apps = Get-IntuneMobileApp #-Search adobe #$Apps = Get-IntuneMobileApp -Filter "displayName eq '$($AppName)'" $Apps = (Invoke-GraphRequest -Uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/").value if (!($IncludeDefaultIntuneApps)) { $Apps = $Apps | Where-Object { ($_."@odata.type" -ne "#microsoft.graph.managedIOSStoreApp") -and ($_."@odata.type" -ne "#microsoft.graph.managedAndroidStoreApp") } } if ($OS) { $Apps = $Apps | Where-Object { ($AppTypes[$OS] -contains $_."@odata.type") } } # $Apps = $Apps | Where-Object { ($_."displayName" -like "*W10*") } $AppAssignments = @() $i = 0 foreach ($a in $Apps) { $i++ if ($Apps.count) { # Write-Progress -Activity "Processing apps" -CurrentOperation "$($a.displayName) ($($i) / $($Apps.count))" -PercentComplete ( ($i / ($Apps.count) * 100) ) } (Invoke-GraphRequest -Uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($a.id)/assignments").value | ForEach-Object { $Properties = [ordered]@{ mobileAppId = $a.id AadGroup = $_.target.groupId type = $_.target.'@odata.type' intent = $_.intent FilterId = $_.target.deviceAndAppManagementAssignmentFilterId FilterType = $_.target.deviceAndAppManagementAssignmentFilterType } $AppAssignments += New-Object -TypeName psobject -Property $Properties } } $AadGroups = @() $AppAssignments.AadGroup | Select-Object -Unique | ForEach-Object { # try { # $AadGroups += Get-AzureADGroup -ObjectId $_ -ea 0 $AadGroups += Get-MgGroup -GroupId $_ -ea 0 # } # catch { } } $AadGroups = $AadGroups | Sort-Object DisplayName $Output = @() foreach ($a in $Apps) { #$a.id + " " + $a.displayName $Properties = [ordered]@{ AppName = $a.displayName AppId = $a.id packageId = $a.packageId Type = $a.'@odata.type' Publisher = $a.publisher AllUsers = $null AllDevices = $null } foreach ($ag in $AadGroups) { $Properties.Add($ag.DisplayName, $null) } $ThisAssignment = $AppAssignments | Where-Object mobileAppId -EQ $a.id foreach ($aa in $ThisAssignment) { if ($aa.FilterId) { $ThisFilter = $AssignmentFilters | Where-Object id -EQ $aa.FilterId $FilterTxt = " (Filter: $($aa.FilterType): $($ThisFilter.displayName))" } else { Clear-Variable FilterTxt -ea 0 } if ($aa.AadGroup) { $TargetGroup = $AadGroups | Where-Object Id -EQ $aa.AadGroup if ($TargetGroup) { if ($aa.type -eq "#microsoft.graph.exclusionGroupAssignmentTarget") { $CurrentIntent = "$($aa.intent) (Excluded)" } else { $CurrentIntent = $aa.intent } if ($Properties[$TargetGroup.DisplayName]) { $Properties[$TargetGroup.DisplayName] += " / " } $Properties[$TargetGroup.DisplayName] += "$($CurrentIntent)$($FilterTxt)" } } else { if ($aa.type -eq "#microsoft.graph.allLicensedUsersAssignmentTarget") { $Properties["AllUsers"] = "$($aa.intent)$($FilterTxt)" } if ($aa.type -eq "#microsoft.graph.allDevicesAssignmentTarget") { $Properties["AllDevices"] = "$($aa.intent)$($FilterTxt)" } } } $Output += New-Object -TypeName psobject -Property $Properties } return $Output } |