My thoughts on the Powershell Scripts feature using MS Graph

Publié parTom MachadoPublié dansGraph API, Intune, Powershell, Reporting

To be honest, i struggled to understand the usecases behind the Powershell Scripts feature.

Technically, i get it. It gives me the possbility to perform tasks on remote managed workstation using a powershell script.

However, from the Intune portal, i could not find a proper way to leverage the feature with a relevant reporting more than « Succeded » or « Failed ». Especially because there is no way to re-run the script manually, so what’s the point ?

I couldn’t find the usecases more than oneshots actions. That was before i called API.

My simple script

I deploy a PS script on my managed workstations to get the local users :

I’m using a very simple script here, but you’ll get the potential at the end.

Get output with Graph API

Let’s navigate into the PS Scripts API in Microsoft Intune : https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts

You can grab the PS Script ID either from Graph Explorer or directly in the URL.

Let’s dig a bit further by adding the script id. I also want to know more about the deployment of the script. My query results as :

https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$scriptid/deviceRunStates

Using the Invoke-RestMethod in a powershell script :

Yes indeed, i have my output as : $scriptresults.value.resultmessage !

By leveraging the resultmessage you can get any ouput, your error messages, command results, registry key values, files content and more.

I’m just sad i can’t do it from the Intune portal directly. But it’s still a way to get my output and that’s cool !

Another tip for the Powershell Scripts feature

I wanted to know more about the deployment on each workstation of my PS Script.

I went deeper in the API using this : https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/7ccbd36e-2f90-4ea6-b792-3ab8e9ad1518/deviceRunStates?$expand=managedDevice

Using the expand, i can retrieve the workstations details and the PS script deployment state associated :

Used in a powershell script :

You get details about the deployment status and the workstations which are targeted by the script. Nice to have !

In my opinion, this Powershell Script feature reach his full potentiall using Microsoft Graph. Otherwise is a nice way to run one shot actions.

Un avis sur « My thoughts on the Powershell Scripts feature using MS Graph »

  1. Ping: Intune Newsletter - 24th February 2023 - Andrew Taylor

Votre commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Gravatar
Logo WordPress.com

Vous commentez à l’aide de votre compte WordPress.com. Déconnexion /  Changer )

Image Twitter

Vous commentez à l’aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l’aide de votre compte Facebook. Déconnexion /  Changer )

Annuler

Connexion à %s

%d blogueurs aiment cette page :