So, what can we do with Microsoft Intune via Microsoft Graph API?

In part 1 I gave a brief introduction to Microsoft Graph API. In this part I’ll explain how to get started and give you some useful examples.

As I mentioned in Part 1, almost everything that can be done in the Intune portal can be automated via REST API calls to the Microsoft Graph API. So imagine that you can automate some of the following basic tasks;

  • Create a list with all enrolled devices.
  • Create a list with all non-compliant devices.
  • Create a list of devices not connected for > 30 days.
  • Create new policies or other resources via a script instead of via the portal.

You can also automate more complex tasks like creating a document with all current settings configure in Microsoft Intune or maybe completely setup a new test environment in Microsoft Intune. Sky is the limit! 🙂

How to start with Microsoft Graph API and Microsoft Intune?

The easiest way to start and explore the Microsoft Graph API is via the Graph Explorer which you can find on https://graph.microsoft.io. On the website click at Graph Explorer, next you will see the screen below;

clip_image002

1. Sign in with Microsoft. Use your Global Admin account of your tenant if you sign in to the Graph Explorer. You need to accept the consent for the Graph Explorer application in Azure AD.

clip_image004

After signing in, click Modify Permissions and select the following the following permissions that are still listed as Preview:

  • Device.read
  • Device.Command
  • DeviceManagementServiceConfig.Read.All
  • DeviceManagementServiceConfig.ReadWrite.All
  • DeviceManagementConfiguration.Read.All
  • DeviceManagementConfiguration.ReadWrite.All
  • DeviceManagementApps.Read.All
  • DeviceManagementApps.ReadWrite.All
  • DeviceManagementRBAC.Read.All
  • DeviceManagementRBAC.ReadWrite.All
  • DeviceManagementManagedDevices.Read.All
  • DeviceManagementManagedDevices.ReadWrite.All
  • DeviceManagementManagedDevices.PrivilegedOperations.All

Click Modify Permissions and re-login to the Graph Explorer

2. In the drop down field with you can find the HTTP methods that can be used. Methods that can be used are.

  • GET – read data from a resource or its property
  • POST – create new resources or execute actions
  • PATCH – update a resource with new values
  • PUT – replace a resource with a new resource
  • DELETE – remove a resource

3. Currently you can choose V1.0 or Beta as the version. The Intune endpoints are still in Beta.

4. Here you need to provide URL to the resource. The URL could be like the following  https://graph.microsoft.com/beta/deviceManagement/managedDevices to list all the devices managed by Microsoft Intune.
The URL to the resource is built like this;

https://graph.microsoft.com/{version}/{resource}/{id}/{property}?{query-parameters}

  • {version} (/V1.0 or /beta) The Graph API for Microsoft Intune is still in beta, so the version /beta needs to be used.
  • {resource} For Intune the following are used; deviceAppManagement and deviceManagement
  • {id} the ID is optional, if trying to get information of an object under the resource, the ID of the object needs to be provided.
  • {property} a property can be for instance MemberOf if you want to see a list of all group memberships of a user. But also the device configuration state of a managed device.
  • ?{query-parameters} results can be filtered by query parameters

5. In the Request Body field you are able to add JSON content, this can be used with POST, PATCH, and PUT methods.

6. In the Response Preview field, the results will be shown.

So after configuring the consent and the extra permissions for your administrative Azure AD account you are ready to test.

Fill in https://graph.microsoft.com/beta/deviceManagement/managedDevices as the URL and click Run Query and see the results.

clip_image006
Try also URLs like:

Next if you see a user or device, lookup the ID of the object and add it to the URL.

clip_image008

Add the ID to the URL like follows;

In my next blogs I will be diving more into how to setup everything so that you are able to use the Microsoft Graph API yourself to access Microsoft Intune together with PowerShell.

More information can be found here:

 

Comments

Total
0
Shares
3 comments
Leave a Reply to Anon Cancel reply

Your email address will not be published. Required fields are marked *

Previous Post

Windows Hello asking to setup PIN in Windows RS3 (1709)?

Next Post

How to use PowerShell to access Microsoft Intune via Microsoft Graph API?

Related Posts
Total
0
Share