To retrieve Intune App Protection Policy (APP) device and user status through PowerShell or the Microsoft Graph API, you can use the following methods:
Using Microsoft Graph API
Microsoft Graph API is a powerful tool for accessing data in Microsoft 365 services including Intune. To fetch Intune App Protection Policy status, you would typically use the following endpoints:
- List App Protection Policies:
- Endpoint:
GET /deviceAppManagement/managedAppPolicies
- This endpoint lists all app protection policies.
- Endpoint:
- Get App Protection Policy Device Status:
- Endpoint:
GET /deviceAppManagement/managedAppPolicies/{policyId}/deviceStatuses
- This endpoint retrieves the status of devices for a specified app protection policy.
- Endpoint:
- Get App Protection Policy User Status:
- Endpoint:
GET /deviceAppManagement/managedAppPolicies/{policyId}/userStatuses
- This endpoint retrieves the status of users for a specified app protection policy.
- Endpoint:
You will need the appropriate permissions to access these endpoints, such as DeviceManagementApps.Read.All
or more specific permissions depending on your requirements.
To use these endpoints, you first need to authenticate to Microsoft Graph, typically using OAuth 2.0. After authentication, you can make HTTP requests to these endpoints.
Using PowerShell
For PowerShell, the primary tool is the Microsoft Graph PowerShell SDK. However, as of my last update in April 2023, direct cmdlets for retrieving Intune App Protection Policy status might not be readily available in the SDK. In such a case, you can use the SDK to authenticate and make custom requests to the Microsoft Graph API endpoints.
Here's a basic structure of how you might do this:
- Install the Microsoft Graph PowerShell SDK (if not already installed):
Install-Module Microsoft.Graph -Scope CurrentUser
- Authenticate:
Connect-MgGraph -Scopes "DeviceManagementApps.Read.All"
- Make a Custom Request:
Replace$policyId = "<Your-Policy-ID>" $deviceStatuses = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies/$policyId/deviceStatuses" $userStatuses = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies/$policyId/userStatuses"
<Your-Policy-ID>
with the ID of the specific app protection policy.
For more detailed information and the latest updates, please refer to the Microsoft Graph API documentation, particularly the sections on Intune and app protection policies: Microsoft Graph API Documentation.
Accept the answer if the information helped you. This will help us and others in the community as well.