Automate management tasks using PowerShell

Completed

When you manage endpoints at scale, repetitive tasks like exporting device health lists, tracking compliance drift, or triggering bulk follow-up actions quickly become time-consuming in the portal. With PowerShell and Microsoft Graph, you can automate these workflows to make monitoring and remediation repeatable, consistent, and auditable.

Microsoft Graph API

The Microsoft Graph API for Intune provides programmatic access to all Intune data and operations, similar to what’s available in the Azure portal. It enables automation, integration, and advanced data extraction for custom analysis or reporting, although it’s more complex to use than tools like Power BI or the Intune Data Warehouse. For MDM scenarios, it supports standalone deployments and offers rich entity data and relationships, allowing you to combine Intune information with other Microsoft cloud services to build cross‑service applications for IT admins or end users.

Accessing the Microsoft Graph API for Intune

Intune access through Microsoft Graph is controlled by permissions. You can use either delegated or application permissions, both of which support read and write operations and can be used with single-tenant or multi-tenant apps. You define the required permissions when registering your app in Microsoft Entra ID and should select only the scopes needed to access Intune resources.

Connect to Microsoft Graph with PowerShell

1. Install required modules.

   Install-Module Microsoft.Graph -Scope CurrentUser
   

2. Sign in with least privilege. Request only the permissions you need for the task. For read-only reporting, start with read scopes.

   Connect-MgGraph -Scopes "DeviceManagementManagedDevices.Read.All"
   

Explore Microsoft Graph PowerShell SDK Intune samples, which demonstrate how to use the Microsoft Graph API for Intune through practical, working examples.