Forum Discussion
Get-IntuneDeviceConfigurationPolicy returns only some of my policies
What happens when you run this script? It shows me the stuff the other command didn't showed me
#oauth token
$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceURI = "https://graph.microsoft.com/"
$authority = "https://login.microsoftonline.com/common"
$AadModule = Import-Module -Name AzureAD -ErrorAction Stop -PassThru
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Always"
$authResult = $authContext.AcquireTokenAsync($resourceURI, $ClientID, $RedirectUri, $platformParameters)
$accessToken = $authResult.result.AccessToken
$apiUrl = 'https://graph.microsoft.com/beta/deviceManagement/deviceconfigurations'
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $($authResult.result.AccessToken)"} -Uri $apiUrl -Method get
$data.valueTHe script I posted is connecting to the beta and shows it all, but the msgraph is connecting to the v1.0
So if you want the get-intunedeviceconfiguraitonpolicy to connect to the beta:
Update-MSGraphEnvironment -SchemaVersion beta
connect-msgraph
What happens when you run this script? It shows me the stuff the other command didn't showed me
#oauth token
$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceURI = "https://graph.microsoft.com/"
$authority = "https://login.microsoftonline.com/common"
$AadModule = Import-Module -Name AzureAD -ErrorAction Stop -PassThru
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Always"
$authResult = $authContext.AcquireTokenAsync($resourceURI, $ClientID, $RedirectUri, $platformParameters)
$accessToken = $authResult.result.AccessToken
$apiUrl = 'https://graph.microsoft.com/beta/deviceManagement/deviceconfigurations'
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $($authResult.result.AccessToken)"} -Uri $apiUrl -Method get
$data.value
THe script I posted is connecting to the beta and shows it all, but the msgraph is connecting to the v1.0
So if you want the get-intunedeviceconfiguraitonpolicy to connect to the beta:
Update-MSGraphEnvironment -SchemaVersion beta
connect-msgraph
Rudy_Ooms_MVP Good catch - when I target the Beta endpoint, I get all 16 device configuration profiles back. I didn't use your script but instead used my New-MSGraphRequest and add -Endpoint Beta to it:
> $devConfigs = New-MSGraphRequest -AccessToken $RT -Request devicemanagement/deviceConfigurations -Endpoint beta
> $devConfigs.value.Count
16
All 16, which as an FYI are of many different types, but are all showing in Devices > Device Configuration Profiles in MEM, so I assumed they should all come back when requesting to /devicemanagement/deviceConfiguration. When I was reading your first bit, I was thinking you were onto something with having to send separate requests for each of the different types' resources (e.g., .../deviceConfigurations, .../groupPolicyConfigurations, etc.). But since all types come back from just .../deviceConfigurations when using the Beta endpoint, I guess I'm back to assuming that it should (eventually at least) work on v1.0 too.
Here are all 16 of my profiles as returned from Beta (see all the different types):
> $devConfigs.value |select displayName, '@odata.type'
displayName @odata.type
----------- -----------
10 Pacer Ave #microsoft.graph.androidDeviceOwnerWiFiConfiguration
Android Enterprise - Work profile #microsoft.graph.androidWorkProfileGeneralDeviceConfiguration
Android Enterprise (Corporate) #microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration
Autopilot Domain Join #microsoft.graph.windowsDomainJoinConfiguration
Bitlocker #microsoft.graph.windows10EndpointProtectionConfiguration
Broad #microsoft.graph.windowsUpdateForBusinessConfiguration
DU - Windows 10 - VPN (Cisco AnyConnect) #microsoft.graph.windows10VpnConfiguration
DU - Windows 10 Delivery Optimization #microsoft.graph.windowsDeliveryOptimizationConfiguration
DU - Windows 10 Device Restrictions #microsoft.graph.windows10GeneralConfiguration
Essential Settings #microsoft.graph.windows10CustomConfiguration
Intune data collection policy #microsoft.graph.windowsHealthMonitoringConfiguration
Local Administrators (Windows 10 20H2 and newer) #microsoft.graph.windows10CustomConfiguration
Wi-Fi - Android Enterprise - Work profile #microsoft.graph.androidWorkProfileCustomConfiguration
Wi-Fi - Windows 10 #microsoft.graph.windowsWifiConfiguration
Windows 10 Home > Education #microsoft.graph.editionUpgradeConfiguration
Windows Hello for Business #microsoft.graph.windowsIdentityProtectionConfigurationThanks for pointing us to the Beta endpoint!