Forum Discussion

dmarquesgn's avatar
dmarquesgn
Iron Contributor
May 05, 2024

Powershell extract TPM and Envryption Readiness information from Intune

Hi,

I'm trying to automate a report on Bitlocker coverage on Intune managed devices. I'm using Graph API to extract device information from Intune, querying this URL: 

The result have a property named "isEncrypted" which has true or false. But I also need the information that exists on the Encryption report, about the TPM Version and Encryption readiness. Basically I need what is shown here:

How can I extract this information over powershell?


Thanks

  • Hi dmarquesgn, have you tried the excellent solution called Graph X-Ray (merill.net)? It will help you find which Powershell commands to use when using the Intune portal. 

     The answer I got from the addon was the following:

    Import-Module Microsoft.Graph.Beta.DeviceManagement.Actions
    
    $params = @{
    	select = @(
    		"DeviceId"
    		"DeviceName"
    		"DeviceType"
    		"OSVersion"
    		"TpmSpecificationVersion"
    		"EncryptionReadinessState"
    		"EncryptionStatus"
    		"UPN"
    	)
    	filter = ""
    	skip = 0
    	search = ""
    	top = 50
    }
    
    Get-MgBetaDeviceManagementReportEncryptionReportForDevice -BodyParameter $params
    • dmarquesgn's avatar
      dmarquesgn
      Iron Contributor

      tobiassandberg Thanks for the tip, I didn't knew it.

      Abou the cmdlet "Get-MgBetaDeviceManagementReportEncryptionReportForDevice", is the only form of extracting the data to output it to a file? This way we need to then import it.

       

      One other question, I'm exporting the results and import them into a variable with "Get-Content". When I look at the content, this seems a JSON, so I convert it using the option "ConvertFrom-Json" and then I get a PSCustomObject variable. But the format seems odd, as I can't access it's individual values like in an array.

      Is there any option to import this directly as an array so I can parse it easily?

       

      Thanks

      • tobiassandberg's avatar
        tobiassandberg
        Iron Contributor

        Thanks dmarquesgn!

        With the recent changes to Intune’s reporting mechanism by Microsoft, the method you’re using is the only one I’m aware of to retrieve such information. Regrettably, this process generates a file rather than a direct output, necessitating the need to save it for subsequent processing. Docs are describing it here: Use Graph APIs to export Intune Reports | Microsoft Learn

        Regarding your second question, try this and see if it helps you:

        # Assume that $jsonFilePath contains the path to your JSON file
        $jsonFilePath = "path_to_your_json_file.json"
        
        # Read the JSON file and convert it to a PowerShell object
        $json = Get-Content -Path $jsonFilePath -Raw | ConvertFrom-Json
        
        # Now $json is a PowerShell object that represents the JSON data
        # You can access its properties like this:
        $columns = $json.columns
        $values = $json.values
        
        # Now $columns is an array of column names and $values is an array of rows
        # You can access individual items in these arrays like this:
        $firstColumnName = $columns[0]
        $firstRow = $values[0]
        
        # Now $firstColumnName is the first column name and $firstRow is the first row
        # $firstRow is a PSCustomObject that represents a row, you can access its properties like this:
        $firstDeviceName = $firstRow.DeviceName

         

Resources