Retrieving the “Device inventory” of iOS devices via the Graph API
We use Microsoft Intune to manage our iOS mobile devices. To achieve the highest possible level of efficiency, we use PowerShell as a supplementary tool for administration. Since our devices may contain two SIM cards, it is important for us to be able to read this information in order to perform relevant processes (e.g., adding phone numbers to address books). In general, it would be desirable to be able to read the information from the “Device Inventory” of iOS devices. For the reasons mentioned above, we would like this information to be made available via the Graph API. Alternatively, there should be a way to provide this information for all devices in a single report.
Reporting on Device CPU and Memory
I have a requirement to produce a monthly report on all our Intune managed Windows devices and the applications they have installed. I have written a script that is able to report on UPN, Device Name, Manufacturer, Model, Serial Number, OS, Total HHD and Free space along with all the applications installed. I am however unable to output the devices CPU and Memory details. I have tried using the Get-MgBetaDeviceManagementManagedDevices with the ProcessorArchitecture and PhysicalMemoryInBytes parameters but these just report 0 or NULL. What is the best way to report on the CPU and Memory from Intune?
Intune – Unable to reliably validate application installation status via Microsoft Graph APIs
Hi Everyone, I am working on application deployment and validation using Microsoft Intune, and I am trying to implement an automated validation step to confirm whether applications are successfully installed. My primary requirement Verify application installation status Confirm per‑device installation status Validate installation for specific Intune‑managed devices Use Graph APIs as part of an automation workflow APIs tested so far 1️⃣ App installation status per device (NOT working / not usable) I initially tried using the documented API: HTTP GET https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/{mobileAppId}/deviceStatuses Issue: This API is not working for us It either returns no data or behaves as if it is not a valid / usable endpoint It does not return reliable installation status Hence, we cannot use this API for validation in automation At this point, deviceStatuses is not usable as a primary source of truth in our environment. 2️⃣ Detected Apps (secondary confirmation only) We are also using the Detected Apps API: HTTP GET /deviceManagement/managedDevices/{deviceId}/detectedApps This does work, however: It only confirms app presence It does not confirm Intune assignment or installation intent We are using it strictly as a secondary confirmation, not a primary validation method 3️⃣ Intune internal API observed via browser inspection We also tested the API that appears to be used internally by the Intune portal: HTTP GET https://graph.microsoft.com/beta/users/{user-id}/mobileAppIntentAndStates/{device-id} Observations: The API returns data However, installState frequently shows unknown The Intune portal shows a different and final status (Installed / Failed / Pending) This makes the API unreliable for automation It appears to be troubleshooting‑oriented, not intended for reporting or validation Questions I am looking for guidance on Is deviceStatuses known to be unreliable, tenant‑dependent, or effectively unsupported? What is the recommended API to retrieve actual app installation status per device? Are there any v1.0 APIs available for: Device‑level app installation status? User‑level app installation validation? What is Microsoft’s recommended best practice to validate Intune‑installed applications via automation? Is there official documentation that clearly explains: Which API should be used for reporting vs troubleshooting Expected delays or data inconsistencies between Graph APIs and the Intune portal Goal The goal is to build a reliable and supported automation‑based validation mechanism to confirm that Intune‑deployed applications are successfully installed on target devices. Any official guidance, confirmation of known limitations, or alternative approaches would be very helpful. Thanks in advance for your support.
How to create a dependency using Graph API in PowerShell
hi, I used following documentations to create a dependency via Graph API in Powershell: https://learn.microsoft.com/en-us/graph/api/intune-apps-mobileappdependency-list?view=graph-rest-beta https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.beta.devices.corporatemanagement/new-mgbetadeviceappmanagementmobileapprelationship?view=graph-powershell-beta Both ways give me the same error: New-MgBetaDeviceAppMgtMobileAppRelationship : No OData route exists that match template ~/singleton/navigation with http verb POST for request /AppLifecycle_2602/StatelessAppMetadataFEService/deviceAppManagement/mobileAppRelationships. Status: 400 (BadRequest) ErrorCode: No method match route template Seems like these Endpoints do not support POST/PATCH requests at all. Is there any other way to create a dependency using Graph API in PowerShell?Controlling Excel Add-ins and Microsoft Store App Installations
We have a requirement to block users from adding add-ins to Excel and Installing certain application directly which utilize Microsoft Store apps. Below are the two scenarios we need to address. I would appreciate any guidance or recommendations on how to implement these controls. 1) Blocking Excel Add-ins from Microsoft Store Users are currently able to add add-ins such as “Claude by Anthropic in Excel” directly from the Microsoft Store apps. For example, if a user accesses the URL: https://marketplace.microsoft.com/en-us/product/saas/wa200009404?tab=overview they can proceed to add the add-in to Excel. So, We need a method to prevent users from adding Office add-ins from the Microsoft Marketplace or external sources. 2) Blocking Installation of Microsoft Store Apps (e.g., WhatsApp) We are currently blocking Microsoft Store apps on OS level. However, users can still download and install applications such as WhatsApp directly from the vendor website, which utilize Microsoft store apps in backend: https://www.whatsapp.com/download We are considering configuring the Intune policy “Only Private Store is enabled.” However, we noticed that enabling this setting prevents users from accessing certain built-in applications (e.g., Notepad). Is there any other way to block access Microsoft Store apps directly? Thank you in advance for your assistance. Dilan
Intune MAM BYOD: Remove Account message for iOS devices
Hello, I am seeing an issue for Intune MAM BYOD(iOS) users. After a user account password reset, it causes Intune to remove the account configured from mobile applications like MS Outlook, Work, OneDrive, etc. Current Intune Configuration: Done - App Protection Policy Done - Conditional access policy --> Grant --> Requires app protection policy (checked) Users had to re-enrol to access his/her data. Here is the screenshot, Thank you,Microsoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot / Microsoft Graph Command Line Tools through CA? Info appreciated
physicalMemoryInBytes always returns 0
I followed the blog below, https://techcommunity.microsoft.com/t5/microsoft-intune/total-physical-memory-attribute-graph-location/m-p/2108126 Here is my API endpoint. https://graph.microsoft.com/beta/deviceManagement/manageddevices('1111-2222-3333-abc4-55aa55bb55')?$select=id,physicalMemoryInBytes Here is the response, {"@odata.context":"https://graph.microsoft.com/beta/$metadata#deviceManagement/managedDevices(id,physicalMemoryInBytes)/$entity","id":"1111-2222-3333-abc4-55aa55bb55","physicalMemoryInBytes":0} The expected response is 32GB (in bytes). Can someone please help?
Unable to use TargetedManagedAppConfiguration end point (Broken)
Within Intune, Graph explorer and PowerShell commands the gateway fails to respond, it's been broken for a couple of months, i have opened multiple support tickets and tumbleweed. i cant get or create any App configuration or app protection policies PS error Get-MgDeviceAppManagementTargetedManagedAppConfiguration Get-MgDeviceAppManagementTargetedManagedAppConfiguration_List: Too many retries performed. More than 3 retries encountered while sending the request. (HTTP request failed with status code: GatewayTimeout. Intune Error { "error": { "code": "UnknownError", "message": "{\"Message\":\"{\\r\\n \\\"_version\\\": 3,\\r\\n \\\"Message\\\": \\\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 6bf99a96-6889-4b10-a52e-c31e099e9111 - Url: https://proxy.msub06.manage.microsoft.com/TrafficGateway/TrafficRoutingService/MAMAdmin/MAMAdminFEService/deviceAppManagement/targetedManagedAppConfigurations?api-version=5025-07-01&$count=true\\\",\\r\\n \\\"CustomApiErrorPhrase\\\": \\\"\\\",\\r\\n \\\"RetryAfter\\\": null,\\r\\n \\\"ErrorSourceService\\\": \\\"\\\",\\r\\n \\\"HttpHeaders\\\": \\\"{}\\\"\\r\\n}\"}", "innerError": { "date": "2025-12-23T12:42:49", "request-id": "b844d1f6-c583-485c-b33f-9a29d9b44a92", "client-request-id": "6bf99a96-6889-4b10-a52e-c31e099e9111" } } }
